2017 Speakers


Brian Moran & Jessica Hyde

BriMor Labs & Magnet Forensics

Brian (@brianjmoran) is a digital forensic analyst currently living near Baltimore, Maryland. He has been in the cyber security field for nearly two decades and has spent over a dozen years focusing on digital forensics/incident response (DFIR), both in the United States Air Force and the private sector.

Jessica (@B1N2H3X) is an experienced forensic examiner in both the commercial and government sectors. She is currently the Director, Forensics at Magnet Forensics and an Adjunct Professor at George Mason University teaching Mobile Forensics. Previously, she performed forensic examinations for Basis Technology, American Systems and EY. Jessica is a Marine Corps veteran.


Brian Carrier

Basis Technology

Brian leads the digital forensics team at Basis Technology, delivering incident response tools, custom systems, and services. He is the author of the book File System Forensic Analysis and developer of several open source digital forensics analysis tools, including The Sleuth Kit and the Autopsy Forensic Browser. Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab. Brian is on the committees of many conferences, workshops and technical working groups, including the Open Source Digital Forensics Conference (OSDFCon), the DFRWS Conference, and the Digital Investigation Journal.


Nicole Ibrahim

G-C Partners, LLC

Nicole Ibrahim is a Digital Forensics Expert at G-C Partners, LLC based in Dallas, Texas. She has obtained both a Bachelor and Associate in Digital Forensics at OSU and Richland College. Ms. Ibrahim enjoys research and development for the DFIR community and finding new and interesting artifacts. Currently she codes primarily in Python and C#. You can follow Nicole Ibrahim on twitter: @nicoleibrahim.


Michael Cohen

Google Inc.

Michael has been a developer of opensource digital forensic tools since 2001. His past contributions include PyFlag and major parts of Volatility. More recently he has contributed to the GRR Response Rig and is currently the lead developer of the Rekall DFIR forensics framework.


Jon Stewart

Stroz Friedberg

Jon manages the Digital Forensics software development team at Stroz Friedberg. He previously worked for Lightbox Technologies and Guidance Software.


David Cowen & Matthew Seyer

G-C Partners, LLC

David Cowen has been in Information Security since 1996 and Digital Forensics since 1999. He is the author of Hacking Exposed Computer Forensics (1st and 2nd edition), Infosec pro guide to computer forensics, Anti Hacker Toolkit 3rd Edition and CIBOK. David is a Certified SANS Instructor teaching windows forensics and winning awards for his research on his blog www.hecfblog.com as well as the co-host of the Forensic Lunch podcast. David is an expert witness and has been testifying in civil cases since 2002.

Matthew Seyer (@forensic_matt) is a consultant at G-C Partners, LLC based in Dallas, Texas. He has obtained both a Bachelor and Associate in Digital Forensics at OSU and Richland College. Mr. Seyer enjoys research and development, and is currently interested in large data systems for storing forensic artifacts for the purpose of correlation, analysis, and analytics. Currently he codes primarily in Rust and Python. Matthew Seyer is also one of the hosts of the Forensic Lunch, a webcast that covers digital forensics topics Fridays at noon (CST) on Google Hangouts.


Jim Jones

George Mason University

Jim Jones is a member of the Digital Forensics and Cyber Analysis faculty at George Mason University, where he asks (sometimes) interesting questions and (sometimes) convinces students, colleagues, and sponsors to investigate those questions with him. Jim is pathologically curious and deeply interested in solving applied, real world problems. His unofficial motto: ask lots of questions and do hard stuff. Jim has degrees in Systems Engineering, Mathematics, and Computational Sciences, and he has worked in the cyber security and digital forensics spaces for over 20 years for various industry, government, and academic organizations.


Asif Matadar

Stroz Friedberg

Asif (@d1r4c) is Director of Incident Response at Stroz Friedberg, an Aon company responsible for Incident Response in the U.K., including technical lead for all engagements, such as advanced targeted attacks, nation state attacks, highly complex incidents, high-profile incidents and data breaches, to name a few.

Asif has over 6 years’ experience working in incident response where he has led many investigations and incidents for organisations domestically and internationally. He holds a BSc (Hons) in Forensic Computing along with the GCFA certification. He frequently delivers Guest lectures at Universities in the U.K. ranging from BSc (Hons), MSc and PhD students.

Asif has particular interest in research where he has delivered presentations at industry recognised conferences with a keen focus on memory analysis and automation, *nix based forensics, PowerShell as a defence capability, and triage analysis.

Richard Cordovano

Basis Technology

Richard is director of engineering on the digital forensics team at Basis Technology. Prior to joining Basis Technology, Richard did software development at the Defense Cyber Crime Center (DC3). Before finding his niche in the world of digital forensics, Richard’s career included writing ballistic missile defense simulation software, writing business intelligence software, and a brief stint in the video games industry. Richard earned a Master of Science degree in Computer Science at Colorado Technical University and a Bachelor of Science Degree with a minor in Applied Mathematics at the University of Colorado.


Andrew Hoog


Andrew Hoog is a computer scientist, mobile security and forensics researcher, and co-founder of NowSecure. He’s also a testifying expert witness, author of two books on mobile forensics for Android and iOS, and holds two patents in the areas of forensics and data recovery.

Things he enjoys in life include running, reading science fiction, traveling to new places, drinking great wine and pausing to enjoy life which can pass us by so fast.


Mark McKinnon

Davenport University

Mark McKinnon has over 26 years experience in IT. He started his career writing programs on a mainframe computer, then went on to do systems analysis, database administration, security audits and finally computer forensics. He received his computer forensic training from Key Computer Service through their training partnership with Kennesaw State University in Georgia.
Mark is a Certified Computer Examiner (CCE) , a GIAC Certified Forensic Analyst and a GIAC Certified Incident Handler through SANS. He is active on many Computer Forensics forums helping other forensic examiners with technical problems and has contributed to the SANS Digital Forensics and Incident Response blog.

In 2005, Mark started RedWolf Computer Forensics and developed a program called “Drive Prophet” which is a triage program for Windows Systems. He has created many free programs used by forensic examiners around the world including Skype Log Parser, Google Chrome Parser, Windows Prefetch Parser, MFT Parser and the Vista Thumbcache Parser on which Mark holds a US copyright.

Mark has written over 20 python plugins for Autopsy. He also took 1st place and 3rd place in the OSDFCon 2015 and OSDFCon 2016 Autopsy Python plugin module competition.
Mark has presented at the DoD Cybercrime conference, Sans What Works in Incident Response and Computer Forensics, and several regional conferences. He has also been interviewed on the Cyberspeak podcast.


Alessandro De Vito


Alessandro is a 25 years old (filesystem|memory) forensics-loving guy. He took a degree in Computer Science few months ago from University of Milan with the (Italian) degree thesis title: Analisi Forense della Memoria del Browser (Memory Forensics analysis of the Browser’s address space). Now, he’s working as ICT Security Specialist at TRUEL IT, an Italian research-driven security firm providing exclusive zero-day capabilities and tailored on-demand research. At TRUEL IT, he’s gotten the chance to expand and improve his thesis project. Generally, he appreciates dealing with open source digital forensics tools and he’s curious about IT Security new technologies. In his free time he loves playing guitar, listening to metal music, playing World of Warcraft and working on his forensic projects.


Andrew Ziehl

Cipher Tech Solutions, Inc.

Andrew Ziehl is a software developer for Cipher Tech Solutions. He is one of several developers who created IO, a forensic imaging tool. He’s worked in digital forensics since graduating from Northeastern University in 2012. Andrew has led and coded alongside teams creating malware reverse engineering automation, location gathering, forensic imaging, and reporting tools across web, desktop and mobile applications. In his free time, he likes to run with his wife, along with their dog, Atlas.


William Ballenthin


William Ballenthin is a reverse engineer on FireEye’s FLARE team. He enjoys researching novel investigative techniques for incident responders. Recently, William has researched function similarity metrics, implemented file system drivers, and reverse engineered Android malware. Prior to seven years at Mandiant & FireEye, he graduated from Columbia University with a degree in Computer Science.


Jamie Levy

Volatility Foundation

Jamie Levy is a senior researcher and developer. In the past, she worked on various R&D projects and forensic cases at Guidance Software, Inc. Jamie has taught classes in Computer Forensics and Computer Science at Queens College (CUNY) and John Jay College (CUNY). She has an MS in Forensic Computing from John Jay College and is an avid contributor to the open source Computer Forensics community. She is an active core developer on The Volatility Framework and co-author of “The Art of Memory Forensics”. Jamie has also authored peer-reviewed conference publications and presented at conferences (OMFW, CEIC, IEEE ICC) on the topics of memory, network, and malware forensics analysis.