Digital Intelligence Investigations presented at BSidesLondon 2019

by James ,

Summary : Cyber investigations are hard, and tying an online identity to someone in real life is tricky. Despite what others may have you believe, there is no "magic technique" or "secret method" that makes these investigations easy. It takes a lot of incredibly hard work, often a lot of time, and the realist is that most cases simply go unsolved. But - when you do solve one - it's incredible. My talk will walk you through two very different cyber investigations. One involved us attributing a mass-phishing campaign to what appeared to be a legitimate organisation in the Asia Pacific; the second recounts how we investigated whistle-blowing allegations that the General Manager of a Latin American manufacturing firm was collaborating with a local cartel. These investigations both posed unique challenges, and we had to implement different approach for collecting, interpreting, and assessing information. My talk will highlight some of the problems we identified during these investigations, outline how we solved them, and discuss the value of what we learned for next time.