Digital Forensics & Incident Response
New York, NY
M.S., University of Pennsylvania
B.S., Manipal Institute of Technology
Ashim Kapur is a Vice President at Stroz Friedberg, in its New York office where he assists with the management of the firm’s technical operations in areas of Computer Forensics, Electronic Discovery, and Incident Handling.
In addition to maintaining an active docket of cases and supervising forensic examiners, Ashim conducts digital forensic acquisitions and analyses of laptops, desktops, servers, phones and tablets in civil litigations, criminal matters, internal investigations, and incident response efforts.
Ashim assists in conducting and managing matters involving anti-money laundering and compliance technology assurance services review.
In terms of representative engagements, Ashim has:
- Assisted a large chemical production organization investigate a ransomware attack by determining how the bad actor got into their network and launched the attack. Collaborated with the internal IT team to contain the malware and assisted in remediation efforts.
- Established the methodology used to wipe a computer hard drive containing sensitive intellectual property. Determined when the wiping was performed and which files were likely removed based on forensic artifacts present on the machine and artifacts left by the wiping process.
- As part of a multiyear bank monitorship, examined anti money laundering practices including transaction monitoring and sanction screening systems to capture global current state, assessed the effectiveness of monitoring scenarios and matching algorithms, identified coverage gaps, and proposed remediation plans at one of the largest banks pertaining to a deferred prosecution agreement with the Department of Justice.
- Reviewed mobile devices and a SD cards for artifacts identifying creation and deletion of multimedia file presumably containing evidence of police misconduct.
- Reviewed and monitored network logs and email traffic to identify the phishing emails and evaluate the extent of compromise. Worked with the internal cybersecurity team to control the exposure due to the current attack and identify security flaws to mitigate any future incidents.
- Conducted digital forensic examination pursuant to an adverse-party inspection order in a litigation concerning the alleged theft of intellectual property by a former employee of an international bank.
- Led efforts to reconstruct and forensically analyze data present on stolen laptop computers as part of efforts to determine whether personally identifiable information had been exposed.
- Assisted large corporations and government agencies in conducting raids to capturing network traffic to and from several botnet command and control servers and preserve the data on the server drives.
- Reviewed network activity to comprehend the extent of compromise of the accounting and payroll application at a hospital due to an opportunistic phishing email attack.
- Pursuant to the court order, collected and analyzed electronic devices of several active and departed employees at a chemical company to review for evidence of data exfiltration and destruction.
- Reviewed several devices for evidence of possession and/or distribution of child pornography.