Andrew Case

Andrew Case

Core Developer, Volatility Foundation

Case is a senior incident response handler and malware analyst. He has conducted numerous large-scale investigations that span enterprises and industries. Case's previous experience includes penetration tests, source code audits, and binary analysis. Case is the co-developer of Registry Decoder, a National Institute of Justice funded forensics application, as well as a developer on the Volatility memory analysis framework. He is a co-author of the highly popular and technical forensics analysis book "The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory". He has delivered trainings in the fields of digital forensics and incident response to a number of private and public organizations as well as at industry conferences. Case's primary research focus is physical memory analysis, and he has published a number of peer-reviewed papers in the field.