Ashim Kapur

In terms of representative engagements, Ashim has:

• Assisted a large chemical production organization investigate a ransomware attack by determining how the bad actor got into their network and launched the attack. Collaborated with the internal IT team to contain the malware and assisted in remediation efforts.
• Established the methodology used to wipe a computer hard drive containing sensitive intellectual property. Determined when the wiping was performed and which files were likely removed based on forensic artifacts present on the machine and artifacts left by the wiping process.
• As part of a multiyear bank monitorship, examined anti money laundering practices including transaction monitoring and sanction screening systems to capture global current state, assessed the effectiveness of monitoring scenarios and matching algorithms, identified coverage gaps, and proposed remediation plans at one of the largest banks pertaining to a deferred prosecution agreement with the Department of Justice.
• Reviewed mobile devices and a SD cards for artifacts identifying creation and deletion of multimedia file presumably containing evidence of police misconduct.
• Reviewed and monitored network logs and email traffic to identify the phishing emails and evaluate the extent of compromise. Worked with the internal cybersecurity team to control the exposure due to the current attack and identify security flaws to mitigate any future incidents.
• Conducted digital forensic examination pursuant to an adverse-party inspection order in a litigation concerning the alleged theft of intellectual property by a former employee of an international bank.
• Led efforts to reconstruct and forensically analyze data present on stolen laptop computers as part of efforts to determine whether personally identifiable information had been exposed.
• Assisted large corporations and government agencies in conducting raids to capturing network traffic to and from several botnet command and control servers and preserve the data on the server drives.
• Reviewed network activity to comprehend the extent of compromise of the accounting and payroll application at a hospital due to an opportunistic phishing email attack.
• Pursuant to the court order, collected and analyzed electronic devices of several active and departed employees at a chemical company to review for evidence of data exfiltration and destruction.
• Reviewed several devices for evidence of possession and/or distribution of child pornography.

Testimony Experience

February 2019:

Provide written testimony regarding potential intellectual property theft in EQT Corporation v. Jeffrey Lo, United States District Court for the Western District of Pennsylvania.

September 2018:

Provided written testimony regarding the analysis performed on “Evernote Activity Log” present on a Macintosh in Robert Chilton v. Philipp Wall, Superior Court in the state of Arizona.

December 2016:

Provided written testimony regarding publically available, among other information, host name, IP, mail exchange records for a wed domain in National Australia Bank Ltd. Vs. Google Inc., United State – District Court, Northern District of California.

August 2016:

Provided testimony regarding the review of artifacts present on a mobile phone and memory card in Ibrahim Annan v. City of New York Police Department, et al., United States District Court, Eastern District of New York.

April 2016:

Provided testimony about a digital forensic examination in Light of Day v. Charles Nordeen and All Good Things, et al., Supreme Court of the State of New York, County of New York.