Skip to main content

Magnet User Summit Speakers

Speakers

Eric Huber

Vice President, National White Collar Crime Center (NW3C)

Presentation: Virtual Currency Investigations: Fear Not The Blockchains

Read Description

Eric is a popular author, speaker, and researcher in the fields of cybercrime, digital forensics, and information security. He is a former law enforcement officer who has successfully led and conducted many high profile and cross-border investigations. As Vice President of International and Strategic Initiatives for the National White Collar Crime Center (NW3C), he is responsible for working with senior executive management in developing and executing NW3C’s strategy in all of its functional areas. In addition to his strategic role, Eric leads the High Technology Crimes Section of NW3C that is responsible for developing and delivering digital forensics, cybercrime, and information security training to a wide variety of public and private audiences around the world with an emphasis on state and local law enforcement in the United States. Eric writes about cybercrime and digital forensics at the award-winning AFoD blog located at www.afodblog.com and can be followed on Twitter at @ericjhuber. A former SANS Institute instructor, Eric was also named Person of the Year by Northeast Chapter of the High Technology Crime Investigation Association in 2010. In addition to being a senior member of IEEE and an associate member of the Digital and Multimedia Sciences section of the American Academy of Forensic Sciences, Eric holds numerous professional certifications and is a graduate of the FBI Newark Division's 2010 Citizens Academy. Eric holds a BS in Law Enforcement from Minnesota State University at Mankato, an MPA from Drake University, and an MBA from the University of Florida.

Nicole Ibraham headshot

Nicole Ibrahim

Digital Forensics Expert, G-C Partners, LLC

Presentation: Windows Event Trace Log (ETL) Forensics

Read Description

A digital forensics expert and researcher at G-C Partners, LLC based in Dallas, Texas, Nicole has a Bachelor of Technology in Information Assurance and Digital Forensics and has presented multiple times at digital forensics conferences detailing her research and findings. She is also actively involved in the creation of open-source digital forensics tools.

Devon Ackerman

Associate Managing Director, Kroll Cyber Risk

Presentation: Conducting O365 Investigations in a Post-Activities World

Read Description

Devon Ackerman is an Associate Managing Director with Kroll’s Cyber Risk practice, based in Secaucus. Devon is an authority on digital forensics and has extensive experience in the investigation and remediation of cyber-related threats and incidents from his years with the Federal Bureau of Investigation as well as in the private sector. In his current role, Devon leads engagements for clients across a wide range of industries involving investigative digital forensics, intrusion response (unauthorized access), and malware analysis. He also serves as a Senior Forensic Science Team Lead, where he conducts and oversees digital evidence collection, triage, and preservation. Devon’s extensive cyber investigative experience includes physical and cyber-based corporate espionage and sabotage investigations; ransomware and malware cyber intrusion events; unauthorized user access; PII and PHI compromise; malicious spear phishing and whaling campaigns; Office 365 and G Suite compromises and related log analytics; data destruction events; breach response; and other events involving misuse of networked endpoints and infrastructure. Devon joined Kroll from the FBI, where he was a Supervisory Special Agent and Senior Digital Sciences Forensics Examiner in the Digital Evidence Field Operations Unit. In this role, he oversaw and coordinated all FBI Digital Forensics-related field operations across the United States, spanning a variety of matters such as domestic terrorism, mass shootings, critical incident response events, and large-scale electronic evidence collections. Devon has also provided expert witness testimony in federal and state courts. During this time, Devon developed a number of forensic tools that are still widely used. He was also the course material revision architect and co-author for the FBI’s CART Tech Certification program and Digital Evidence Extraction Technician (DExT) training curriculums. He began his career with the FBI in 2008, where he co-founded the FBI’s first North Carolina Cyber Security and Intrusion Working Group (eShield).

Yogesh Khatri

Assistant Professor & Program Director, Champlain College

Presentation: Windows Store & Apps (APPX) Analysis

Read Description

Yogesh Khatri is a professor at Champlain College. In a prior life, he consulted with and trained many Fortune 100 companies, and law enforcement officers on computer forensics, automation of forensic processes, incident response and malware analysis in North America and Asia. His current research interests include windows and macOS artifacts and writing FOSS tools for forensics.

Jack Farley

Jack Farley

Student at Champlain College

Presentation: Windows Store & Apps (APPX) Analysis

Read Description

Jack Farley is a Junior at Champlain College pursuing a BS in Computer and Digital Forensics and a minor in Computer Science. Recent achievements include writing a Twitter archive parser and starting his own blog farleyforensics.com. Among other DFIR projects he's worked are mac_apt and LCDI's Bluetooth device tracking. This summer he also interned at Sony and did JTAG & ISP extractions.

Kevin Murphy

Senior Insider Threat Analyst, American Express

Presentation: Leveraging AXIOM for Insider Threat Investigations

Read Description

Mr. Murphy currently works in the financial sector at American Express as a Senior Insider Threat Analyst in the Insider Threat Program. He has 16 years of experience in computer forensic cyber investigations. Earlier in his career, he was employed by many large corporations in the Washington, DC metro area, e.g. ManTech International, TASC, General Dynamics, SAIC and BAE Systems that provided contract cyber security services. During this period, he provided computer forensic support to internal cyber investigations, computer misuse, insider threat, hunt operations and malware investigations. He developed advanced python scripting skills to automate repetitive processes. This matured into the open source project known as MantaRay that was deployed in the SANS SIFT forensic platform—MantaRay Forensics (Twitter: @MantaRay4ensics).

Mitch Kajzer

Cyber Crimes Director, St. Joseph County Cyber Crimes Unit

Presentation: Innovative Solutions for the Changing Nature of Digital Forensic Investigations

Read Description

Mitch Kajzer is a graduate of the Indiana Law Enforcement Academy class 89-97 and has been in law enforcement since 1989. He holds an Associates Degree in Criminal Justice from Indiana University, a Bachelor’s Degree in Psychology from Indiana University, and a Master’s Degree in Cognitive Psychology from the University of Notre Dame. He currently works for the Office of the Prosecuting Attorney in St. Joseph County, IN as the Director of the St. Joseph County Cyber Crimes Unit and for the University of Notre Dame as an adjunct professor in the Computing & Digital Technologies Program. Mitch began his law enforcement career with the South Bend, Indiana Police Department. Over the course of his law enforcement career, he held a number of different positions, including road patrol, detective, and traffic crash reconstructionist. Mitch has instructed over 5000 police officers on a number of topics, including officer survival, police action shootings, critical incidents, emergency vehicle operation, accident investigation, computer forensics, technology crimes, Internet investigations, and undercover investigations. In his 30 years in law enforcement, Mitch has been involved in a number of critical incidents, including being shot in the line-of-duty. He has also been awarded the Police Purple Heart and in 1995 was inducted into the American Police Hall of Fame, Legion of Honor. Mitch has been investigating cybercrimes since 2003. He currently holds a number of computer industry technology certifications, including Microsoft Certified Systems Engineer (MCSE), Microsoft Certified Professional with Internet Expertise (MCP+I), A+ Certified Computer Technician, Certified Internet Webmaster – Professional (CIW-P), Certified Computer Examiner (CCE), and Magnet Certified Forensics Examiner (MCFE). Moreover, Mitch has investigated over 2000 technology-related cases and has conducted over 2500 digital examinations, resulting in hundreds of arrests and convictions. In addition to his work at the Cyber Crimes Unit, Mitch is also an adjunct faculty member at the University of Notre Dame, where he currently teaches three undergraduate courses; 1) Introduction to Digital Forensics, 2) Advanced Digital Forensics, and 3) Forensic Psychology – Threat Assessments. Moreover, he conducts research that focuses on constructing algorithms to be used in predictive text analysis on Internet communications of child sexual offenders. Mitch has authored multiple peer-reviewed journal publications and academic conference presentations, both domestic and international, related to the psychology and communications of Internet child sexual offenders. Finally, Mitch also works as a contract trainer for Magnet Forensics.

Arnold Guerin

Sergeant, RCMP National Child Exploitation Coordination Centre

Presentation: Collaboration to Combat Online Child Sexual Exploitation

Read Description

Arnold Guerin has been seconded to the RCMP Canadian Police Centre for Missing and Exploited Children/Behavioural Sciences Branch (CPCMEC/BSB) for over 10 years. He is responsible for replacing the CETS program with Hubstream and for rolling out Project VIC Canada. Arnold has considerable experience in combating child exploitation, first working with aboriginal communities, then the Saanich Police Departments Child Abuse Team. Arnold now works in the CPCMEC/BSB Technology Section and has been pivotal in developing new tools to automate the gathering of intelligence of online child exploitation. He has also worked with leading computer forensic companies to develop public-private partnerships to aid the police in their effort to combat online child sexual exploitation. Finally, Arnold has been responsible for developing a strategy to implement an automated IT approach to "An Act Respecting the Mandatory Reporting of Internet Child Pornography by Persons who Provide an Internet Service," to collect complaints from Canadian companies of online child sexual exploitation.

Alexis Brignoni

Digital Forensics Examiner, Federal Law Enforcement

Presentation: Unsupported Apps. What Can Be Done? A Methodological Approach to Mobile App Forensics/Member of Mobile Panel

Read Description

Alexis Brignoni has been serving the area of Orlando, Florida for the last 11 years as a Special Agent of a federal law enforcement agency. A native of San Puerto Rico, he has a Bachelor's in Computer Science and an MBA in Management of Information Systems. Before working as a digital forensics examiner, he was a case agent tasked with investigating online crimes against children, network intrusions and online fraud among others. Currently holding multiple digital forensics certifications, Alexis Brignoni has been focused on mobile app digital forensics as an area of interest due to the ever-evolving challenge of parsing a never-ending stream of new applications for relevant data. He can be reached online via Twitter @AlexisBrignoni and on his blog at abrignoni.blogspot.com.

Aaron Sparling

Computer Forensic Examiner, Portland Police Bureau

Presentation: Memory Forensics; Using Memory Forensics Analysis to Guide Your Investigation

Read Description

Aaron Sparling is an Officer with the Portland Police Bureau in Portland Oregon where he serves in the Investigations Branch, Homicide Detail/Digital Forensic Unit. Prior to serving in the Digital Forensic Unit, Aaron was assigned to the Criminal Intelligence Unit where he focused on Open Source Intelligence. Aaron has been working in digital forensics for the past six years and has served as a Task Force Officer on the United States Secret Service Electronic Crimes Task Force and is a current member of the Portland FBI/Oregon Cyber Crimes Task Force. Aaron currently serves as the Chairman of the Technical Advisory Council for the US Secret Service National Computer Forensics Institute (NCFI). Aaron has attended numerous computer forensics courses from US Secret Service NCFI, SANS and vendor-specific training and holds a GIAC GREM, GIAC GFCA, GIAC GFCE, GIAC GSEC, CFCE, MCFE and Certified Blacklight Examiner. Aaron instructed the NFCI Python scripting course as well as proctored the Network Investigation, Mac Forensic, Python Scripting and Advanced Forensics courses.

Chet Hosmer

Author, Python Forensics

Presentation: Leveraging PowerShell and Python for Incident Response and Live Forensic Applications

Read Description

Chet Hosmer is the Founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open source investigative technologies using the Python programming language. Chet has been researching and developing technology and training surrounding forensics, digital investigation and steganography for over two decades. He has made numerous appearances to discuss emerging cyber threats including National Public Radio's Kojo Nnamdi show, ABC's Primetime Thursday, and ABC News Australia. He has also been a frequent contributor to technical and news stories relating to cybersecurity and forensics with IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com and Wired Magazine. Chet is the author of six recent Elsevier and Apress Books: Defending IoT Infrastructures with a Raspberry Pi; Passive Python Network Mapping; Python Forensics; Integrating Python with Leading Computer Forensic Platforms; Data Hiding which is co/authored with Mike Raggo; Executing Windows Command Line Investigation, which is co/authored with Joshua Bartolomie and Ms. Rosanne Pelli. Chet serves as a visiting professor at Utica College in the Cybersecurity Graduate program where his research and teaching focus on advanced steganography/data hiding methods and the latest active cyber defense methods and techniques. Chet is also an adjunct professor at Champlain College, where his research and teaching focus on applying the Python programming language to solve challenging problems in digital investigation and forensics.

Tony Knutson

Senior Principal IT Technologist/Forensic Investigator, Medtronic

Presentation: Taking Your Investigations One Step Further, What Else Can You Be Doing?

Read Description

Tony Knutson is currently in a senior forensic investigator role in support of a multitude of corporate-related cases ranging throughout the industry. In a prior life, he was a Senior Digital Forensic Examiner for the Federal Bureau of Investigation in support of a wide array of cases, to include local support and training of local law enforcement. He holds several certs within the Information Security to include GPEN, GWAPT, GAWN, GCIH, GCFA, GCFE, GMOB, GASF, GLEG, along with many vendor-related certifications. He also a currently Certified Fraud Examiner. Tony is also an Air Force veteran and served in Iraq and Central America.

Brian Moran

Digital Strategy Consultant, BriMor Labs

Presentation: IOC Easy as 1-2-3

Read Description

Brian is a digital forensic analyst currently residing in the Baltimore, Maryland area. He has approximately 15 years of experience in the cyber security field, with 10 of those years focusing on digital forensics/incident response (DFIR), both in the United States Air Force and the private sector. His initial exposure to the DFIR field occurred during a six month deployment to Mosul, Iraq in 2004-2005, when he served on a team that provided mobile device analytic information in support of tactical military operations. During his tenure in the Air Force, he has worked with numerous DoD entities and been invited to speak and share information at several intelligence community events. After his military service ended, he entered the private sector and has worked (globally) on a wide range of cases. His favorite aspect of this DFIR field is that it is always changing and evolving; and every case has unique problems, questions, and solutions. Find him on Twitter: @brianjmoran.

Todd Mesick

Todd Mesick

Lead Forensic Analyst, Precision CastParts Corp

Presentation: IOC Easy as 1-2-3

Read Description

Todd Mesick has over 5 years' experience in network, malware, threat intelligence and system forensics. His 19 year IT career started out as a help desk technician, to administration of networks and systems in both heavy Microsoft and UNIX environments. Todd has worked in roles that cover database administration, network monitoring and a host of infrastructure support/administration. Todd obtained his Masters’ Degree in Digital Forensic Science from Champlain College, focusing on scaled Incident Response, and holds GCFE, GCFA, GNFA, GREM, and several Splunk certifications.

Cindy Murphy

President, Forensics, Gillware

Presentation: Adapt, Overcome: A New Mantra for Digital Forensics Professionals/Member of Mobile Panel

Read Description

With over 30 years as a law enforcement officer and over 20 years working in digital and mobile forensics, Cindy is well-known in the industry for her deep knowledge of the field, her many years of experience, and for solving new and difficult problems on a consistent basis. She is a certified forensic examiner and obtained her M.Sc. in Forensic Computing and Cyber Crime Investigation through University College, Dublin in 2011 where she completed her dissertation titled “A Multidisciplinary Approach to Child Age Estimation”. She has completed a great number of digital and mobile forensics training programs over the course of her career, and has also participated in cross-training with computer forensic examiners from the FBI, Secret Service, Royal Canadian Mounted Police, and An Garda Siochana (the police force of Ireland), among other noteworthy qualifications. Cindy has been teaching digital and mobile forensics since 2002 for various public and private teaching programs and has been involved in the development of curriculum for digital and mobile device forensics. She has helped to establish two separate digital forensics labs and networks in law enforcement and educational environments. Cindy has testified as a digital and mobile forensics expert in both state and federal courts on numerous occasions, has presented internationally on various digital forensics and cybercrime topics, and she frequently contributes articles, webinars, and whitepapers to the forensics community. Cindy is also a veteran, a mother, a musician (4- and 5-string banjo, cello, tenor guitar, mandolin and ukulele), a protester for first amendment rights, a Brittany Spaniel enthusiast, and an expert knot tier. As President of Gillware Digital Forensics, Cindy oversees the entire operation, from the procedures and quality assurance measures employed in the processing of every case, to her work with our engineering team on advanced digital forensics tools and techniques. Cindy ensures that Gillware remains at the forefront of the digital forensics industry.

Jonathan Rajewski

Director, Senator Patrick Leahy Center for Digital Investigation - Champlain College

Presentation: Internet of Things Forensics

Read Description

Jonathan T. Rajewski, MS, CCE, EnCe, CISSP, CFE, TJFC, is the Founder & Director of the Senator Patrick Leahy Center for Digital Investigation at Champlain College in Burlington, Vermont. He is also an Associate Professor of Cyber Security and Digital Forensics. Jonathan leads research projects and cyber security/digital forensic investigations for corporate, nonprofit and governmental entities. He has a passion for helping others understand extremely complex technical topics and cybercrime investigations which compliments his abilities to teach, empower and advise organizations on how to properly approach the ever-evolving threats on the Internet. Mr. Rajewski serves on the Governor’s Cybersecurity Advisory Team in Vermont. He was the founding Chairman of the Board of Directors for BTVIgnite, which is an independent nonprofit dedicated to fostering creation of the next generation of the internet, sparking new business opportunities and profoundly impacting how Americans work, live, learn and play. Currently Mr. Rajewski is an active member of the board. He has presented on the TEDx stage in Buffalo, New York, been awarded the 4 under 40 award from his undergraduate alma mater, Hilbert College (Hamburg, New York) and received the C. Bader Alumni Leadership Award from his graduate alma mater, Champlain College. In 2011, he also has been recognized as the Digital Forensic Examiner of the Year by Forenisc4Cast. Jonathan lives in Vermont, USA with his wife and two children. He can be found on Twitter @jtrajewski.

Panelists

Dr. Aury Curbelo headshot

Dr. Aury M. Curbelo

CEO, Digetech

Member of Corporate Panel

Read Description

In addition to being CEO of Digitech, a Cyber Security and Digital Forensic Consulting firm, Aura is also an international speaker with expertise in areas such as ethical hacking, network security, digital forensics, social engineering, business continuity, disaster recovery and Blockchain technologies. Dr. Curbelo received the Community Service Star Award 2012 from the International Information Systems Security Certification Consortium (ICS2) for developing a cyber security awareness campaign for teens in Puerto Rico. She also has participated in DEF CON, one of the world's largest hacker conventions, held annually in Las Vegas, competing at the Capture The Flag Social Engineering Village.

Warren Kruse

VP, Consilio

Member of Corporate Panel

Read Description

Warren G. Kruse II is a Vice President of Data Forensics with Consilio, which provides electronic discovery, data forensics, cyber security/incident response and consulting services to assist with litigation, compliance, and investigations. He is co-author of the book “Computer Forensics: Incident Response Essentials,” published by Addison Wesley.

Heather Smith

Sr. Digital Forensics and Incident Response Analyst, Cylance

Member of Corporate Panel

Read Description

Heather Smith is a Senior Digital Forensics and Incident Response practitioner at a Fortune Global 500, and an Adjunct Professor of Digital Forensics at Richland College in Dallas. She holds a Master's of Cybersecurity in Digital Forensics from the University of South Florida. Heather volunteers for local law enforcement during off-hours providing OSINT strategies and training for officer support.

Christopher Atha

High-Tech Crime Specialist, NW3C

Member of Mobile Panel

Read Description

Christopher Atha is a High-Tech Crime Specialist with the NW3C and is the Technical Lead of the Advanced Mobile Device Investigations team. Prior to the NW3C, Christopher was the lead analyst and investigator for the electronic crimes unit of the Kanawha County Sheriff's Office and an active member of the United States Secret Service, ECTF. Currently, Christopher lives in Charleston, WV with his wife and two children, and outside of forensics, enjoys rock climbing, skiing, and whitewater kayaking.

TracyAnn Eggen

Managing eDiscovery Solution for Enterprise wide Investigation and Litigation, Dignity Health

Member of Corporate Panel

Read Description