FacultyFaculty/Author Profile
Joseph W. Shaw

Joseph W. Shaw

KPMG LLP
Manager, Forensic Technology
Dallas, TX, USA


Background

Joseph is a manager in KPMG’s Forensic Technology Services practice with more than 19 years of computer forensic, information security and network administration experience. He has a strong background and experience in enterprise-wide  computer forensic investigations, incident response, electronic discovery  collections, security risk assessment, security event analysis, vulnerability assessments, and penetration testing.  Joseph has received over 400 hours of training in computer forensics, electronic discovery, incident response, and network security.


Relevant Experience

Joseph has been responsible for the training of computer examiners around the world in the methodology of mobile device and computer forensics, both to domestic corporate and law enforcement students, as well as to friendly foreign government law enforcement and military personnel through the US Department of State’s Antiterrorism Assistance task force.  Joseph has been the lead examiner for over fifty cases and has actively managed all aspects of each case.  He has performed forensic preservation and analysis on hundreds of computers and removable devices in support of corporate, civil, and government investigations, and has worked extensively with investigations involving law enforcement, including the FBI and US Secret Service.

Incident Response

  • Served as engagement manager and primary analyst for multiple intrusion investigations into the oil/energy sector. Managed the identification, preservation, and analysis of several dozen machines per engagement, as well as identification and analysis of hostile code used in the intrusions, which allowed us to show whether the intrusions were part of a larger campaign or separate. Identified and created Indicators of Compromise in each investigation for use in both host and network analysis to identify additional compromised machines.We were then able to identify and establish lateral movement from infected machines to internal infrastructure, and identified sensitive corporate data that had been exfiltrated as part of the intrusion.
  • Led several investigations into fraud caused by spearphishing/whaling schemes used to steal millions of dollars from multiple targets. We were able to determine that there was a connection between each of the attempts, and identified a ring of known Nigerian fraud perpetrators who were conducting the campaign. Helped identify technical/non-technical deficiencies that allowed the fraud to occur and helped design supplemental safeguards and training materials to ensure that no fraud happened that way in the future.
  • Served as the lead investigator for an intrusion at a regional on-line retailer. The personal information and credit card records of several thousand customers were captured and exfiltrated from their network due to a compromise in their ecommerce framework. The investigation required the analysis of millions of log file entries to find indicators of attack, exploitation, and data exfiltration. We were able to confirm that the web site had been compromised, as well as determine the timeline of compromise, the exploitation vector, how they maintained control
Share
Email

  • FOLLOW PLI:
  • twitter
  • LinkedIn
  • GooglePlus
  • RSS

All Contents Copyright © 1996-2017 Practising Law Institute. Continuing Legal Education since 1933.

© 2017 PLI PRACTISING LAW INSTITUTE. All rights reserved. The PLI logo is a service mark of PLI.