Whether performing an in-depth investigation or merely quick research, the investigator and the investigation itself is exposed to certain risks. This talk covers both sides of the coin. In the first part, it shows what what information is being leaked by the investigator in the course of their activity on the internet and techniques the adversary can use to fingerprint them. In the second part, the talk covers techniques which the investigator can use to minimize the disclosure of information and protect themselves.
Krassimir Tzvetanov is on the security team at Fastly, a high performance CDN designed to accelerate content delivery as well as serve as a WAF and a shield against DDoS attacks. His current focus is on incident response and security systems architecture. In the past he worked for hardware vendors like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation features, product security and best security software development practices. Before joining Cisco, Krassimir was Dedicated Paranoid (security) at Yahoo!, Inc. where he focused on designing and securing the edge infrastructure of the production network. Part of his duties included dealing with DDoS and abuse. Before Yahoo! Krassimir worked at Google, Inc. as an SRE for two missing critical systems, the ads database supporting all incoming revenue from ads and the global authentication system which served all of the company applications. Krassimir is very active in the security research and investigation community, has number of contributions to FIRST SIGs, as well as participates in the Honeynet Project. In addition, Krassimir ran the BayThreat security conference and has contributed to a number of other events like DefCon, where he ran the Radio Communications group, and ShmooCon and DC650. Krassimir holds Bachelors in Electrical Engineering (Communications) and Masters in Digital Forensics and Investigations.