Lokesh S


Summary

Lokesh has around 2 years 8 months of experience in Information Security Consulting with specialization in Digital Forensics. He currently serves as Cybersecurity Analyst at NII focusing on Digital forensics.

Educational Qualification

  • B. Tech. in Electronics and Communication Engineering – Kurukshetra University
  • Diploma in Electronics and Communication Engineering – CCET, Chandigarh


Detailed Experience & Expertise

  • Analysis of forensic artifacts to identify root cause and indicators of compromise using Magnet IEF, Autopsy, Encase.
  • Splunk Enterprise Search for Log analysis of forensic cases to perform root cause analysis.
  • Assisting SOC engineering team for challenges related to their SIEM ESM server.
  • Interface and communicate with server owners, system custodians, and IT contacts to pursue security incident response activities, which include obtaining access to systems, digital artifact collection, containment and remediation actions.
  • Live forensics of compromised Windows, Linux servers including custom IOC and Yara rule scan.
  • Intermediate level shell scripting for automation.
  • Audit MacAfee Nitro SIEM from technology aspect.
  • Post Investigation documentation for cases.
  • Decrypting disks for data theft cases using Elcomsoft Disk decryptor.
  • Participated in Digital Forensics Challenge 2018 is hosted by National Intelligence Service (NIS) South Korea and completed more than 6 challenges based on storage devices.
  • Deployed Cyber Threat Intelligence (MISP) system at national level for Royal Thai Armed Forces as an onsite project, joint operation for multiple defense units for sharing threat intelligence.
  • Implemented TheHive and Cortex to be used for DFIR, Security Operation Centre and Incident Response team for ticket management and Investigation.
  • Deploy workflow to handle cases and inform the stakeholders when in need.
  • Creating specific virtual environments for Windows, Linux and MacOS as required for a case.
  • Basic Static and Dynamic Analysis of Malware, capturing basic IOC’s of a malware and enriching its information using CTI platform.
    • Incident Monitoring and Response
    • Incident monitoring and reporting on Alienvault OSSIM SIEM.
    • Incident monitoring and reporting on Cisco Sourcefire, Logs management, DNS, Malware and Intrusion based event detection and analysis to root cause with use of Splunk.
    • Hard Disk Analysis
    • Disk Imaging through FTK Imager and WinHex in Expert Witness Format (E01), Advanced Forensic Format (AFF), and RAW (dd) evidence formats.
    • Analysis according to evidence i.e., Timeline Analysis, Keyword Search, Web Artifacts, Registry Analysis, Email Analysis, Hash Set Filtering and others.
    • RAID installation and configuration for servers with specific requirements.
    • RAID and NAS forensics with data recovery.
    • Memory Analysis
    • Imaging through Belkasoft Live RAM Capturer and FTK Imager.
    • Extraction of digital artifacts such as process, DLL, certificate and registry dump from volatile memory with Volatility, Redline.


Technical Skills

  • Operating Systems: Windows, Linux, Mac
  • Hardware:DELL Power Edge R510, HP DL385 G7 and G8 Servers, Cisco Intergrated management servers.
  • Security Tools: MISP, THeHive, Cortex, FTK Imager,Belkasoft Live RAM capturer, Encase Imager, Mandiant Redline, Volatility, Autopsy, WinHex, SysInternals, R-Studio, Elcomsoft Disk Decryptor, Splunk, Sqlite DB Browser, Unix Epoch time, MFT, Binwalk, Bambiraptor, P2v, BCDedit, Nmap, Hping3.
  • Programming and Scripting: Shell Scripting.


Achievement

Participated in Digital Forensics Challenge 2018 is hosted by National Intelligence Service (NIS) South Korea and completed more than 6 challenges based on storage devices.


Interpersonal Skills

  • Have good communication skills by being interacting with clients.
  • Being patient and active listening makes conversations more useful and powerful.