Home
Publications
Presentations
Utilities
Tools
Blog
Presentations
Beyond Fuzzy Hashing
SANS What Works in Computer Forensics and Incident Response DC, 2010
Abstract/Slides
Next Generation Windows Forensics Panel
What Windows Area Needs Additional Research and Development?
SANS What Works in Computer Forensics and Incident Response DC, 2010
Slides
Windows Memory Forensics and Direct Kernel Object Manipulations
Techno Security, 2010
Abstract/Slides
Windows Memory Analysis
U.S. Naval Academy, April 2010
Slides
BitLocker To Go Forensics
DoD Cyber Crime Conference, 2010
Abstract/Slides
Google Earth Cache File Forensics
DoD Cyber Crime Conference, 2010
Abstract/Slides
Beyond Fuzzy Hashing: The New Similar
DoD Cyber Crime Conference, 2010
Abstract/Slides
The Science of Similar
Virginia Commonwealth University, January 2010
Abstract/Slides
Reverse Engineer File Formats by Searching for Binary Strings
SANS WhatWorks Summit in Forensics and Incident Response, 2009
Slides
Practical Methods for Dealing with Full Disk Encryption
DoD Cyber Crime Conference, 2009
Abstract/Slides
Windows Memory Analysis
The Johns Hopkins University, November 2008
Slides
Using JPEG Quantization Tables to Identify Imagery Processed by Software
Digital Forensic Research Workshop, August 2008
Abstract/Slides
Practical Cryptographic Key Recovery
Open Memory Forensics Workshop, August 2008
Slides
Fuzzy Hashing
United States Secret Service Quarterly Meeting, May 2008
Windows Memory Analysis
Texas State University, Febraury 2008
Abstract/Slides
Open Source in Computer Forensics
Mid-Atlantic HTCIA Meeting, February 2008
Using Digital Ballistics to Find the Smoking Camera
DoD Cyber Crime Conference, 2008
Abstract/Slides
My, You Look Super Fetching Tonight!
DoD Cyber Crime Conference, 2008
Abstract/Slides
Fuzzy Hashing
First Forensic Forum, Torthworth, UK, 2007
Fuzzy Hashing
Conference on Digital Forensics, Security and the Law, 2007
Slides
Recovering Executables from Windows Memory Images
DoD Cyber Crime Conference, 2007
Abstract/Slides
Fuzzy Hashing and Windows Memory Analysis
Regional Computer Forensics Group International Training Symposium, 2006
Abstract/Paper/Slides
Identifying Almost Identical Files Using Context Triggered Piecewise Hashing
Digital Forensic Research Workshop, 2006
Abstract/Paper/Slides
Fuzzy Hashing-Matching Similar Documents
High Technology Crime Investigation Association International
Conference and Expo, 2006
Slides
Winking in the Dark
Texas State University, 2006
Hacker Court
BlackHat Las Vegas, 2004
Hacker Court
BlackHat DC, 2003
Hacker Court
BlackHat Las Vegas, 2003
Open Source in Computer Forensics
Open Standards/Open Source for National and Local eGovernment Programs in the U.S. and EU, 2003
Slides
Preserving the Evidence of Cybercrime
7th Annual Department of Defense Information Assurance Workshop, 2003
Simple But Sound Tools for First Responders
Oregon Center for Advanced Technology Education and Portland State University, 2003
Slides
Counterintelligence Methods
Infowarcon, 2002
Preservation of Fragile Digital Evidence by First Responders
Digital Forensic Research Workshop, 2002
Abstract/Paper
Hacker Court
BlackHat Las Vegas, 2002
Secret and Below Interoperability
AFOSI Computer Crime Workshop, 2001
Voice over IP Made Ridiculously Simple
AFOSI Computer Crime Workshop, 2001
User Level Computer Security
Pentagon Information Assurance Update, July 2001
The State of Computer Crime Today
North Florida Law Enforcement Officers Meeting, September 2000