1. Home
  2. All Speakers
  3. Andrew Case
Andrew Case

Andrew Case

Malware Analyst

Andrew Case is a senior incident response handler and malware analyst. He has conducted numerous large-scale investigations that span enterprises and industries. Andrew’s previous experience includes penetration tests, source code audits, and binary analysis. Andrew is the co-developer of Registry Decoder, a National Institute of Justice funded forensics application, as well as a developer on the Volatility memory analysis framework. He is a co-author of the highly popular and technical forensics analysis book “The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory”. He has delivered trainings in the fields of digital forensics and incident response to a number of private and public organizations as well as at industry conferences. Andrew’s primary research focus is physical memory analysis, and he has published a number of peer-reviewed papers in the field. He has presented his research at conferences including Black Hat, RSA, SOURCE, BSides, OMFW, GFirst, and DFRWS.

My Sessions

View full schedule
2022
October 5, 2022

New Memory Forensics Techniques to Defeat Device Monitoring Malware

1:30 pm - 2:30 pm Tech 1 (718A)
Tech
2016
October 19, 2016

Utilizing Memory and Network Forensics for Scalable Threat Detection and Response

10:15 am - 11:15 am Tech 3 (801A)
Tech
2014
October 21, 2014

Unmasking Careto through Memory Analysis

- Expo Theatre (Hall G)
Tech
View full schedule