John B. Baird
Computer Forensic Portfolio
Open to relocation
johnbairdpc at gmail dot com
Interned as a computer forensic analyst working on a case where a number of victims were reporting unauthorized credit card purchases with packages sent to vacant homes. A victim volunteered their hard drive to preform a forensic investigation. Once I created a digital profile of a suspect, a Vermont FBI agent assisted in sending 2703(f) letters to request preservation of data to CitiCard, Newegg, UPS, Google and Verizon. With this information I was able to identify the suspect. The special agent determined the suspect’s unsecured wireless network was hacked and was a victim and not a perpetrator. The true suspect(s) were operating out of Romania. My role in the case concluded without identifying the suspect(s).
Interned as a computer forensic analyst performing a network forensic investigation on a Linux server after an incident response team identified a breach. Victim company suffered a network attack from an outside source. An employee stated that someone had been logging into their account without permission. My report concluded that the attacker gained access to the server because the Linux operating system did not have numerous security patches installed. The attacker was able to exploit a printer service to remotely gain access over the internet. The attacker moved laterally until being able to crack the password of the legitimate user. My report included solutions for restoring network security and preventing this attack from happening in the future.
Malware analyst report performed with my self-employed business where I reverse engineered dynamic malware to determine its threat profile for a client. The attack vector was a Trojan horse masquerading as a Word document downloaded via email. Although the malware was dynamic, I was able to verify its identity by using its hash signature (SHA-1) to identify it as a Phython-based keylogger that exploits a vulnerability of OLE Objects in Microsoft Word. My reports concluded with recommendations on the best security practices for preventing similar attacks in the future.
Interned as a computer forensic analyst tasked with finding evidence if an employee of a jewelry company had planned to aid in burglary by smuggling building blueprints on a memory card hidden in his shoe. Deleted blueprint files were recovered. My report formed the conclusion that the suspect had not intended to aid in burglary but was simply misappropriating company property by taking home a blank memory card for personal use. Charges were officially dropped against the suspect due to my conclusion.
Interned as a computer forensic analyst performing an investigation on a CEO of a telecommunications hardware developer being indicted by the Department of Justice (DOJ) for being suspected of altering quarterly statements to boost the company’s earnings. The CEO was suspected of deleting incriminating evidence to hide traces of the activity. The DOJ cut a deal with the VP of finance to provide clues as to possible files to search for. Deleted and altered Excel files were recovered which led to concluding in my report that this is the evidence the DOJ sought in their incitement.
Bachelor's of Applied Science, Digital Forensics
• Champlain, 2019
Real Digital Forensics Computer Security and Incident and Response - Keith J. Jones, Richard Bejtlich, Curtis W. Rose
Computer Forensics and Essential Guide for Accountants, Layers and Managers - Michael Sheetz
Essentials of Criminal Law - Neil C. Chamelin, Andrew Thomas
Criminal Justice Today: An Introductory Text for the Twenty First Century - Frank J. Schmalleger
Criminal Investigation Basic Perspectives - Charles A. Lushbaugh, Paul B. Weston
Constitutional Values: Governmental Powers and Individual Freedoms - Daniel E. Hall, John P. Feldmeier
State and Local Government: The Essentials - Ann O’M. Bowman, Richard C. Kearney
Managing eDiscovery and ESI: From Pre-Litigation to Trial - Michael D. Berman, Courtney Ingraffia Barton, Paul W. Grimm
Information Security Principles and Practices - Mark Merkow, Jim Breithaupt
John B. Baird
Bradenton, FL 34207 • 941-363-1144 • johnbairdpc at gmail dot com
Open to relocation with ten years of information technology experience. Proficient with a variety of IT tools and techniques used in collecting, analyzing and reporting on electronic / digital evidence of criminal cases. Available for security clearance, effective communicator and a fast learner of new emerging technologies.
Bachelor’s of Applied Science, Digital Forensics
Champlain • 2019 • GPA 4.0 / 4.0
SKILLS AND QUALIFICATIONS
• Forensic Techniques: Evidence preservation, imaging, hash computation, evidence investigation, network analysis, intrusion detection, eDiscovery, file carving, signature analysis, encryption, stenography, legal precedence, forensic report writing, EnCE EnCase Certified Examiner (in progress)
• Forensic Tools: EnCase (Enterprise), FTK, Oxygen Forensics, WireShark, HashTool, Backtrack, Autopsy, Snort, Cellebrite, XRY, Volatility, FTK Imager, RegRipper, Oxygen Forensics
• Malware Techniques: Hash identification (static & dynamic), virtual sandbox creation, command & control (C&C) identification, incident of compromise (IOC) / attack vector analysis, registry shellbag examination, report writing
• IT Techniques: Adding and removing hardware, building PCs, network cabling, racking servers, router and switch programming, VoIP installation, malware / virus removal, operating system installation, virtual machine imaging, account permission managing, Windows PowerShell, macOS terminal
• IT Tools: VMWare Enterprise, Exchange, MySQL, TrueCrypt, Lotus Notes, Avaya, Merlin, VMWare Fusion, Google Apps, McAfee Virus Scan Enterprise, Bombard, BMC Remedy ticketing, FakeNet, Microsoft Attack Surface Analyzer, NetworkMiner
• Operating Systems: Windows, macOS (OS X), Linux Ubuntu, Linux Backtrack, TailsOS (Linux), iOS, Android, Windows Phone
• Programming Languages: C#, Python, Java, PHP, HTML, Swift
DIGITAL FORENSIC EXPERIENCE
Baird Computer Forensic Consulting, Bradenton, FL • Digital Forensic Consultant, Self-employed • 2014 - Present
Advise clients, including law firms and physician groups, whether a situation they were involved in would benefit from digital forensic examination. Provide clients with a written report detailing if a forensic examination would be beneficial or hurtful to their legal situation. Forensic consulting experience includes employee sexual harassment to intellectual property theft.
Learning iOS Forensics • Book Contribution, Packt Publishing • 2014 - 2015
Assisted authors Mattia Epifani & Pasquale Stirparo with their mobile forensic book, "Learning iOS Forensics", published in 2015. Areas of contribution include iOS version differences, iPhone hardware encryption details, Jailbreaking history / techniques and mobile examination general techniques (Cellebrite).
Intern, IT Technical Institute • Computer Forensic Examiner • 2011 - 2012
Performed digital forensic tasks on criminal cases under supervision through college including verifying hash values (MD5, SHA-1), compiling information for § 2703(f) subpoenas of internet companies (Google, Verizon), examined images using EnCase and FTK, HashTool, RegRipper, FTK Imager and compiled forensic reports. Recovered hidden and deleted data and worked with encrypted evidence using TrueCrypt. Network forensic examination was completed using Linux Backtrack, WireShark and Snort on a criminal case involving network intrusion of a Linux server.
INFORMATION TECHNOLOGY EXPERIENCE
johnbairdpc.com, Bradenton, FL • IT Technician, Self-employed • 2002 - Present
Professionally serve technical needs of residents and businesses for companies such as Raymond James Financial Services. Work with operating systems such as Windows, Windows Server, macOS (OS X), Linux, iOS, Android and Windows Phone. Create tailored training for individual users as well as groups using PowerPoint, Keynote and Google Apps. Consulting companies on future technology deployment. Install various wireless and wired networks using products from HP, Cisco, Dell and Apple. Perform threat assessment and implemented security against malware and viruses using products such as F-Secure, Malware Bytes and resources such as Virustotal. Install hardware upgrades, repairs and built custom computers.
Intern, IT Technical Institute • Malware Analyst • 2011
Analyzed a criminal malware incident under supervision through college involving a keylogger malware variant. Created safe sandbox environment in a VMWare virtual machine, identified possible incidents of compromise (IOC's) using ProcessMonitor, ProcessExplorer, Microsoft Attack Surface Analyzer. Used HashTool to generate SHA-1 hash value for malware identification, identified the command and control (C&C) server using FakeNet, NetworkMiner and compiled a malware analysis report.
Wells Fargo, Lakeland, FL • Contractual Network Administrator • 2011
Administrated on-site network support and server racking for Wells Fargo branches in multiple cities throughout Florida for Wachovia-to-Wells Fargo transition, contracted through Robert Half Technologies. Physically uninstalled rack servers, rewired patch cables, organized patch bays, ran PowerShell scripts, software and driver updates on new servers from brands such as HP, Cisco, Lenovo. Used Lotus Notes for notation and utilized MySQL for SQL management.
Smith & Nephew, St. Petersburg, FL • Contractual Incident Response & Help Desk • 2011
Supported incident response team during a zero-day malware outbreak affecting computers of 300+ enterprise users connected via WAN, contracted through Robert Half Technologies. Worked with BMC Remedy ticketing system and McAfee Virus Scan Enterprise to follow the instructions of incident response lead for removing infection and / or restoring clean images of Windows. Also served as help desk support, primarily connecting Avaya VoIP phone hardware and infrastructure.
AOL, Tampa, FL • Help Desk Support Tier III • 2010 - 2011
Effectively provided tier 1, 2 & 3 technical support, contracted through Computer Generated Solutions, for AOL server and client user issues using software VoIP Avaya, document using Lotus Notes, remote desktop management and virtual machine tools. Utilized Bombard for remotely controlling computers, Merlin for database entry and VMWare Enterprise for remotely running tools. Operated in a fast-paced, metrics-driven environment ensuring no customer privacy violations occurred and quality assurance guidelines were met every week.