Brian leads the digital forensics team at Basis Technology, which builds software for incident response, digital forensics, and custom mission needs. He is the author of the book File System Forensic Analysis and developer of several open-source digital forensics analysis tools, including The Sleuth Kit and Autopsy. Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab and incident response team. Brian is the chairperson for the Open Source Digital Forensics Conference (OSDFCon) and involved with many conferences, workshops and technical working groups, including the Annual DFRWS Conference and the Digital Investigation Journal.
Eric Zimmerman is a senior director in Kroll’s Cyber Risk practice. Eric has a tremendous depth and breadth of expertise in the cyber realm, spanning complex law enforcement investigations, computer forensics, expert witness testimony, computer systems design, and application architecture. He has received numerous recognitions for his work, is an award-winning author, and is a frequently sought-after instructor and presenter on cyber-related topics.
Before joining Kroll, Eric was a Special Agent with the Federal Bureau of Investigation (FBI), specializing in investigating criminal and national security-related computer intrusions, crimes against children (production, distribution, and possession of child pornography), intellectual property theft, and related crimes.
Eric has developed and maintains many open source forensic tools for many Windows artifacts.
Kristinn Gudjonsson, Johan Berggren
Kristinn is a member of the Detection & Response team at Google, where he has been for over 7 years. Kristinn joined Google in 2011 as part of the incident response team, investigating and responding to security incidents. He was known for tinkering with code, focusing on tools like plaso. Kristinn then made a move over to management where he oversaw the digital forensics and incident management teams in Sunnyvale. Kristinn is now back into an individual contributor role, working on projects like Timesketch, l2tscaffolder and others. In a previous life Kristinn worked as an incident response and forensics consultant in Iceland. Kristinn holds an M.Sc. from Institut National des Telecommunications (INT, now Telecom & Management) school from Paris and a B.Sc. in computer and electronic engineering from the University of Iceland.
Johan Berggren is a security engineer at Google and has more than 15 years of experience in information security, incident response and digital forensics. Between responding to incidents he develops Timesketch, the open source forensic timeline analysis tool.
The Volatility Developers
The Volatility Foundation
The authors of this presentation are the core developers of The Volatility Framework (@volatility) and the authors of The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. These are the same analysts who have spent the past decade using memory analysis on a daily basis to augment digital investigations, malware analysis, and reverse engineering. This team actively maintains and supports the Volatility software and its thriving community. This team also offers the authoritative training in memory and malware analysis, which has been taught for numerous commercial and government organizations around the world. They have presented at a variety of industry leading conferences that include RSA, Blackhat, Defcon, DoD Cyber Crime Conference, DFRWS, American Academy of Forensics Sciences, and Europol’s High Tech Crime Expert Meeting.
Federal Reserve Bank of New York
Jon is a Senior Cybersecurity Associate serving the Federal Reserve’s National Incident Response Team as Lead Malware Analyst. He also teaches Digital Forensics, Malware Analysis, and Cybersecurity Python courses for University of Richmond: School of Professional and Continuing Studies. A nine year veteran of the United States Air Force.
Omri Segev Moyal
Born with a curiosity for learning how things work and a passion for assessing and dissecting them. Malware Researcher and Threat Intelligence expert with global experience in military, industrial, intelligence, communication and financial organizations. Expertise as a testing provider of advanced malware solutions in both laboratory and enterprise production environments.
Dr. Ali Hadi
Dr. Ali Hadi, is a Senior Information and Cybersecurity Specialist with 14+ years of industrial experience in Information Technology, currently working as a full time professor and researcher for both the Computer and Digital Forensics and Cybersecurity Departments at Champlain College, Vermont, USA. He holds a bachelor in computer science and a masters and PhD both in Computer Information Systems. Dr. Hadi provides consulting in several areas of security including digital forensics and incident response, cyber threat hunting, penetration testing, and vulnerability assessments. Dr. Hadi is also an author, speaker, and freelance instructor where he delivered technical training to law enforcement agencies, banks, telecoms, private companies, and other institutes. Dr. Hadi’s research interests include digital forensics, incident response, and cyber threat hunting. More details could be found here: https://www.ashemery.com/bio.html
John Holowczak, Kyle Gwinnup
John is a Threat Researcher on Carbon Black’s Threat Analysis Unit, focusing on automation of threat detection and building out infrastructure for large scale malware analysis. Within the field of threat detection and analysis, John specializes his research in binary classification, dynamic analysis and reverse engineering
Kyle is a Senior Threat Researcher in Carbon Black’s TAU team. He has over 10 years of experience in many areas of computer science and IT. Prior to Carbon Black, Kyle worked in finance and with the DoD in various roles ranging from network/systems administrator, software engineer, reverse engineer, penetration tester and offensive tool developer. At Carbon Black, Kyle’s focus is on large scale program analysis, primarily static but moving asymptotically toward dynamic analysis.
Asif (@d1r4c) is Director of Endpoint Detection & Response (EDR) at Tanium where he utilises his experience and knowledge of Incident Response, Endpoint Forensics and Threat Landscape to support high-profile clients’.
Asif has over 8 years’ experience in incident response leading high-profile cases, such as advanced targeted attacks, nation-state attacks, highly complex incidents, data breaches along with penetration tests on infrastructure, web and mobile applications.
Asif has particular interest in research where he has delivered presentations at industry recognised conferences around the world with a keen focus on memory analysis and automation, *nix based forensics, PowerShell as a defence capability, cloud forensics, and triage analysis.
Simson L Garfinkel
George Mason University & US Census Bureau
Simson Garfinkel is the Senior Computer Scientist for Confidentiality and Data Access at the US Census Bureau. He holds seven US patents and has published more than 50 research articles in computer security and digital forensics. He is a fellow of the Association for Computing Machinery (ACM) and the Institute of Electrical and Electronics Engineers (IEEE), and a member of the National Association of Science Writers. His most recent book is The Computer Book, which features 250 chronologically arranged milestones in the history of computing. As a journalist, he has written about science, technology, and technology policy in the popular press since 1983, and has won several national journalism awards.
Garfinkel received three Bachelor of Science degrees from MIT in 1987, a Master’s of Science in Journalism from Columbia University in 1988, and a Ph.D. in Computer Science from MIT in 2005.
Dr. Stephen Pearson
High Tech Crime Institute
Dr. Stephen Pearson has been involved in Computer Crime and Investigations since 1993 Stephen developed and trained courses for Family Advocacy Law Investigation Training Program, Fraud Investigation Training Program, Army CID Special Agents Courses, Military Police Investigator Course, and Weapons of Mass Destruction Courses. Stephen has directly written and advised on policies and procedures that are current today’s world of computer crime investigation. Stephen retired from the Army as the Non-Commissioned Officer in Charge of the Advanced Technology Criminal Investigations Division in 2003 from Ft Leonard Wood. For the past ten years Stephen has worked closely with NATO and US Special Operations Command to develop cyber training programs for agents and operators in tactical operations. Currently Stephen is the lead research instructor for the development of NATO Cellular and Digital forensic training. Through this work and Stephen’s doctoral work he has developed processes and procedures that address the time urgent evidence collection in digital triage forensics. Stephen is an Adjunct Professor at UTICA College and University of North Carolina (Chapel Hill).
Josh Brunty, Nicole Odom
Josh Brunty is an Associate Professor of Digital Forensics at Marshall University in Huntington, WV. Prior to entering academia Josh worked as an examiner and technical leader with the West Virginia State Police’s Digital Forensic Unit. Josh has also participated in various national and international committees and panels focusing on the advancement of digital forensic science in the US. He currently serves as a member of the NIST OSAC subcommittee on Digital Evidence and also serves in various capacities within the Scientific Working Group on Digital Evidence and ASTM E30.12 digital evidence subcommittee.
Nicole Odom is a Forensic Scientist Trainee in the Virginia Department of Forensic Science’s (DFS) Digital & Multimedia Evidence (DME) section with concentrations in both Mobile Device and Computer Analysis. She is a graduate of Marshall University’s Forensic Science Graduate Program, earning her MSFS with an emphasis in Digital Forensics and an additional Graduate Certificate in Digital Forensics. She has had experience working with the WV State Police Digital Forensics Lab during her time as a student, and has created and authored GearGadget, a data extraction tool for wearables, through her research completed as an intern of the Virginia DFS’s DME section. She currently holds certifications with Cellebrite and AccessData, and is a Student Affiliate Member of the American Academy of Forensic Sciences Digital & Multimedia Sciences section, and a Member of ASTM 30.12.
Mark McKinnon has over 28 years experience in IT. He started his career writing programs on a mainframe computer, then went on to do systems analysis, database administration, security audits and finally computer forensics. He received his computer forensic training from Key Computer Service through their training partnership with Kennesaw State University in Georgia.
Mark is a Certified Computer Examiner (CCE) and an GIAC Certified Incident Handler through SANS. He is active on many Computer Forensics forums helping other forensic examiners with technical problems and has contributed to the SANS Digital Forensics and Incident Response blog.
In 2005, Mark started RedWolf Computer Forensics and developed a program called “Drive Prophet” which is a triage program for Windows Systems. He has created many free programs used by forensic examiners around the world including Skype Log Parser, Google Chrome Parser, Windows Prefetch Parser, MFT Parser and the Vista Thumbcache Parser on which Mark holds a US copyright.
Mark is currently an Assistant Professor at Davenport University where he teaches Digital Forensics, Cyber Defense and Computer Science. He has written over 45 python plugins for Autopsy. He also took 1st place and 3rd place and 1st place in the OSDFCon 2015, 2016 and 2017 Autopsy Python plugin module competition.
Mark has presented at the OSDFCon Conference, DoD Cybercrime conference and several regional conferences. He has also been interviewed on several podcasts.
Daniel White is a security engineer at Google, the lead for the Plaso project and spiritual father of the Greendale scenario. He is focused on keeping people and data safe. He works on forensics, incident response and tool development.
Heather Mahalik & Mattia Epifani
To say that digital forensics is central to Heather Mahalik’s life is quite the understatement. Heather has worked on high-stress and high-profile cases, investigating everything from child exploitation to major terrorism cases. She has helped law enforcement, eDiscovery firms, military and the federal government extract and manually decode artifacts used in solving investigations around the world. Heather began working in digital forensics in 2002, and has been focused on mobile forensics since 2010 – there’s hardly a device or platform she hasn’t researched or examined or a commercial tool she hasn’t used. Heather is currently the Senior Director of Digital Intelligence at Cellebrite and a Senior Instructor, author and course lead for FOR585: Smartphone Forensic Analysis. She maintains www.smarterforensics.com and is the co-author of Practical Mobile Forensics (1st -4th editions), currently best sellers from Pack’t Publishing. Heather is passionate about digital forensics because she loves always having to learn something new. “This field moves so quickly. It is literally impossible to get bored,” she says. “If you find yourself bored, branch into another realm of digital forensics. The possibilities are endless and so is the fun! I love digging for artifacts and solving the puzzle.”
Mattia Epifani’s passion with computers began when he was given a Commodore 64 for Christmas at age six. “After a couple of years, I was writing my first lines of code,” he says. He kept the computer as his hobby and passion while pursuing his studies, then pursued a computer science degree at university. “My father is a lawyer, so he was not completely happy when I didn’t choose to study law,” says Mattia, but over the years he’s blended the two with a career in digital forensics, bridging the gap between technical and legal systems.
Today, Mattia is CEO of RealityNet System Solutions, an Italian infosec and digital forensics consulting company, where he works as a digital forensics analyst and expert for judges, prosecutors, lawyers and private companies, at times serving as an expert court witness.
Mattia also brings his passion and expertise to the classroom as an instructor for SANS FOR500: Windows Forensic Analysis and FOR585: Smartphone Forensic Analysis In-Depth, a topic he’s particularly passionate about. “I spend my days trying to acquire and analyze digital devices, smartphones in particular,” he says. An expert with a vast knowledge of tools and techniques for forensic investigation, Mattia always tries to find a way to achieve his goal even when no tools exist. “I do forensics on a daily basis testing, developing new methods, and going deeper and deeper, and I love teaching by providing real cases and scenarios to my students,” he says.
When he’s not teaching and consulting, Mattia supports the EVIDENCE2e-CODEX project through the Italian National Council of Research, where he serves as a researcher helping to build a system to facilitate the exchange of digital evidences among law enforcement agencies in Europe. Mattia obtained a degree in computer science from the university in Genoa, Italy and received post-graduate training in computer forensics and digital investigations in Milan. He also has several certifications in digital forensics and ethical hacking, including GNFA, GSAF, GREM, GCFA, GMOB, GCWN, CIFI, CEH, CHFI, ACE, AME, ECCE, CCE and MPSC.
A regular speaker on digital forensics at Italian and European universities and events, Mattia authored Learning iOS Forensics and Learning iOS Forensics, Second Edition, edited by PacktPub. He is also a member of the Digital Forensics Association (DFA), International Information System Forensics Association (IISFA), ONIF and T&L Center .
Vik Harichandran is a Senior Cybersecurity Engineer at the MITRE Corporation. He has helped lead the CASE effort over the past 1.5 years and currently serves as the Adoption Committee Chair. CASE aims to formalize terminology within the cyber domain, facilitate sharing and automation, and allow for higher-level analysis and inference.
Emily is a digital forensics examiner at Morgan Stanley on the Insider Threat Investigations team. In her role, Emily helps protect the Firm against insider threats by conducting investigations and working to improve forensic tooling and techniques.
Jamie Levy is a senior researcher and developer. In the past, she worked on various R&D projects and forensic cases at various DFIR companies. Jamie has taught classes in Computer Forensics and Computer Science at Queens College (CUNY) and John Jay College (CUNY). She has an MS in Forensic Computing from John Jay College and is an avid contributor to the open source Computer Forensics community. She is an active core developer on The Volatility Framework and co-author of “The Art of Memory Forensics”. Jamie has also authored peer-reviewed conference publications and presented at conferences (OMFW, CEIC, IEEE ICC) on the topics of memory, network, and malware forensics analysis.
Adam Ferrante, Brian Tucker
Adam Ferrante is a senior Computer and Digital Forensics student at Champlain College who will be pursuing a career in Incident Response. Adam is the President of the Champlain College Digital Forensics Association, and enjoys contributing to projects related to DFIR including an open-source Mac forensics tool, and @DFIRNews.
Brian Tucker is a fourth-year Computer Networking and Cybersecurity student at Champlain College who aims to start as a Network Security Engineer and end up as a Red Team member.