John B. Baird
Computer Forensic Portfolio
Open to relocation
johnbairdpc at gmail dot com
Interned as a computer forensic analyst working on a case where a number of victims were reporting unauthorized credit card purchases with packages sent to vacant homes. A victim volunteered their hard drive to preform a forensic investigation. Once I created a digital profile of a suspect, a Vermont FBI agent assisted in sending 2703(f) letters to request preservation of data to CitiCard, Newegg, UPS, Google and Verizon. With this information I was able to identify the suspect. The special agent determined the suspect’s unsecured wireless network was hacked and was a victim and not a perpetrator. The true suspect(s) were operating out of Romania. My role in the case concluded without identifying the suspect(s).
Interned as a computer forensic analyst performing a network forensic investigation on a Linux server after an incident response team identified a breach. Victim company suffered a network attack from an outside source. An employee stated that someone had been logging into their account without permission. My report concluded that the attacker gained access to the server because the Linux operating system did not have numerous security patches installed. The attacker was able to exploit a printer service to remotely gain access over the internet. The attacker moved laterally until being able to crack the password of the legitimate user. My report included solutions for restoring network security and preventing this attack from happening in the future.
Malware analyst report performed with my self-employed business where I reverse engineered dynamic malware to determine its threat profile for a client. The attack vector was a Trojan horse masquerading as a Word document downloaded via email. Although the malware was dynamic, I was able to verify its identity by using its hash signature (SHA-1) to identify it as a Phython-based keylogger that exploits a vulnerability of OLE Objects in Microsoft Word. My reports concluded with recommendations on the best security practices for preventing similar attacks in the future.
Interned as a computer forensic analyst tasked with finding evidence if an employee of a jewelry company had planned to aid in burglary by smuggling building blueprints on a memory card hidden in his shoe. Deleted blueprint files were recovered. My report formed the conclusion that the suspect had not intended to aid in burglary but was simply misappropriating company property by taking home a blank memory card for personal use. Charges were officially dropped against the suspect due to my conclusion.
Interned as a computer forensic analyst performing an investigation on a CEO of a telecommunications hardware developer being indicted by the Department of Justice (DOJ) for being suspected of altering quarterly statements to boost the company’s earnings. The CEO was suspected of deleting incriminating evidence to hide traces of the activity. The DOJ cut a deal with the VP of finance to provide clues as to possible files to search for. Deleted and altered Excel files were recovered which led to concluding in my report that this is the evidence the DOJ sought in their incitement.
Bachelor's of Applied Science, Digital Forensics
• Champlain, 2019
Real Digital Forensics Computer Security and Incident and Response - Keith J. Jones, Richard Bejtlich, Curtis W. Rose
Computer Forensics and Essential Guide for Accountants, Layers and Managers - Michael Sheetz
Essentials of Criminal Law - Neil C. Chamelin, Andrew Thomas
Criminal Justice Today: An Introductory Text for the Twenty First Century - Frank J. Schmalleger
Criminal Investigation Basic Perspectives - Charles A. Lushbaugh, Paul B. Weston
Constitutional Values: Governmental Powers and Individual Freedoms - Daniel E. Hall, John P. Feldmeier
State and Local Government: The Essentials - Ann O’M. Bowman, Richard C. Kearney
Managing eDiscovery and ESI: From Pre-Litigation to Trial - Michael D. Berman, Courtney Ingraffia Barton, Paul W. Grimm
Information Security Principles and Practices - Mark Merkow, Jim Breithaupt
John B. Baird
Bradenton, FL 34207 • 941-363-1144 • johnbairdpc at gmail dot com
Computer forensic analyst open to relocation, available for security clearance, effective communicator and a fast learner of emerging technologies.
Bachelor’s of Applied Science, Digital Forensics
Champlain • 2019 • GPA 4.0 / 4.0
SKILLS AND QUALIFICATIONS
• Forensic Techniques: Evidence preservation & investigation, imaging, hash computation, network analysis, intrusion detection, eDiscovery, file carving, signature analysis, stenography, forensic report writing, EnCE EnCase Certified Examiner (in progress)
• Forensic Tools: EnCase, FTK, Oxygen Forensics, WireShark, HashTool, Autopsy, Snort, Cellebrite, XRY, Volatility, FTK Imager, RegRipper, Oxygen Forensics, Sleuth Kit
• IT Techniques: VMWare Enterprise, Exchange, MySQL, BitLocker, TrueCrypt, Lotus Notes, McAfee Virus Scan Enterprise, Bombard, Merlin, BMC Remedy ticketing, FakeNet, Microsoft Attack Surface Analyzer, NetworkMiner, Active Directory, CrowdStrike, LanDesk, SmartDeploy, Tivoli Desktop, PuTTY, BCM IT Asset Management
• IT Tools: VMWare Enterprise, Exchange, MySQL, TrueCrypt, Lotus Notes, Avaya, Merlin, VMWare Fusion, Google Apps, McAfee Virus Scan Enterprise, Bombard, BMC Remedy ticketing, FakeNet, Microsoft Attack Surface Analyzer, NetworkMiner
• Operating Systems: Windows, macOS (OS X), Linux Ubuntu & Kali, iOS, Android
• Programming Languages: C#, Python, PowerShell, Java, PHP, HTML
DIGITAL FORENSIC EXPERIENCE
Baird Computer Forensic Consulting, Bradenton, FL • Digital Forensic Consultant, Self-employed • 2014 - Present
Advise clients, including law firms and physician groups, on probability of retrieving evidentiary value from a digital forensic examination. Provide clients with a written report detailing if a forensic examination would be beneficial or hurtful to their legal situation. Forensic consulting experience includes sexual harassment to intellectual property theft. Provide legal recommendations on possible digital crimes committed and outline civil and criminal digital forensic scenarios clients may face from the opposition.
NextEra Energy / Florida Power & Light, Sarasota, FL • Infrastructure & System Administrator • 2019-Present
Operate as the solo on-premise system administrator for the infrastructure of 18 secure facilities and power plants within a 100 mile radius. Responsible for maintaining all aspects of the network stack (WAN routers, SFP modules, fiber cables). Satisfy service level agreements (SLA’s) while determining the most efficient method of resolving ticket requests through BMC Remedy. Diagnose device connectivity issues by conducting analysis, tuning and realtime monitoring. Manually configure Cisco equipment to be remotely managed via Cisco Prime. Rectify access issues for via Active Directory and Cisco Identity Services Engine (ISE). Interpret highly confidential network flowcharts and diagrams (Visio Drawings).
johnbairdpc.com, Bradenton, FL • Technology Consultant, Self-employed • 2002-2019
Professionally serve technical needs of residents and businesses for companies such as Raymond James Financial Services. Consulting companies on future technology deployment. Install various wireless and wired networks using products from HP, Cisco, Dell and Apple. Perform threat assessment and implemented security against malware and viruses using products like F-Secure, Malware Bytes and resources such as Virustotal. Troubleshoot operations issues while validating and implementing client-requested configurations. Install hardware upgrades and repaired computers, tablets and smartphones.
Learning iOS Forensics • Book Contribution, Packt Publishing • 2014-2015
Assisted authors Mattia Epifani & Pasquale Stirparo with their mobile forensic book, "Learning iOS Forensics", published in 2015. Areas of contribution include iOS version differences, iPhone hardware encryption details, Jailbreaking history / techniques and mobile examination general techniques (Cellebrite).
Intern, IT Technical Institute, Remote • Computer Forensic Examiner • 2011-2012
Performed digital forensic tasks on criminal cases under supervision through college including verifying hash values (MD5, SHA-1), compiling information for § 2703(f) subpoenas of internet companies (Google, Verizon), examined images using EnCase and FTK, HashTool, RegRipper, FTK Imager and compiled forensic reports. Recovered hidden and deleted data and worked with encrypted evidence using TrueCrypt. Network forensic examination was completed using Linux Backtrack, WireShark and Snort on a criminal case involving network intrusion of a Linux server.
Smith & Nephew, St. Petersburg, FL • Contractual Incident Response • 2011
Supported incident response team during a zero-day malware outbreak affecting computers of 300+ enterprise users connected via WAN. Worked with BMC Remedy ticketing system and McAfee Virus Scan Enterprise to follow the instructions of incident response lead for removing infection and restoring clean images of Windows. Also served as help desk support connecting Avaya VoIP phone hardware and infrastructure.
Intern, IT Technical Institute, Remote • Malware Analyst • 2011
Analyzed a criminal malware incident under supervision through college involving a keylogger malware variant. Created safe sandbox environment in a VMWare virtual machine, identified possible incidents of compromise (IOC's) using ProcessMonitor, ProcessExplorer, Microsoft Attack Surface Analyzer. Used HashTool to generate SHA-1 hash value for malware identification, identified the command and control (C&C) server using FakeNet, NetworkMiner and compiled a malware analysis report.
AOL, Tampa, FL • Help Desk Support Tier III • 2010-2011
Operated in a fast-paced, metrics-driven environment providing tier 1, 2 & 3 technical support. Contracted through Computer Generated Solutions for AOL server and client issues using software VoIP Avaya and documented using Lotus Notes. Utilized Bombard for remotely controlling computers and VMWare Enterprise for remotely running tools. Ensured no customer privacy violations occurred and quality assurance guidelines were met.