Andrew Case
Director of Research, Volexity
Director of Research, Volexity
Andrew Case is an incident response handler and malware analyst. He has conducted numerous large-scale investigations that span enterprises and industries. Case’s previous experience includes penetration tests, source code audits, and binary analysis. Case is the co-developer of Registry Decoder, a NIJ funded forensics application, as well as a developer of the Volatility memory analysis framework. He is a co-author of the highly popular and technical forensics analysis book “The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory.” Case has presented at conferences, including RSA, Black Hat, SOURCE, BSides, DFRWS, SecTor and OMFW. In 2013, Case was voted Digital Forensics Investigator of the Year by his peers within the forensics community.