#CSW2024 | Bulletproof Forensics: Planning & Executing Private Search Orders
Wed 28 Feb 2024 12:00 AM - 12:45 AM GMT
Online, Zoom
Description
Mark Cunningham-Dickie is a seasoned digital forensics and Incident Response Expert.
Mark's experience comes from a career of more than 15 years at different police posts in Scotland, the SBRC and now Quorum Cyber.
According to his bio:
I deal with cyber incidents all over the world. Cloud computing and remote working have enabled Incidents to be managed and investigated from pretty much anywhere in the world; though I must confess that during particularly severe incidents having a presence on-site is useful for both parties and helps the humans involved to understand and recover, not just the machine (Never underestimate the power of physical being there for a distressed human or organisation).
And this is what I enjoy: Being there to help people. Working through the phases of incident response, making sure that whatever has happened is isolated appropriately while making sure that the impacted organisation can continue to function as much as possible. I work long hours wading through logs, analysing memory and disk images, pulling apart malware and obfuscated code, understanding timelines, and finding answers to questions like: how did they get in? what did they do? Are there any persistence mechanisms? What else is compromised? Is everything contained? how can we remove or repair the damage done? who was the threat actor?....etc…etc…
I lead a small but brilliant and dedicated team of Incident Response and Digital Forensic Consultants and pull analysts from the SOC (when/where possible) to help train them in incident response and forensic techniques so that they can develop and gain greater understanding and insight into the impacts of the alerts they see and open up potential career path progression.