Jim Metcalfe is an experienced digital forensic investigator who has worked in both the public and private sector in security and law enforcement roles.
Jim started his career in digital forensics in 2011 with the Royal Air Force Police Cyber Forensic Team, carrying out complex and high-level investigations in both computer and mobile based exhibits. On leaving the Royal Air Force he moved into the challenging world of forensically recovering data from vehicle based systems and providing expert comment on connected devices (also known as Internet of Things), utilizing specialist data acquisition techniques including flash memory chip-off and direct eMMC.
He is now using this experience at 7Safe in Cyber Security Incident Response and Threat Hunting to the standards required CREST, ISO 27043 and the Association of Chief Police Officers' (ACPO) Good Practice Guide for Digital Evidence. This work as a practitioner is reinforced by his work delivering 7Safe courses Certified Cyber Investigator, Cyber Malware Investigator and Cyber Security Incident Responder.
• Providing incident response services to organisations with and without in-house cyber security capabilities
• Deploy threat hunting techniques to determine if any system is compromised where no clear indications have been noticed.
• Performing forensic analysis on static and live environments to find the cause of security breaches
• Carry out digital forensic acquisition and analysis of PC and Mobile exhibits
• Provide technical training and tuition in cyber security incident response, malicious software investigation and network investigations.
• Public Body. Suspected breach of sensitive data.
• Law Enforcement Agency Recovery of CCTV footage.
• Regulatory Body. Provide technical assistance in execution of lawful warrant.
Public Body - July 2018
Investigating at short notice the breach of potentially sensitive data controlled by a public body. The body had received emails from an unknown sender with documents attached that were controlled by the body. Jim assisted the body in identifying possible vectors in the release and providing sound advice in preventing the incident re-occurring based on the vulnerabilities discovered.
Law Enforcement Agency - July 2018 – December 2018
A very large CCTV system was crucial in identifying the cause and potential suspect in a major fire. The CCTV system itself had been affected during the fire-fighting and was inoperable. Jim’s previous experience in dealing with recovering data from burnt out motor vehicles was instrumental in fully recovering all available CCTV footage. Over 96 TBytes of data was recovered.
Regulatory Body - July 2018 – to date
As part of an ongoing requirement Jim regulary assists a regulatory body in the execution of lawful warrants, providing appropriate advice on what should be seized and where required forensically acquiring data on the scene.