2016 Speakers


Brian Carrier

Basis Technology

Brian leads the digital forensics team at Basis Technology, delivering incident response tools, custom systems, and services. He is the author of the book File System Forensic Analysis and developer of several open source digital forensics analysis tools, including The Sleuth Kit and the Autopsy Forensic Browser. Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab. Brian is on the committees of many conferences, workshops and technical working groups, including the Open Source Digital Forensics Conference (OSDFCon), the DFRWS Conference, and the Digital Investigation Journal.


Vassil Roussev & Shane McCulley

University of New Orleans

Vassil is a Professor of Computer Science at the University of New Orleans and the author of an upcoming book on digital forensics. He is a Co-founder and Director of DFRWS.org, an Editor of the Journal of Digital Investigation, and is the author of the sdhash file similarity tool.


Dan Gonzales & Zev Winkelman

RAND Corp.

Dan is a senior scientist at RAND. Dan received his a Ph.D. in Theoretical Physics from M.I.T. Dan leads research on command, control, and communications (C3), intelligence, cloud computing, cyber security, and Electronic Warfare (EW) issues for the DoD, National Institutes of Justice, the Department of Homeland Security (DHS) and the Intelligence Community. He is RAND’s representative to the Institute for information and infrastructure protection (I3P), a consortium of nonprofit think tanks and universities that conduct research on critical infrastructure protection and cyber security issues. For the U.S. Army is leading research on new mission command and communications capabilities in space denied environments, and estimating Army needs for satellite communications bandwidth for training. For the I3P and the DHS he was the principal investigator of a project that examined cloud computing cyber security and developed a cloud computing security assessment model called Cloud-Trust. He has examined future cloud-based architectures for enterprise scale biometric matching systems. For the DoD and the Navy he is also leading several studies on new EW capabilities.

Zev is a core faculty member at the Pardee RAND Graduate School and a full information scientist at RAND specializing in big data analytics, social media, and cyber security. He has more than 15 years of experience in computer engineering and software development. Zev has designed and implemented many systems that allow analysts to fuse, analyze, and visualize diverse datasets across several domains including: financial data, social media and social networks, unstructured text, and geo-tagged data. Zev initially applied these skills in finance working first on trade settlement, operational risk assessment, and capital markets syndicate desk systems, and later on high frequency trading. After the events of September 11, 2001, Zev’s focus shifted to national security policy. This transition including a master’s degree in forensic computing and counter terrorism, and a PhD in public policy. At RAND, Zev applies his combination of technical skills and a policy orientation to a diverse portfolio of interests that includes research in defense, intelligence, foreign policy, law enforcement, economic and health related issues.


Michael Cohen

Google/AFF4 Working Group

Michael has been a developer of opensource digital forensic tools since 2001. His past contributions include PyFlag, major parts of Volatility. More recently he has contributed to the GRR Response Rig and is currently the lead developer of the Rekall memory forensics framework.


Matthew Seyer & David Cowen

G-C Partners, LLC

Mr. Cowen has more than sixteen years of experience in the areas of integration, architecture, assessment, programming, forensic analysis and investigation. He currently holds the Certified Information Systems Security Professional certification from (ISC)2. He has been trained in proper forensics practices by the High Tech Crime Investigators Association, ASR Data and Guidance Software, and SANS, amongst others. He is an active contributor within the computer forensics community where he frequently presents and trains on various forensic topics. He has managed, created, and worked with multiple forensics/litigation support teams and associated procedures. His experience spans a variety of environments ranging from high security military installations to large/small private sector companies. He is the author of Infosec Pro Guide to Computer Forensics, Hacking Exposed: Computer Forensics (1st and 2nd edition) and the Anti Hacker Toolkit 3rd edition all by McGraw Hill. Mr. Cowen has testified in a number of cases over the years with two of the highlights featured in Verdict Search being Exel Transportation Services Inc., a Delaware Corporation v. Total Transportation Services, LLC, a Delaware Corporation d/b/a Worldwide Total Transportation Services GP, LLC; Total Transportation Services, LP, a Delaware Limited Partnership d/b/a Worldwide Total Transportation Services, LP; Michael Joseph Musacchio, an Individual; and John Michael Kelly, an Individual, No. 3-06-cv-0593-R leading to a $10 million dollar settlement and Orix Capital Markets LLC v. Super Future Equities Inc., Keon Michael Arjmandi, Schumann Rafizadeh, Cyrus Rafizadeh and Houman Thomas Arjmandi, No. 3:06-cv-00271-B leading to a $12.5 million dollar verdict.

Matthew is a consultant at G-C Partners, LLC based in Dallas, Texas. He has obtained a Bachelor of Technology in Information Assurance and Digital Forensics at Oklahoma State University Institute of Technology Okmulgee and an Associate in Applied Sciences of Digital Forensics at Richland College. Over the past three years, Mr. Seyer has been involved with researching and creating tools for file system journal forensics. Matthew Seyer is also one of the hosts of the Forensic Lunch, a webcast that covers digital forensics topics Fridays at noon (CST) on Google Hangouts. You can follow Matthew Seyer on twitter: @forensic_matt.


Jonathan Millman

Basis Technology

Jonathan is a UI-focused software engineer on the digital forensics team at Basis Technology. Prior to joining Basis Technology, Jonathan was a software developer at the MIT Humans and Automation Lab and a musically inspired 3D animator for SoundSpectrum and Harmonix Music Systems. Jonathan holds a BS in Computer Science and Digital Art from Northeastern University.


Bradley Schatz


Dr Bradley Schatz is the director of the independent digital forensics consultancy Schatz Forensic, and the creator of the Evimetry forensic system. Since the completion of a PhD in Digital forensics in 2007, his principal role has been as a practitioner of digital forensics in private practice, where he has served primarily legal clients in both civil and criminal matters. He has remained an active researcher in the field, having published 15 peer reviewed academic papers and two book chapters all in the area of digital forensics. Practical contributions of Bradley’s research include, in 2010, bringing Windows Vista and Windows 7 analysis in to the Volatility framework, and the index.dat parser in Autopsy.


Julien Vehent


Julien manages the CloudSec team and is responsible for the security of Firefox’s backend services (Firefox accounts, Sync, addons.mozilla.org, Push, Hello, …). Mozilla CloudSec consults with developers and operations teams on risks and security, and builds security tools for the infrastructure. Julien is the author of the Mozilla Server Side TLS guidelines, Cipherscan, Mozilla InvestiGator (MIG), SOPS and many smaller tools to help DevOps integrate security in the organization.


Stuart Maclean

University of Washington

Stuart is an engineer at the University of Washington. He designs cybersecurity tools to answer one simple question: What does this program do? One obvious thing it might do is store data on your disk, perhaps in a filesystem, perhaps not. A method for whole disk capture and later search is therefore needed, and the toolset described in this talk goes along way to solving this problem.


Luca Taennler & Mathias Vetsch

HSR University of Applied Science Rapperswil

Luca and Mathias are two Computer Science students working on their Bachelor Thesis ‘Forensic Triage Kit’.


Eric Zimmerman

Kroll Cyber Security

Eric is a senior director in Kroll’s Cyber Security and Investigations practice. Eric has a tremendous depth and breadth of expertise in the cyber realm, spanning complex law enforcement investigations, computer forensics, expert witness testimony, computer systems design and application architecture. He has received numerous recognitions for his work, is an award-winning author and is a frequently sought-after instructor and presenter on cyber-related topics.

Before joining Kroll, Eric was a Special Agent with the Federal Bureau of Investigation (FBI), specializing in investigating criminal and national security- related computer intrusions, crimes against children (production, distribution and possession of child pornography), intellectual property theft and related crimes.

During his tenure with the FBI, Eric wrote over 50 programs that include forensic utilities and response tools that today are in use by nearly 8,800 law enforcement officers in 82 countries.

Over the course of his career, Eric has led or participated in a wide range of cyber-focused classes, seminars and conferences. In addition to his many speaking engagements, Eric is the co-author of “X-Ways Forensics Practitioner’s Guide,” which was a Forensic 4Cast 2014 Digital Forensics Book of the Year winner.


Sereyvathana Ty


Sereyvathana Ty, call him Ty, is a member of the Detection Infrastructure team at Facebook building host and network security monitoring tools. Before joining Facebook, he was a malware researcher for Palo Alto Networks where he was researching new techniques for detecting malware and developing mitigation strategies for WildFire, a malware analysis platform. He enjoys malware analysis and has a strong passion for developing security applications using machine learning techniques.


Brian Moran

BriMor Labs

Brian is a digital forensic analyst currently residing in the Baltimore, Maryland area. He has approximately 15 years of experience in the cyber security field, with 10 of those years focusing on digital forensics/incident response (DFIR), both in the United States Air Force and the private sector. His initial exposure to the DFIR field occurred during a 6 month deployment to Mosul, Iraq in 2004-2005, when he served on a team that provided mobile device analytic information in support of tactical military operations. During his tenure in the Air Force, he has worked with numerous DoD entities and been invited to speak and share information at several intelligence community events. After his military service ended he entered the private sector and has worked (globally) on a wide range of cases. His favorite aspect of this DFIR field is that it is always changing and evolving; and every case has unique problems, questions, and solutions.


Daniel White, Gary Brown, Johan Berggren


Daniel is a security engineer at Google, focused on keeping people and data safe. He works on forensics, incident response and tool development.

Gary has spent the past five years in various stages of detection and response. He and his code are never elegant, but always functional. He enjoys climbing things, eating poorly, and binge-watching everything.

Johan has more than 15 years of experience of information security, incident response and digital forensics. Between responding to incidents he develops Timesketch, the open source forensic timeline analysis tool.


Jamie Levy

Volatility Foundation

Jamie Levy is a senior researcher and developer. In the past, she worked on various R&D projects and forensic cases at Guidance Software, Inc. Jamie has taught classes in Computer Forensics and Computer Science at Queens College (CUNY) and John Jay College (CUNY). She has an MS in Forensic Computing from John Jay College and is an avid contributor to the open source Computer Forensics community. She is an active core developer on The Volatility Framework and co-author of “The Art of Memory Forensics”. Jamie has also authored peer-reviewed conference publications and presented at conferences (OMFW, CEIC, IEEE ICC) on the topics of memory, network, and malware forensics analysis.


Varun Nair


Varun is a Forensics Investigator with 5 years of experience. He has presented at various national and international conferences.