Special Guest: Guillermo Christensen – Ice Miller, Partner (CBS) DFIR Legal Hotspots

In this episode, we are joined by Guillermo Christensen who will be discussing DFIR legal hotspots. Christensen is a lawyer and a partner in a data security and privacy practice that frequently works with National Security in Washington D.C. Before becoming a lawyer, his work in the world of intelligence was within the CIA for about 20 years.

As a disclaimer, Christensen would like to emphasize that he is discussing his opinions in this episode, and none of what he says should be considered legal advice for you, your clients, or your friends. This is a platform to learn about some of the issues that exist in the world of intelligence, with an emphasis on the legal side.

Christensen will be focusing on three things:

  1. OFAC and Ransomware – Earlier this year, OFAC (The Office of Foreign Assets Control) warned everyone who is involved in the ransomware payment chain that doing so can put you at risk if you are involved with making payments to people on the SDN list (also known as the blacklist).

    Even if you do not know that you are making such a payment, it is still a violation of the law as there is no intent required to violate this law. There are many cyber actors on the SDN list and paying or facilitating payments to an SDN on behalf of a victim of ransomware violates OFAC sanctions.

  2. Dark web intel collection – Companies need to know and understand how far they can go in dealing with suspicious people within the dark web. There is a lot of amazing intelligence to be gathered from the dark web, but as with OFAC, you are most likely dealing with criminals and need to be aware of the risks.

  3. Privilege – There is a lot of confusion in the IR environment surrounding legal privilege. New litigation and interest are coming up in the realm of privilege and the reports that incident responders produce and it is constantly changing.

Listen to the full episode to learn more about the world of DFIR legal hotspots.


You can access the presentation slides at: CAD Cellebrite Discussion

To view the OFAC ransomware advisory: OFAC Ransomware Advisory

Department of Justice Cybersecurity Unit: Dark Web Legal Considerations

Share this post