Eoghan Casey is a digital forensics professional, researcher, and author. Casey has conducted a wide range of digital investigations, including data breaches, fraud, violent crimes, identity theft, and on-line criminal activity. He is also a member of the Digital/Multimedia Scientific Area Committee of the Organization for Scientific Area Committees. [1] He helps organize the digital forensic research DFRWS.org conferences each year, and is on the DFRWS Board of Directors. [2] He has a B.S. in Mechanical Engineering from the University of California, Berkeley, an M.A. in Educational Communication and Technology from New York University, and a Ph.D. in Computer Science from University College Dublin.
Casey has worked as Lead Cyber Security Engineer at The MITRE Corporation, and as R&D Team Lead in the Defense Cyber Crime Institute (DCCI) at the Department of Defense Cyber Crime Center (DC3). He was Director of Digital Forensics and Investigations at the DC office of Stroz Friedberg, and he later co-founded cmdLabs with Christopher Daywalt and Terrance Maguire.
In 2012, he founded the company CASEITE and co-managed the Risk Prevention and Response business unit at DFLabs. [3] [4] Eoghan has helped organizations investigate and manage security breaches, including network intrusions with international scope. He has delivered expert testimony in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases.
He has authored a number of books in the field of digital forensics including Digital Evidence and Computer Crime now in its third edition, the Handbook of Digital Forensics and Investigation, and Malware Forensics. [5] [6] [7]
Casey taught digital forensic to graduate students at Johns Hopkins University Information Security Institute. He also created Smartphone Forensics courses taught worldwide. He has delivered keynotes and taught workshops around the globe on various topics related to data breach investigation, digital forensics and cyber security.
Casey is Editor-in-Chief of the journal Digital Investigation: The International Journal of Digital Forensics and Incident Response. [8]
Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.
Computer forensics is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.
In evidence law, digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial. Before accepting digital evidence a court will determine if the evidence is relevant, whether it is authentic, if it is hearsay and whether a copy is acceptable or the original is required.
Digital forensics is a branch of forensic science encompassing the recovery, investigation, examination, and analysis of material found in digital devices, often in relation to mobile devices and computer crime. The term "digital forensics" was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. With roots in the personal computing revolution of the late 1970s and early 1980s, the discipline evolved in a haphazard manner during the 1990s, and it was not until the early 21st century that national policies emerged.
Anti–computer forensics or counter-forensics are techniques used to obstruct forensic analysis.
A data breach, also known as data leakage, is "the unauthorized exposure, disclosure, or loss of personal information".
Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.
The Department of Defense Cyber Crime Center (DC3) is designated as a Federal Cyber Center by National Security Presidential Directive 54/Homeland Security Presidential Directive 23, as a Department of Defense (DoD) Center Of Excellence for Digital and Multimedia (D/MM) forensics by DoD Directive 5505.13E, and serves as the operational focal point for the Defense Industrial Base (DIB) Cybersecurity program. DC3 operates as a Field Operating Agency (FOA) under the Inspector General of the Department of the Air Force.
The digital forensic process is a recognized scientific and forensic process used in digital forensics investigations. Forensics researcher Eoghan Casey defines it as a number of steps from the original incident alert through to reporting of findings. The process is predominantly used in computer and mobile forensic investigations and consists of three steps: acquisition, analysis and reporting.
The Trojan horse defense is a technologically based take on the classic SODDI defense, believed to have surfaced in the UK in 2003. The defense typically involves defendant denial of responsibility for (i) the presence of cyber contraband on the defendant's computer system; or (ii) commission of a cybercrime via the defendant's computer, on the basis that a malware or on some other perpetrator using such malware, was responsible for the commission of the offence in question.
High Technology Crime Investigation Association (HTCIA) is an international non-profit professional organization devoted to the prevention, investigation, and prosecution of crimes involving advanced technologies. Author and cybercrime expert, Christopher Brown, described HTCIA as "one of the largest and most respected" associations of its kind.
Jonathan Grier is a computer scientist, consultant, and entrepreneur. He is best known for his work on stochastic forensics and insider data theft. He has also contributed to computer security, digital forensics, and software development.
The Scientific Working Group on Digital Evidence (SWGDE) is a group that brings together law enforcement, academic, and commercial organizations actively engaged in the field of digital forensics to develop cross-disciplinary guidelines and standards for the recovery, preservation, and examination of digital evidence. It was supported by the United States Federal Bureau of Investigation, but after 2014 is under the National Institute of Standards and Technology.
Cyber threat intelligence (CTI) is knowledge, skills and experience-based information concerning the occurrence and assessment of both cyber and physical threats and threat actors that is intended to help mitigate potential attacks and harmful events occurring in cyberspace. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence, device log files, forensically acquired data or intelligence from the internet traffic and data derived for the deep and dark web.
Fileless malware is a variant of computer related malicious software that exists exclusively as a computer memory-based artifact i.e. in RAM. It does not write any part of its activity to the computer's hard drive, thus increasing its ability to evade antivirus software that incorporate file-based whitelisting, signature detection, hardware verification, pattern-analysis, time-stamping, etc., and leaving very little evidence that could be used by digital forensic investigators to identify illegitimate activity. Malware of this type is designed to work in memory, so its existence on the system lasts only until the system is rebooted.
Josh Brunty is a professor of digital forensics at Marshall University in Huntington, West Virginia. He is a member of the Digital Evidence Subcommittee of the NIST Organization of Scientific Area Committees for Forensic Science.
William "Chuck" Easttom II is an American computer scientist specializing in cyber security, cryptography, quantum computing, and systems engineering.
Ali Dehghantanha is an academic-entrepreneur in cybersecurity and cyber threat intelligence. He is a Professor of Cybersecurity and a Canada Research Chair in Cybersecurity and Threat Intelligence.