Hi all guys!
My name is Alessandro Di Carlo, best known as @samaritan_o. Welcome to my blog, the place where you will find some of my old notes about Digital Forensics and Incident Response.
Sometimes, due to my previous experiences, there may be confusion about my skills, what I can and cannot do or simply how I can help you. As a result, I've decided to format this page as an interview in which I'll try to explain who I am and what I do in life.
Q1: Aaaaand here we are! Let's start from the very beginning. What's your name in real life?
A1: Nice to meet you all! Alessandro Di Carlo is my real name.
Q2: Can we find you on social media?
Q3: I glanced over your profile and I am perplexed by terms like "penetration test", "digital forensics" and "incident response". But aren't these stuff diametrically opposed?
A3: I used to break stuff during penetration testing activities when I first started my career (roughly eleven years ago), but the other side of the force called me a years ago, and now I help corporations, critical infrastructures, and multinational companies build their DFIR and Threat Intelligence capabilities.
Q4: Please, can you go in-depth on what you do during your Digital Forensics activities?
A4: When it comes to Digital Forensics, the scenarios can range from making a forensic copy for purely conservative purposes to analyzing computers, smartphones, and IT devices to understand the actions performed on them. The most common cases involve unfaithful employees, theft of company know-how, and so on.
Q5: Okay, this appears to be very cool! So, what are your hard skills?
A5: I am well-versed in endpoint forensics (Windows, macOS, and * unix), memory forensics, and network forensics. Furthermore, having participated in hundreds of incident response activities, I have gained an in-depth understanding of criminal groups and their respective TTPs.
Q6: Last but not least question: do you have any other information you'd like to share with us?
A6: Some disjointed information. GCFA, GASF, eCDFP, eCPPT, and eWAPT are just a few of the certifications I've obtained over the years.
In addition, I try to assist the community by publishing technical analyses of the most recent threats. They can be found on the website TheDFIRReport (Twitter account).
If you want to contact me, you can do it through my social media accounts or at [myName]@[mySurname][.]tech.