Digital Evidence Expert.

Dr Bradley Schatz.

Forensic Computer Scientist

Schatz Forensic was established in 2009 by Dr Bradley Schatz, with the goal of assisting the court, litigants, and corporates by providing independent and reliable evidence in matters related to computer and digital evidence. We have rapidly gained a reputation for solving complex digital evidence related problems.

Dr Schatz' depth of technical knowledge, beyond his Doctorate in Digital Forensics and a Bachelors in Computer Science, has a foundation of expertise informed by 18 years of practical experience in the computing field. This foundation is further reinforced by ongoing research in the area.



Peak Credentials


An internationally recognised authority in digital forensics, Dr Bradley Schatz is a Forensic Computer Scientist, and a leader at the cutting edge of the field. The first private practice practitioner in Australia to hold a PhD in Digital Forensics, Dr Schatz divides his time between private practice and research exclusively in that area.

In 2008, Dr Schatz was appointed Adjunct Associate Professor at the Queensland University of Technology (QUT), where he supervises doctoral students and occasionally lectures. Dr Schatz is the author or co-author of 13 peer reviewed academic research papers and two book chapters in the field of digital forensics, including the Digital Evidence chapter of Freckelton & Selby's "Expert Evidence", available online via Westlaw AU and Thomson Legal Online.

He sits on the Editorial Board of the journal "Digital Investigation: the International Journal of Digital Forensics"; the longest standing peer reviewed journal in the field, and the Review Panels of two international peer reviewed conferences related to computer forensics. Dr Schatz is regularly invited to deliver seminars and training, both locally and internationally.


Technical Depth


Dr Schatz brings a technical depth and scientific method to his practice, having 18 years of professional experience in the computing field, the foundations of which are a Bachelors degree in Computer Science and a childhood of tinkering with early computers. Prior to his entry to the field in 2003, Dr Schatz experience encompassed software development, computer security, networking, computer systems management, in industries such as banking, entertainment and health.

While Dr Schatz' primary focus is practical, his research focus places him at the cutting edge of the field, not only with a mastery of the field's techniques, but actively adding to them. The practical outcomes of his research have shaped the field. Dr Schatz helped pave the way to widespread adoption of Volatile memory forensic analysis of computers running the Windows OS by contributing, in 2010, a technique enabling the analysis of Windows Vista and Windows 7 based evidence.


Reliable Insight


Dr Schatz depth of experience across the digital environment puts him in a position to understand the context of claims in relation to the business or personal sphere, and allows him to provide simply explained, independent, and credible reporting and testimony.

Dr Schatz has provided expert evidence in civil litigation and criminal prosecution and defence matters in Federal, Supreme, and Magistrates Courts, and tribunals, in Queensland, New South Wales, Western Australia and Victoria. He has been appointed as a Joint Expert and Independent Computer Expert in numerous civil matters.

 

Book chapters on digital forensics.


Digital Evidence

Dr Schatz is the author of the Digital Evidence chapter of Freckelton & Selby's "Expert Evidence", the Australian authority on Expert Evidence. Available online via Westlaw AU and Thomson Legal Online, and chapters may be purchased individually from the publisher.


Conducting Digital Investigations

Dr Schatz is the co-author of this chapter of the difintive text: "Digital Evidence & Computer Crime 3rd Edition".

The chapter is available online: Conducting Digital Investigations.

A visual approach to interpreting NAND flash memory Schatz BL (2014) Digital Investigation (IN PRESS).

Integrity Verification of User Space Code White A, Schatz BL, Foo E (2013) DFRWS Conference, Monterey, USA.

Surveying the User Space Through User Allocations White A, Schatz BL, Foo E (2012) DFRWS Conference, Washington, DC.

Hash based disk imaging using AFF4. Cohen M, Schatz BL (2011) Digital Forensics Research Workshop, Portland, OR.

Refining the AFF4 evidence container for provenance and accurate data representation Schatz BL, Cohen M (2010) IFIP WG 11.9 International Conference on Digital Forensics, Hong Kong

Extending the Advanced Forensic Format to accommodate Multiple Data Sources, Logical Evidence, Arbitrary Information and Forensic Workflow Cohen M, Garfinkel S, Schatz BL (2009) Digital Forensics Research Workshop, Montreal, CA

Digital evidence: representation & assurance Schatz BL (2007) Ph.D. thesis.

BodySnatcher: towards reliable volatile memory acquisition by software Schatz BL (2007) Digital Investigation, 4 (Supplement 1), pp 126-134. [2007 Digital Forensics Research Workshop, Pittsburgh, PA, USA].

A correlation method for establishing provenance of timestamps in digital evidence Schatz BL, Mohay G, Clark A (2006) Digital Investigation, 3 (Supplement 1), pp 89-107. (2006 Digital Forensics Research Workshop, West Lafayette, IN, USA).

An open architecture for digital evidence integration Schatz BL, Clark A (2006) Australian Security Response Team Annual Conference 2006 (AUSCERT2006), Gold Coast, AU.

Framework for detecting network based code injection attacks targeting windows and UNIX Andersson S, Clark A, Mohay G, Schatz BL, Zimmerman J (2005) Annual Computer Security Applications Conference, pp 41-50, IEEE Computer Society, (2005).

Generalising event correlation across multiple domains Schatz BL, Mohay G, Clark A (2005) Journal of Information Warfare, Volume 4 Issue 1, pp 69-79 (2005).

Generalising event forensics across multiple domains Schatz BL, Mohay G, Clark A (2004) Australian Computer Network and Information Forensics Conference (ACNIFC 2004), Perth, AU. (Best paper award).

Rich event representation for computer forensics Schatz BL, Mohay G, Clark A (2004) Asia Pacific Industrial Engineering and Management Systems (APIEMS 2004), Gold Coast, AU.

 
2014

Proof of Ownership: Challenges in Ransomware Incidents

Invited seminar: AusCERT Security on the Move Conference, Brisbane (2013).
Invited seminar: AusCERT Online Crime Symposium (2014).

2013

Current & Future Challenges in Digital Forensics

Invited keynote: 18th Australasian Conference on Information Security and Privacy, Brisbane (2013).

Android forensics deep dive

Invited seminar: Ruxcon Breakpoint, Melbourne (2012).
Invited seminar: AusCERT Conference, Gold Coast (2013).
Invited seminar: Queensland Police (2013).
Invited seminar: Syscan360 Conference, Beijing (2013).

2012

Digital technology: practical and legal issues

Invited seminar: QLD Magistrates State Conference, Brisbane (2012).

2011

Digital forensics: from certainty to shades of grey

Invited talk: Ruxcon, Melbourne (2011).

Forensic readiness in control systems

Invited seminar: SCADA Systems Australia, Brisbane (2011).

SCADA Forensics

Invited seminar: Asia Pacific SCADA and Process Control Summit, Sydney (2011).

Forensics in control systems

Panel member: Asia Pacific SCADA and Process Control Summit, Sydney (2011).

2010

Digital forensics: current and future

Invited seminar: Association of Certified Fraud Examiners, Brisbane (2010).

Windows volatile memory forensics

Invited seminar: Brisbane Security Special Interest Group (2010).

Hash based disk imaging using AFF4.

Conference paper: Digital Forensics Research Workshop, Portland, OR (2010).

Technical Aspects of Large Scale Investigations

Panel member: Digital Forensics Research Workshop, Portland, OR (2010).

Windows volatile memory forensics for incident response

Tutorial: Australian Computer Security Response Team (AusCERT) Conference, Gold Coast (2010).

Digital forensics in control systems

Invited talk: Sixth Indo-Australian Conference on Information Technology Security (IACITS), Brisbane (2010).

Forensic readiness in control systems

Invited seminar:SCADA Community of Interest, Sydney & Brisbane (2010).

Refining the AFF4 evidence container for provenance and accurate data representation

Conference paper: IFIP WG 11.9 International Conference on Digital Forensics, Hong Kong (2010).

Fundamentals of digital evidence

CLE seminar, Queensland Law Society, Brisbane (2010).
CPD seminar, Victorian Bar Association, Melbourne (2010).
CPD seminar, NSW Bar Association, Sydney (2009).
CPD seminar, QLD Bar Association, Brisbane(2009).

2009

Computer forensics for Accountants

CPA IT Discussion Group, Brisbane (2009).

Computer forensic readiness

Industry seminar – Australian Information Security Association (AISA), Sydney (2009).

Digital evidence and the information security manager

Industry Seminar, Brisbane (2009).

Computer Forensics – Volatile Memory Forensics

Higher education lecture, INN550 Computer Forensics, Queensland University of Technology, Brisbane (2009).

Computer Forensics – Volume management and file systems

Higher education lecture, INN550 Computer Forensics, Queensland University of Technology, Brisbane (2009).

2008

Electronic evidence

CLE Seminar, Brisbane (2008).

Computer Forensics in Civil Litigation

Invited talk, Information Security Institute Day, Queensland University of Technology, Brisbane (2008).

Volatile Memory Forensics

Conference presentation, Australia New Zealand Forensic Science Symposium, Melbourne (2008).

Australian e-Discovery Update – Preparing your company for e-Discovery

Oracle e-Discovery Roadshow, Canberra, Brisbane, Perth, Melbourne, Sydney (2008)

e-Discovery in commercial litigation

CLE Seminar - NSW College of Law, Sydney (2008)

Volatile memory forensics

Guest Lecture – Queensland University of Technology, Brisbane (2008)

Computer Forensics

CLE Seminars, QLD Legal Aid, Brisbane (2008)

e-Discovery in commercial litigation

QLD Law Society Symposium, Brisbane (2008)

2007

Network Forensics: Capturing and Analysing Network Activity

Royal Australian Airforce, Canberra (2007)

An information architecture for digital evidence integration

Conference Presentation, Australian Security Response Team (AUSCERT) Conference 2006, Gold Coast, Australia. (2007)

2006
2004

Generalising Event Forensics Across Multiple Domains

Conference Presentation, Australian Computer and Network and Information Forensics Conference 2004, Perth, Western Australia. (2004)

Rich Event Representation for Computer Forensics

Conference Presentation, Australian Pacific Industrial Engineering and Management Systems 2004, Gold Coast, Australia. (2004)