Jesse Kornblum is a Principal Computer Forensics Engineer for ManTech. His personal home page can be found
Jesse Kornblum (1975-) is a former government computer investigator and now computer forensics researcher who has written a number of papers and tools to advance the field. These papers include "Preservation of Fragile Digital Evidence by First Responders" in 2002 which presented the first automated tools for incident response. These tools allow an examiner to gather evidence with a minimum of disruption to the system and maximize the ability to take evidence to court. His other major paper, "Exploiting the Rootkit Paradox with Windows Memory Analysis" from 2006 highlighted the power of examining physical memory when searching for malware.
In addition to papers, Jesse has authored a number of valuable computer forensics tools. His most notable, ssdeep, made use of a combination of hashing algorithms to help identify highly similar but not identical files; a vexing problem with no previous solutions. Although the idea was borrowed from Andrew Tridgell's spamchecker, it was the first use of such a technique in computer forensics and opened the field to similarity matching. The tool was accompanied by the paper "Identifying Almost Identical Files Using Context Triggered Piecewise Hashing."
Here is a question for Mr. Kornblum -
Some of the challenges introduced by Windows Vista include extracting live memory and (presumably) an increase in use of EFS by consumers. How can these challeges best be addressed by the forensics community?
Is the increasing capacity of hard drives and arrays outstripping the ability of the examiner to analyze it all? How can the forensics community best address this challenge?
This topic is now closed/locked and interview questions have been sent. Thanks to everyone for your suggestions.
Jamie