pureIntegration IT Forensic Personnel Resumes

pureIntegration Project Executive – Chris Devlin

Candidate #1- Mr. Lewellyn Greene

Position Senior IT Forensic Specialist

13+ years of professional Information Technology experience as
an accomplished Information Security professional with
extensive malicious code analysis and forensic analysis
Summary
experience. Proven ability to solve problems, assess technical
capabilities, conduct strategic planning, build and motivate
teams, and manage projects.
Education and • Bachelor of Science, Computer Engineering, Old Dominion
Special University 1997
Assignments • LANGUAGES: Fluent in Spanish; 4 years of French instruction
Security
• Active - Top Secret / SCI / Full Life Style Poly
Clearance

• pureIntegration / June 2009 – Present

• ManTech International / April 2003-June 2009
Work History
• Information Concepts / October 2002 – March 2003
• InfoSeer, Inc / August 1998 – June 2002

Relevant • Manage a team of highly skilled reverse engineers in their

Experience everyday duties in support of IT forensic development and
analysis. Lead a team of reverse engineers in designing and
developing a state of the art reverse engineering framework.
Developed curriculum and taught courses in basic reverse
engineering techniques, advanced reverse engineering
techniques, and malware deobfuscation course

• Created IDAPro plugin and OllyDbg script that visually

displayed the different execution paths based on runtime
criteria. Reverse engineered high profile applications and
developed data parsers to extract data created by these
applications.

• Reverse engineered encryption algorithms and developed

applications to mimic and exploit the application. Developed
of custom tools based on the results from reverse engineering
analysis in order to improve efficiency of malware analysis.

• Created plugins and scripts that integrates with reverse

engineering tools, such as Windows Debugger, OllyDbg, and
IDAPro in order improve the effectiveness of the reverse
engineering tools.

Page 1
pureIntegration IT Forensic Personnel Resumes

• Designed and developed a cross platform notable

application hash management system using technologies.
This application is used to track applications of notable
interest, and is the base for a larger hashset management
system.

• Technical lead and main developer for a cross platform

(Linux & Windows) forensic scanning utility. Designed and
created an archive/setup ripper (MSI files, Zip files, Cab Files,
etc) that extracts and hashes all files included in the package.

• Reverse engineered high profile applications to determine

encryption methods, covert and hidden functionality.
Developed applications to simulate selected applications and
presented detailed yet readable reports to upper
management. Analyzed several steganography tools and the
techniques used.

• Created effective detector modules for applications,

utilizing statistical techniques and bye identifications
techniques. Reverse engineered applications to identify and
exploit weak cryptographic techniques. Technical lead and
developer on large 2-tier enterprise level application that
used Visual C++ front end and an Oracle database backend
Front application used the following technologies, MFC, Win32
API, COM, and ADO. Database migration from Oracle 8i to
Oracle 9i.

• Developer on a team the developed a three-tier Windows

2000/XP desktop monitoring system. I was responsible for the
first two tiers. The first tier was a kernel-mode device driver,
using rootkit type. technologies, which main purpose was to
intercept operating system operations and redirected
requests to the second stage for further processing. The
second tier was a Win32 Service that handled communication
from tier one and tier three.

• Worked in a large group to design and develop a peer-to-

peer system for legal distribution of copyrighted material.
Responsibilities involved design and development of the
client-side application for this system. The client used socket
communications with a proprietary protocol to communicate
with the rest of the system.

• Developed a multi-threaded File Transfer Protocol (FTP)

monitoring application. The application additionally searched
FTP search engines for additional FTP sites. All results are
then processed and inserted into a SQL Server 2000
database.

Page 2
pureIntegration IT Forensic Personnel Resumes

• Created multi-threaded peer-to-peer network analyzer

with graphical interface for displaying network information in
an efficient manner. All results received were inserted into a
SQL Server 2000 database. For this project, research was
conducted on TCP/IP protocol, peer-to-peer protocol and peer-
to-peer network infrastructure.

• Set up Cisco PIX firewalls and Cisco load balancers in order

to handle large network load for all custom built network
analyzer products custom applications. Developed file system
forensic utilities. In order to complete this project extensive
research was conducted on different file systems (FAT12,
FAT16, FAT32, HFS, HFS+, NTFS).

• Updated and maintained a Windows NT file system filter

device driver that filters and/or blocks system and application
calls in order to protect integrity of media. Device driver
development to filter direct disk hardware requests. Created
graphical interface to allow easy access to low level utilities.
Worked in a small group to design and create a prototype
intrusion detection system that monitors a physical
environment using X10 protocols and monitored network
traffic.

• Setup and maintained a multiple server development

network using Windows NT 4.0. Managed domain security
using primary domain controller in a client/server
environment with Static TCP/IP then migrating to Dynamic
Host Configuration Protocol (DHCP)

Page 3