Special Guest: Aaron Sparling – Portland Police Bureau

Building on the video “Case Walk Through,” Aaron Sparling will be rejoining us to discuss this case study in further detail. Aaron, who works for the Portland Police Bureau, will be using data from a real case that he received consent to share to continue with his step-by-step explanation of how they worked through this case.

Although the case is two years old, it involves malware variants that are still relevant today. Here are the details of the case:

  • Required an assist to a fraud investigation, not an incident response case

  • Fraudulent payroll reductions were being taken out of the account of a local business and no one was sure how it was occurring

  • The original investigative unit did not have the technical aptitude to understand what was going on, which is why they brought in Aaron

  • Investigators were not sure if it was an insider job or some sort of malware in the system (possibly a banking trojan)

  • No kick-off points other than a few dates that were associated with the fraudulent activity

Watch the full episode to understand the detailed step by step of how they solved this complicated case.

Share this post