Josh Lemon

Josh Lemon is a Managing Director at Ankura, leading their Digital Forensics and Incident Response practice in Australia where he assists government and commercial clients with sophisticated compromises, maturing their cyber defence and response programs, and threat hunting for malicious adversaries. He is also a Certified Instructor for the SANS Institute where he teaches the “Advanced Incident Response and Threat Hunting” (FOR508) and the “Advanced Network Forensics” (FOR572) courses.

Josh has over a decade of experience in the incident response and digital forensic industry, he previously worked as a Director at in their international Salesforce Security Response Centre (SSRC), where he headed up the team responsible for looking at new cutting edge ways to approach incident response at scale. He has also held the role of CSIRT Manager for the Commonwealth Bank of Australia, and as a Managing Consult for BAE Systems Applied Intelligence where he was responsible for all technical cybersecurity services for the Asia Pacific region, including, overseeing large and complex incident response and offensive security engagements.

Digital Forensics for Compressed Files

How and when timestamps change on a Windows system are well documented, but what happens to timestamps when threat actors ZIP/RAR/CAB up all the data they have collected in your network and exfiltrate it?

Read More