Lokesh S
Summary
Lokesh has around 2 years 8 months of experience in Information Security Consulting with specialization in Digital Forensics. He currently serves as Cybersecurity Analyst at NII focusing on Digital forensics.
Educational Qualification
- B. Tech. in Electronics and Communication Engineering – Kurukshetra University
- Diploma in Electronics and Communication Engineering – CCET, Chandigarh
Detailed Experience & Expertise
- Analysis of forensic artifacts to identify root cause and indicators of compromise using Magnet IEF, Autopsy, Encase.
- Splunk Enterprise Search for Log analysis of forensic cases to perform root cause analysis.
- Assisting SOC engineering team for challenges related to their SIEM ESM server.
- Interface and communicate with server owners, system custodians, and IT contacts to pursue security incident response activities, which include obtaining access to systems, digital artifact collection, containment and remediation actions.
- Live forensics of compromised Windows, Linux servers including custom IOC and Yara rule scan.
- Intermediate level shell scripting for automation.
- Audit MacAfee Nitro SIEM from technology aspect.
- Post Investigation documentation for cases.
- Decrypting disks for data theft cases using Elcomsoft Disk decryptor.
- Participated in Digital Forensics Challenge 2018 is hosted by National Intelligence Service (NIS) South Korea and completed more than 6 challenges based on storage devices.
- Deployed Cyber Threat Intelligence (MISP) system at national level for Royal Thai Armed Forces as an onsite project, joint operation for multiple defense units for sharing threat intelligence.
- Implemented TheHive and Cortex to be used for DFIR, Security Operation Centre and Incident Response team for ticket management and Investigation.
- Deploy workflow to handle cases and inform the stakeholders when in need.
- Creating specific virtual environments for Windows, Linux and MacOS as required for a case.
- Basic Static and Dynamic Analysis of Malware, capturing basic IOC’s of a malware and enriching its information using CTI platform.
-
-
Incident Monitoring and Response
- Incident monitoring and reporting on Alienvault OSSIM SIEM.
- Incident monitoring and reporting on Cisco Sourcefire, Logs management, DNS, Malware and Intrusion based event detection and analysis to root cause with use of Splunk.
-
-
Hard Disk Analysis
- Disk Imaging through FTK Imager and WinHex in Expert Witness Format (E01), Advanced Forensic Format (AFF), and RAW (dd) evidence formats.
- Analysis according to evidence i.e., Timeline Analysis, Keyword Search, Web Artifacts, Registry Analysis, Email Analysis, Hash Set Filtering and others.
- RAID installation and configuration for servers with specific requirements.
- RAID and NAS forensics with data recovery.
-
-
Memory Analysis
- Imaging through Belkasoft Live RAM Capturer and FTK Imager.
- Extraction of digital artifacts such as process, DLL, certificate and registry dump from volatile memory with Volatility, Redline.
Technical Skills
- Operating Systems: Windows, Linux, Mac
- Hardware:DELL Power Edge R510, HP DL385 G7 and G8 Servers, Cisco Intergrated management servers.
- Security Tools: MISP, THeHive, Cortex, FTK Imager,Belkasoft Live RAM capturer, Encase Imager, Mandiant Redline, Volatility, Autopsy, WinHex, SysInternals, R-Studio, Elcomsoft Disk Decryptor, Splunk, Sqlite DB Browser, Unix Epoch time, MFT, Binwalk, Bambiraptor, P2v, BCDedit, Nmap, Hping3.
- Programming and Scripting: Shell Scripting.
Achievement
Participated in Digital Forensics Challenge 2018 is hosted by National Intelligence Service (NIS) South Korea and completed more than 6 challenges based on storage devices.
Interpersonal Skills
- Have good communication skills by being interacting with clients.
- Being patient and active listening makes conversations more useful and powerful.