Mark Cunningham-Dickie is a seasoned digital forensics and Incident Response Expert.
Mark’s experience comes from a career of more than 15 years at different police posts in Scotland, the SBRC and now Quorum Cyber.
Today Mark is going to talk about Planning & Executing Private Search Orders. Drawn from decades of experience, this presentation promises to teach you a lot and it is certainly not the one to miss!
About Mark
Mark deals with cyber incidents all over the world. Cloud computing and remote working have enabled Incidents to be managed and investigated from pretty much anywhere in the world; though he confesses that during particularly severe incidents having a presence on-site is useful for both parties and helps the humans involved to understand and recover, not just the machine (Never underestimate the power of physical being there for a distressed human or organisation).
And this is what he enjoys: Being there to help people. Working through the phases of incident response, making sure that whatever has happened is isolated appropriately while making sure that the impacted organisation can continue to function as much as possible. He works long hours wading through logs, analysing memory and disk images, pulling apart malware and obfuscated code, understanding timelines, and finding answers to questions like: how did they get in? what did they do? Are there any persistence mechanisms? What else is compromised? Is everything contained? how can we remove or repair the damage done? who was the threat actor?….etc…etc…
Mark leads a small but brilliant and dedicated team of Incident Response and Digital Forensic Consultants and pulls analysts from the SOC (when/where possible) to help train them in incident response and forensic techniques so that they can develop and gain greater understanding and insight into the impacts of the alerts they see and open up potential career path progression.