Steve Anson (Director, Forward Discovery)

Presentation Title: Filesystem Forensics: Are you Pwned?
Presentation Abstract:

One of the first, and most difficult, questions asked in any computer intrusion response is “Are we actually victims?” This talk will outline many of the technical and non-technical indicators of computer intrusions and provide a brief overview of triage and response techniques to use when an incident is suspected. From computer forensic indicators, to log analysis tips, to behavioral clues, this talk will provide you with the key things to look for to know when you are no longer the owner of your system.

About Steve

Prior to becoming a Director at Forward Discovery, Steve Anson was a special agent with the Department of Defense criminal Investigative Service, where he investigated cyber attacks against its global Information grid, the world’s largest computer network. In this role, he oversaw international computer crime investigations with substantial impact to America’s national security.

Anson also previously served as an instructor for the Federal Bureau of Investigation, where he trained hundreds of veteran FBI cyber-crime agents in the investigation of computer network intrusion and other computer crimes. In this role, Anson also trained agents for the U.S. Secret Service, the Naval Criminal Investigative Service, the Department of Energy, the U.S. Air Force, the Defense Criminal Investigative Service, the U.S. Army and many international agencies.

As a Task Force Agent for the FBI, Anson had the opportunity to conduct investigations into international espionage, computer network intrusions, domestic and international terrorism, fraud, crimes against children and other cases involving the criminal use of computers. In his experience as an instructor for the U.S. State Department, Anson trained law enforcement, prosecutors and judges in a wide range of countries, including Kazakhstan, Egypt, Jordan, Senegal and Bangladesh, in cyber crime investigation and computer forensics, helping these nations establish a cyber investigative capability.

Throughout his career, Anson has received a number of industry credentials, which include: certified Information Systems Security Professional (CISSP), Encase® certified Examiner (EnCE®), Microsoft Certified Systems Engineer (MCSE), Department of Defense Certified Computer Crime Investigator and Seized Computer Evidence Recovery Specialist (SCERS). Anson is the co-author of Mastering Windows Network Forensics and Investigations from Wiley Publishing.