• Practical strategies for effective cyber crime investigations led by Dan Saunders, Senior Incident Response

  • Consultant for NTT, a leading global technology services company.


  • Best practice for cyber security incident management and response.


  • An insight into an international ransomware attack, which crippled an organisations enterprise network and

  • best practice around the ensuing investigation.


  • Best practice for triaging malware and malicious code and extracting indicators of compromise (IOC) for use

  • in investigation.


NB: The workshop is limited to investigators from Police, wider Law Enforcement and

Government only.

The Investigator is hosting an exclusive workshop with global cyber security experts NTT to provide practical

strategies, best practice, and latest thinking around the investigation of a cyber crime incident.

It is aimed at investigating officers and technical analysts (intelligence, researchers and forensics) working on the

frontline in Cyber Crime departments in Police forces, Regional Organised Crime Units, Law Enforcement and other Government Agencies.

Leading the session will be Dan Saunders, Senior Incident Response Consultant within the security division at NTT. As a member of NTT’s cyber security consulting and global Digital Forensics Incident Response (DFIR) team, he responds to cyber security incidents worldwide for clients. He is often challenged with reactive tasks including security incident handling, threat hunting, incident containment, remediation activities and root cause forensic analysis of compromised networks. In addition, he also carries out proactive engagements to improve security postures.

Prior to NTT, he worked as an Investigator in the Regional Cyber Crime Unit at the UK’s South East Regional Organised Crime Unit (SEROCU).

His experience has given him a unique insight into the challenges and opportunities that exist for public and private sector cyber investigators and he is committed to supporting the next generation of cyber investigators by sharing his knowledge and expertise.

During the workshop, Dan will be giving a series of presentations and technical demonstrations, including showcasing some of his own tools and techniques that he has devised to investigate security incidents such as network intrusions and malware infestation.


About the day

The day runs from 10.30am to 1.30pm and will include the following sessions.


  • Session One: Incident Management & Response: best practice for investigators and managers. An overview of incident response methodology and devising an effective strategy to maximise investigation opportunities.


  • Session Two: Your Network Is Locked: an international case study giving an insight into ransomware attack, which crippled an organisations enterprise network and a look at the threat actors tactics, techniques and procedures (TTP) which took place.


  • Session Three: Malware and Malcode Tips & Tricks: best practice tips, techniques and tools around malware and malicious code triage and how this can shape and drive your investigation, which the use of indicators of compromise (IOC).

A donation from this workshop will be made on behalf of NTT to the Tech for Good initiative, which uses technology to tackle the world’s pressing social and environmental challenges.

Dan Saunders


Cost: £199.25 + VAT (GBP) per delegate (Only open to LEA and Government Agencies only).

Booking: Please send the delegates name(s), email address(es) and purchase order to info@the-investigator.co.uk or telephone +44(0)844 660 8707 for further information.  If you require 5 or more delegates from the same organisation please contact us for a group discount quote. Industry delegates will be assessed on a case by case basis due to the nature of the content. Under no circumstances will a delegate be able to register using a free webmail address (ie: gmail, Yahoo, Outlook, Hotmail, AOL etc).

Payment can be made by PayPal/debit/credit card (corporate card fees apply + 3%). 

The meeting link will be sent out 2 days before the event.

Important disclaimer

Please note, we respectfully ask that only delegates who have paid for a place are permitted to attend our virtual conference. If you would like to attend as a group of more than 5 delegates from the same force/organisation then please contact us for group rates.

Please refer to the College of Police Code of Ethics 2014 for guidance. Please see page 11 section 7, which states: ‘I will treat information with respect, and access or disclose it only in the proper course of my duties’

Joining the event: All delegates are required to login with the name that is assigned to their email address, anyone that logs in as a guest, anonymous or a name not on the registration list will be removed from the conference. LEA/Government delegates can supply an alternative email address after their work email address has been verified if they are working from home and using their own electronic devices.


No one should face homelessness, and winter can

be the hardest time.

Will you face the freeze to help end homelessness?

To read about the work Crisis does click HERE

To make a donation click HERE

The Investigator's nominated charity for 2021

Slavery Sky new banner 1.png
Sky CSEA Banner 1.png