Portland Police Bureau Fraud Investigation Case Study – Part 3: Unpacking Binary with a Review of the First Two Parts
Special Guest: Aaron Sparling – Portland Police Bureau
Building on the two previous episodes of this “Case Walk Through,” Aaron Sparling will be rejoining us to discuss this case study in further detail.
Aaron, an officer at the investigative branch of the forensic evidence division of the Portland Police Bureau, will be continuing this study by doing a short recap on part 1 and part 2 of this series where we obtained a good scope of the incident, collected memory (RAM), and triaged images of selected endpoints.
In this episode, he will explain how he fully unpacked the binary code.
Recap of the Case Outline
- It originated as a white-collar crime
- Payroll fraud or theft
- Small business
- “No” known starting point
- The team could not stop or interrupt production
- (1) server and (5) workstations
Although the case is two years old, it involves malware variants that are still relevant today.
Listen to the full episode to hear about how Aaron unpacked the binary code in this unique case study.