Malware Forensics:   
                             Investigating and Analyzing Malicious Code
About the Authors & Technical Editor



Cameron H. Malin is Special Agent with the Federal Bureau of Investigation assigned to a Cyber Crime squad in Los Angeles, California, where he is responsible for the investigation of computer intrusion and malicious code matters.

Mr. Malin is a Certified Ethical Hacker (CEH) as designated by the International Council of Electronic Commerce Consultants (EC-Council), a Certified Information Systems Security Professional (CISSP), as designated by the International Information Systems Security Certification Consortium (“(ISC) 2 ”), a  GIAC Certified Intrusion Analyst (GCIA), and GIAC Certified Forensics Analyst (GCFA), as designated by the SANS Institute.

Mr. Malin currently sits on the Editorial Board of the International Journal of Digital Evidence (IJDE) and is a Subject Matter Expert for the Information Assurance Technology Analysis Center (IATAC). Prior to working for the FBI, Mr. Malin was an Assistant State Attorney (ASA) and Special Assistant United States Attorney (SAUSA) in Miami, Florida, where he specialized in computer crime prosecutions. During his tenure as an ASA, Mr. Malin was also an Assistant Professorial Lecturer in the Computer Fraud Investigations Masters Program at George Washington University.




 

Eoghan Casey is an Incident Response and Digital Forensic Analyst, responding to security breaches and analyzing digital evidence in a wide range of investigations, including network intrusions with international scope. He has extensive experience using digital forensics in response to security breaches to determine the origin, nature and extent of computer intrusions, and has utilized forensic and security techniques to secure compromised networks. He has performed hundreds of forensic acquisitions and examinations, including e-mail and file servers, handheld devices, backup tapes, database systems, and network logs. 

Mr. Casey is a leading authority in his areas of expertise and has written and lectured extensively both in the United States and abroad, including at conferences sponsored by the Digital Forensics Research Workshop, High Tech Crime Investigators Association, SEARCH, SecureIT, and Infragard.  He is the author of the widely used textbook Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet (Academic Press, 2004).  He is also editor of the Handbook of Computer Crime Investigation, and coauthor of Investigating Child Exploitation and Pornography.  Mr. Casey is editor-in-chief of Elsevier's international journal of Digital Investigation, which publishes articles on digital forensics and incident response on a quarterly basis.   (For a detailed listing of Mr. Casey's publications, please refer to his web site).

As a Director of Digital Forensics and Investigations at Stroz Friedberg, he co-managed the firm’s technical operations in the areas of computer forensics, cyber-crime response, incident handling, and electronic discovery. In addition, he maintained an active docket of cases himself, testified in civil and criminal cases, and submitted expert reports and prepared trial and grand jury exhibits for computer forensic and cyber-crime cases. Mr. Casey also spearheaded Stroz Friedberg’s external and in-house forensic training programs as Director of Training.

Before working at Stroz Friedberg, Mr. Casey assisted law enforcement as a consultant in numerous criminal investigations involving on-line criminal activity and digital evidence relevant to homicides, child exploitation and other types of cases. As an Information Security Officer at Yale University, from 1999 to 2002, and in subsequent consulting work, he has performed vulnerability assessments, handled critical security breaches and policy violations, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs.  Since 1996, Mr. Casey has offered on-line and in-person training.  Mr. Casey’s courses cover digital forensics, incident handling, and intrusion investigation.  Mr. Casey also served, from 1991 to 1995, as a Senior Research Assistant and Satellite Operator at NASA’s Extreme UV Explorer Satellite Project, where he wrote computer programs to automate routine and safety-critical satellite operations procedures and created and maintained a Sybase SQL database.

Mr. Casey holds a B.S. in Mechanical Engineering from the University of California at Berkeley, and an M.A. in Educational Communication and Technology from New York University.



 

James M. Aquilina
is an Executive Managing Director and Deputy General Counsel of Stroz Friedberg, a technical services and consulting firm specializing in digital computer forensics; electronic data preservation, analysis, and production; computer fraud and abuse response; and computer security. Mr. Aquilina contributes to the management of the firm and the handling of its legal affairs, in addition to having overall responsibility for
the Los Angeles office. He supervises numerous digital forensic and electronic discovery assignments for government agencies, major law firms, and corporate management and information systems departments in criminal, civil, regulatory and internal corporate matters, including matters involving e-forgery, wiping, mass deletion and other forms of spoliation, leaks of confidential information, computer-enabled theft of trade secrets, and illegal
electronic surveillance. He has served as a neutral expert and has supervised the court-appointed forensic examination of digital evidence. Mr. Aquilina also has led the development of the firm’s online fraud and abuse practice, regularly consulting on the technical and strategic aspects of initiatives to protect computer networks from spyware and other invasive software, malware and malicious code, online fraud, and other forms of illicit Internet
activity. His deep knowledge of botnets, distributed denial of service attacks, and other automated cyber-intrusions enables him to provide companies with advice and solutions to tackle incidents of computer fraud and abuse and bolster their infrastructure protection.

Prior to joining Stroz Friedberg, Mr. Aquilina was an Assistant U.S. Attorney in the Criminal Division of the U.S. Attorney’s Office for the Central District of California, where he most recently served as a Computer and Telecommunications Coordinator in the Cyber and Intellectual Property Crimes Section. He also served as a member of the Los Angeles Electronic Crimes Task Force and as chair of the Computer Intrusion Working Group, an inter-agency cyber-crime response organization. As an Assistant, Mr. Aquilina conducted and supervised investigations and prosecutions of computer intrusions, extortionate denial of service attacks, computer and Internet fraud, criminal copyright infringement, theft of trade secrets, and other abuses involving the theft and use of personal identity. Among his notable cyber cases, Mr. Aquilina brought the first U.S. prosecution of malicious botnet activity for profit against a prolific member of the “botmaster underground” who sold his armies of infected computers for the purpose of
launching attacks and spamming, and used his botnets to generate income from the surreptitious installation of adware; tried to jury conviction the first criminal copyright infringement case involving the use of digital camcording equipment; supervised the government’s continuing prosecution of Operation Cyberslam, an international intrusion investigation involving the use of hired hackers to launch computer attacks against online business competitors; and oversaw the collection and analysis of electronic evidence relating to the prosecution of a local terrorist cell operating in Los Angeles.

During his tenure at the U.S. Attorney’s Office, Mr. Aquilina also served in the Major Frauds and Terrorism/Organized Crime Sections where he investigated and tried numerous complex cases, including a major corruption trial against an IRS Revenue Officer and public accountants; a fraud prosecution against the French bank Credit Lyonnais in connection with the rehabilitation and liquidation of the now defunct insurer Executive Life; and an extortion and kidnapping trial against an Armenian organized crime ring. In the wake of the September 11, 2001
attacks, Mr. Aquilina helped establish and run the Legal Section of the FBI’s Emergency Operations Center.

Before public service, Mr. Aquilina was an associate at the law firm Richards, Spears, Kibbe & Orbe in New York, where he focused on white collar work in federal and state criminal and regulatory matters. Mr. Aquilina served as a law clerk to the Honorable Irma E. Gonzalez, U.S. District Judge, Southern District of California. He received his B.A. magna cum laude from Georgetown University, and his J.D. from the University of California, Berkeley, School of Law, where he was a Richard Erskine Academic Fellow and served as an Articles Editor and Executive Committee Member of the California Law Review. He currently serves as an Honorary Council Member on cyber law issues for the International Council of E-Commerce Consultants (EC Council), the organization that provides the CEH (Certified Ethical Hacker) and CHFI (Certified Hacking Forensic Investigator) certifications to leading security industry professionals worldwide. 



About the Technical Editor

       

Curtis W. Rose
is the Founder and Managing Member of Curtis W. Rose & Associates LLC, a specialized services company which provides Computer Forensics, Expert Testimony, Litigation Support and Computer Intrusion Response and Training to commercial and government clients. Mr. Rose is an industry-recognized expert in computer security with over twenty years experience in investigations, computer forensics, technical and information security.

Mr. Rose was an author of Real Digital Forensics: Computer Security and Incident Response , and was a contributing author or technical editor for many security books including, Anti-Hacker Toolkit; Network Security: The Complete ReferenceIncident Response: Investigating Computer Crime, 2nd Edition; and SQL Server Forensic Analysis. He has also published white papers on advanced forensic methods and techniques, to include Windows Live Incident Response Volatile Data Collection: Non-Disruptive User & System Memory
Forensic Acquisition
, March 2003.