Aaron Peterson, Thomas Chopitea
Thomas Chopitea is a forensics investigator and engineer at Google (he used to do work at the CERT of a big financial institution, but he’s fine now). When he’s not writing code and hunting down criminals, he enjoys poking malware with a long stick and reading up on threat intelligence processes. His long-term professional goal is to automate himself out of a job.
Aaron Peterson is a Security Engineer and Forensics Investigator at Google, and previously he worked at Harvard University on the Network Security Incident Response team. He enjoys the intersection of computer security and automation, and is currently focused on Cloud forensics at scale.
Andrew Quill has been working in the cybersecurity industry since 2004, ranging from the Health Care Industry to serving as a Cyber Network Defender in the US Army in 2016. He holds several SANS certifications to include GXPN, GCFA AND GCIH to name a few. He has most recently been invested in supporting open source advanced threat hunting using big data platforms like Splunk.
Ann is a senior software engineer on the digital forensics team at Basis Technology. Prior to coming to Basis, she did the opposite as a software reverse engineer with the Department of Defense. In her free time, Ann is an obstacle racer and aspiring aerialist.
Asif (@d1r4c) is Director of Endpoint Detection & Response (EDR) at Tanium where he utilises his experience and knowledge of Incident Response, Endpoint Forensics and Threat Landscape to support high-profile clients’ in the EMEA region.
Asif is a seasoned Incident Response professional with over 7 years’ experience leading high-profile cases, such as advanced targeted attacks, nation-state attacks, highly complex incidents, and data breaches, to name a few. He holds a BSc (Hons) in Forensic Computing along with the GCFA certification. He frequently delivers Guest lectures at Universities in the U.K. ranging from BSc (Hons), MSc and PhD students.
Asif has particular interest in research where he has delivered presentations at industry recognised conferences around the world with a keen focus on memory analysis and automation, *nix based forensics, PowerShell as a defence capability, cloud forensics, and triage analysis.
Brian leads the digital forensics team at Basis Technology, which builds software for incident response, digital forensics, and custom mission needs. He is the author of the book File System Forensic Analysis and developer of several open source digital forensics analysis tools, including The Sleuth Kit and Autopsy. Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab and incident response team. Brian is the chairperson for the Open Source Digital Forensics Conference (OSDFCon) and involved with many conferences, workshops and technical working groups, including the Annual DFRWS Conference and the Digital Investigation Journal.
Cem specializes in devops security, incident response, digital forensics, malware analysis, litigation consulting, R&D of security software. Prior to Facebook, he led R&D, incident response and development teams in Salesforce, Terremark, Verizon, LinkedIn, and various Fortune 500 companies. He has presented at conferences such as, DockerCon, RSA, Forum of Incident Response and Security Teams (FIRST.org), Hack In the Box, Open Source Memory Forensics Workshop (OMFW), EuroForensics and has written articles and chapters about cloud computing security and incident response for various publications. While not being paranoid about security, he enjoys life with friends and family. Mahalo!
Emily is a digital forensics examiner at Morgan Stanley on the Insider Threat Investigations team. In her role, Emily helps protect the firm against insider threats by conducting investigations and working to improve forensic tooling and techniques.
Eric Zinnikas and Cory Altheide
Eric Zinnikas is a Security Engineer at Facebook. He currently focuses on threat detection and incident response, while recently having worked on projects focused around automation and sandboxing to understand attacker techniques. Eric holds a Bachelor of Science in Computer Science from the University of Maryland.
Cory Altheide has nearly two decades of information security, forensics & incident investigations experience. During this time he has performed numerous investigations in a variety of industries, ranging from financial crimes to state-sponsored espionage. Additionally, he is the primary author of “Digital Forensics with Open Source Tools.” Cory is currently a security engineer specializing in forensics and incident response at Facebook.
Eugene Livis is a Software Engineer at Basis Technology making contributions to Autopsy framework development, its internal modules, as well as customer interactions.
Forest Monsen, Kevin Glisson
Forest Monsen is a senior security engineer at Netflix with experience in both offensive and defensive security. He works to improve digital forensics and incident response on cloud architectures.
Kevin is a Senior Cloud Security Engineer at Netflix who has previously conquered SSL/TLS Automation (Lemur) and Distributed application security scanning (Monterey). Previously working as a Cyber Intelligence Analyst and Computer Security Incident Responder for JPMorgan Chase & Co. He is deeply interested in all things related to security automation including infrastructure security, intelligence gathering, and forensic data collection. In his free time, he is an avid mountain biker and ultimate frisbee player.
Harlan has been involved in the cyber security field for over 20 yrs. He is an accomplished public speaker, open source tool author, and a prolific author. He is also a very handsome man, albeit without the encumbrance of Brian’s beautifully coiffed mane.
Jad Saliba and Jessica Hyde
Magnet Forensics and George Mason University
Jad Saliba is a former forensicator who left policing to devote his time to developing software that improves the recovery & analysis of evidence left behind on devices. As Magnet Forensics CTO, Jad is focused on researching methods to recover & analyze digital evidence.
Jessica Hyde is the Director, Forensics at Magnet Forensics, an Adjunct Professor at GMU, & United States Marine Corps veteran.
After obtaining his university admission in 2010, Jan-Niclas Hilgert started his bachelor degree course of “electrical engineering, information technology and computer engineering” at the RWTH Aachen. During that time he worked as a tutor for multiple classes and practical courses in computer science. In 2013, he obtained his bachelor’s degree of science, following his bachelor thesis focused on the fusion of multiple point clouds created by Microsoft’s Ḱinect.
His interest in computer science was reinforced during these three years, which is why he focused even more on computer engineering by starting a master degree course in computer science at the University of Bonn. Besides from working for the institute of robotics, he took his first steps into the world of digital forensics together with research assistants of Frauhofer FKIE. During that time he dedicated himself to file system and volume analysis including the creation of an analyzer for complex volume structures. This collaboration peaked in his master thesis “Evaluating the contemporary applicability of the standard model for file system analysis” in 2016 and a master’s degree of science.
Afterwards, Jan-Niclas continued to work for Fraunhofer FKIE as a research assistant for digital forensics. Additionally, he is holding trainings about incident response, intrusion detection as well as network and storage forensics for public authorities and business partners.
Johan Berggren and Daniel White
Johan Berggren is a security engineer at Google and has more than 15 years of experience of information security, incident response and digital forensics. Between responding to incidents he develops Timesketch, the open source forensic timeline analysis tool.
Daniel White is a security engineer at Google and the tech lead for the Plaso project. He is focused on keeping people and data safe. He works on forensics, incident response and tool development.
Carnegie Mellon University
For eight years, Leena Arora has been working as a Cyber Security Exercise Developer and Trainer with the Software Engineering Institute’s CERT Division at Carnegie Mellon University. She has created numerous advanced cyber training exercises and delivered those to a wide variety of government and industry audiences. She has also been responsible for designing, developing and delivering many large-scale, complex, virtualized training environments to various high visibility customer engagements. For four years of her tenure at CERT, she provided top-notch cyber security training to US Army NETCOM’s five Regional Cyber Centers spread across the globe. One of her primary interests is in the computer forensics field and she holds active GCFE (GIAC Certified Forensic Examiner), GCFA (GIAC Certified Forensic Analyst), and GASF (GIAC Advanced Smartphone Forensics) certifications. She earned her Master’s degree in Information Security Policy and Management from Carnegie Mellon University in 2010.
Mari DeGrazia is a Director at Kroll Cyber Security, which provides cyber security services on a global scale. Throughout her career, Mari has investigated high-profile breach cases, worked civil and criminal cases and provided testimony as an expert witness. She has written and released numerous programs/scripts to the forensics community; presented on her research at several industry conferences; and is a published author in several magazines. She holds several certifications in addition to earning a B.S. in Computer Science from Hawaii Pacific University.
Mark McKinnon has over 28 years experience in IT. He started his career writing programs on a mainframe computer, then went on to do systems analysis, database administration, security audits and finally computer forensics. He received his computer forensic training from Key Computer Service through their training partnership with Kennesaw State University in Georgia.
Mark is a Certified Computer Examiner (CCE) and an GIAC Certified Incident Handler through SANS. In 2005, Mark started RedWolf Computer Forensics and developed a program called “Drive Prophet” which is a triage program for Windows Systems. He has created many free programs used by forensic examiners around the world including Skype Log Parser, Google Chrome Parser, Windows Prefetch Parser, MFT Parser and the Vista Thumbcache Parser on which Mark holds a US copyright.</p
Mark is currently an Assistant Professor at Davenport University where he teaches Digital Forensics, Cyber Defense and Computer Science. Mark is also a Forensic Examiner at DataExam LLC. Mark has written over 30 python plugins for Autopsy. He also took 1st place and 3rd place and 1st place in the OSDFCon 2015, 2016 and 2017 Autopsy Python plugin module competition.
Mark has presented at the OSDFCon Conference, DoD Cybercrime conference, Sans What Works in Incident Response and Computer Forensics, and several regional conferences.
Michael George is a Security Engineer at Dropbox doing incident response with a focus on endpoint detection tooling. He enjoys working on host telemetry for macOS.
Nick Anderson is a security engineer at Facebook, focused on building and scaling infrastructure for detecting compromise at Facebook. He is one of the core maintainers and developers for Facebook’s osquery project, an open source tool used for intrusion detection, systems operations, and compliance. When Nick isn’t focused on host based security telemetry problems he enjoys cooking, brewing beer, and lock picking.
Richard is Director of Engineering on the digital forensics team at Basis Technology. Prior to joining Basis Technology, Richard did software development at the Defense Cyber Crime Center (DC3). Before finding his niche in the world of digital forensics, Richard’s career included writing ballistic missile defense simulation software, writing business intelligence software, and a brief stint in the video games industry. Richard earned a Master of Science degree in Computer Science at Colorado Technical University and a Bachelor of Science Degree with a minor in Applied Mathematics at the University of Colorado.
Sam Koffman has been working cyber crime and digital forensic investigations for the federal government for almost 15 years, first with the U.S. Secret Service, and then with the U.S. Department of the Treasury. Throughout his career, Sam has investigated network intrusions into financial institutions and payment processors, as well as network attacks against critical infrastructure support the Secret Service’s protective mission. Currently, Sam is focused on forensic investigations of enterprise-class systems in use across the financial sector.
Cyber Defense Institute, Inc.
Teru Yamazaki is a Senior Analyst at Cyber Defense Institute, Inc. located in Japan. He has over 12 years experience in computer security and currently he works as a lead investigator for cyber security incident. He also has taught several classes in digital forensics for law enforcement and private sector and previously he worked as an localized EnCase instructor. His research interests include file system, OS artifact and timeline analysis. He holds GIAC Certified Forensic Analyst (GCFA) and EnCase Certified Examiner (EnCE) certification.