Brandon Gregg, CPP

What you see depends on what you're looking for.

     -Anonymous

Profile

Global Investigations Manager at Seagate
Security and Investigations | San Francisco Bay Area, US

Summary

Brandon Gregg, CPP is currently the Global Investigations Manager for Seagate Technology, the world’s leading manufacturer of hard disc drives. Upon starting employment with Seagate, he identified the need for an internal solution to assist in the numerous high profile investigations the company conducts. Recognizing the value of having an in-house computer forensic solution, Brandon designed and manages a state of the art computer forensics lab utilizing advanced computer/ networking forensics and digital surveillance to support high-tech investigations and global E-Discovery collections. Having this kind of support for investigations and his business partners, he has saved hundreds of thousands of dollars in costs each year and provides the evidence needed to close out some of the most complex investigations.

Brandon has also worked investigations for numerous other Fortune 500 companies over the last 10 years investigating theft, fraud, organized crime, corporate espionage, and many high profile cases as well as being an educator, published author and featured speaker on surveillance, computer forensics, complex investigations and ethical hacking.

For more information visit: www.BrandonGregg.com
Specialties: Computer Forensics (ACE Certified, Encase, E-Discovery, Online Investigations), I2 Investigations Analysis Software, Surveillance (Static, Stationary), Background Investigations, interview and interrogation (Wicklander, Reid) and custom CCTV design (Covert, DVR, NVR, and Wireless systems). Together with his background in organized crime, computer forensics and intelligence collection, Brandon continues to assist his peers and law enforcement with an array of lectures and publications.

Experience

  • Dec 2010 - Present
    Chapter Treasurer / ASIS San Francisco Chapter
  • Jul 2009 - Present
    Freelance Writer / IDG
    Writer for CSOonline.com and IDG publications (ComputerWorld, CIO, IT Tech, etc.)
  • Oct 2006 - Present
    Global Investigations Manager / Seagate Technology

Education

  • 2007 - 2008
    Boston University
    Masters in Criminology
  • 1998 - 2000
    San Jose State University
    B.S. in Sociology
    Activities: Chi Pi Sigma
  • Harbor High School

Additional Information

Posts

June 27, 12:00 AM

Careful use of online sites can track down hard-to-find information and leads

March 24, 12:00 AM

Brandon Gregg challenges current thinking about organized shoplifting rings. Forget the hype and get back to basics.

August 18, 12:00 AM

Free software once used only by the CIA. A pen that will change your life. Brandon Gregg shares these and other inexpensive ways to manage corporate investigations.

July 12, 12:00 AM

Ready to catch your bad guy in the act? Investigations manager Brandon Gregg on how to put the right surveillance equipment in the right place.

April 26, 12:00 AM

The care you use in selecting the right camera for a covert investigation can be undercut if you don't also choose the right video recording device

April 01, 12:00 AM

Is covert surveillance a necessary part of your investigation?Lux levels, nanny cams and other camera considerations

February 08, 12:00 AM

Visualization can help close an investigation and help communicate the findings. Corporate investigations manager Brandon Gregg explains common tools and formats.

January 06, 12:00 AM

Concerned about identity theft? Selling or recycling an old computer? Corporate investigations manager Brandon Gregg explains three tools for making sure your data is really deleted.

November 23, 12:00 AM

Investigations manager Brandon Gregg explains how to collect evidence for network investigations on the cheap without damaging the mission at hand.

July 22, 12:00 AM

Step-by-step instructions for downloading and using free or inexpensive digital forensics tools.

July 06, 12:00 AM

Corporate investigator Brandon Gregg explains how online services and tools can help crack a case.

June 17, 12:00 AM

A corporate investigations manager shares five tools for concealing your identity.

June 01, 12:00 AM

Investigations manager Brandon Gregg explains how to keep an eye on intellectual property using Monittor, Limewire and other free tools.

Posts

January 28, 07:37 AM

ICE, the Internal Revenue Service Criminal Investigation, the Federal Bureau of Investigation, the U.S. Department of Agriculture - Office of Inspector General and the Oakland Police Department worked together on a nearly two and one-half year investigation looking into the activities of an ORC ring operating in the San Francisco Bay Area with ties throughout the United States and abroad.

January 28, 07:37 AM

Teams of criminals linked by cell phones have fanned out across Western Washington to steal all the Visine eye drops, Crest White Strips, Prilosec heartburn medication, Similac infant formula and Excedrin pain relievers they can get.

January 28, 07:37 AM

Police say Zoe Johnston, 53, worked as a security guard at Seagate Technologies - a computer peripheral manufactureer near Boulder. She then would take the hard drives home to her son Matthew Tennant, 26, who would sell them on ebay.

January 28, 07:37 AM

Electronic espionage has been well proven over the last year, and not just governments and big business are at risk - but all businesses. These spies use tools undetectable by regular means. 7/27/2010 5:34:00 AM By: Bob Violino

January 28, 07:37 AM

The Alliance for Gray Market and Counterfeit Abatement (AGMA), a non-profit organization dedicated to addressing the gray marketing (also unauthorized resale and parallel imports of branded goods), counterfeiting and warranty and service abuse of branded goods around the globe, kicked off the new year by holding their annual member meeting on January 20 and 21. The conference, hosted by Hewlett-Packard in Palo Alto, California, provided members with insights into many issues related to these topics, including best practices to mitigate gray market fraud and how to engage and partner with law enforcement agencies.

January 28, 07:37 AM

he announcement today by federal and local authorities of the takedown of a nationally organized retail crime ring in San Jose, CA, highlights a significant and growing criminal enterprise in the United States and the need for federal legislation to combat it.

January 28, 07:37 AM

ASHLAND — When Karen Lightcap was teaching in Lewisburg on March 8, she was mugged in London — at least that’s what her Facebook page and her e-mail were telling friends.

January 28, 07:37 AM

SANTA CRUZ - Jurors on Friday found a Santa Cruz father of three guilty of first-degree murder for killing his wife in their bedroom on a September night nearly two years ago.

January 28, 07:37 AM

A federal judge in Minneapolis Wednesday ordered Haas TCM chemical company embezzler Chad Jurgens to return $6.3 million and serve five years in prison.

January 28, 07:37 AM

In the case The People v. Amy Marie Garvin, Court of Appeal, Sixth District, California. Feb. 10, 2005 the defense offered expert testimony from Dr. Richard Ofshe who testified that "a poorly done interrogation could produce a false confession. Poorly trained interrogators use false "evidence ploys" in conjunction with inappropriate psychological "motivators" to coerce false confessions without knowing that the confessions are false. These interrogators focus only on producing a confession without thinking about the guilt or innocence of the person interrogated." The jury rejected this testimony and found the defendant guilty.

Posts

January 26, 12:32 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

Although many organizations have varying degrees of different definitions, I use the following:

Investigation: The investigation of a formal allegation of a criminal act, ethics violation or wrong doing.

Probe: A exploratory inquiry into questionable or suspicious activities that may lead to the finding of a criminal act, ethics violation or wrong doing.

See question on Quora
January 09, 02:04 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

Yes, two primary services are the Great Good Bye at http://www.greatgoodbye.com/ and Death Switch at http://deathswitch.com/ .

Both offer different forms of emails and services from the grave. Between the two, Death Switch appears to have more service oriented tasks and could be used without the help of a friend or lawyer in the manner described in the question. With Death Star, a "Check in" email is sent to you at set frequencies. If you don't respond to the check in, Death Switch assumes you are dead (or kidnapped) and sends out the email(s) you prepared before your departure.

Great Good Bye works well too. According to their site "After your death your friend will type in the activation codes on our site and the system will automatically send out the emails from the grave that you have prepared. Such trusted person will not be able to view, edit or administer any of your prepared messages - he or she will only trigger their sending out by providing the activation codes."

Whether you choose to trust yourself or your friends both sites let you setup your message to be sent to the press, law enforcement, etc if you die or go missing.

See question on Quora
January 07, 11:25 AM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

The difference between the two tools is quality. In all honestly both products work great and I believe are the future of network forensics, malware detection and network protection, but Solera added all the features Netwitness left out. From simple exporting to excel, to easy automation of importing public and open source malware feeds Solera is a better tool. 

Netwitness had (has) an amazing product too. Easiest way to compare them: A basic model vehicle without power windows to a vehicle with all the bells and whistles like GPS, Bose speakers and seat warmers.

See question on Quora
December 23, 09:29 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

Install Connectify (http://www.connectify.me/) or Maryfi (http://www.maryfi.com/) for free. Both work great and offer simple setup to share your wireless with others.

See question on Quora
December 23, 01:41 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

Your choice in virus software is very important. To understand why, you need to look at how most anti- virus software works:

Companies like McAfee and Norton use R&D, advance web crawlers, scientists, intelligence (spying) and other resources to track and identify known and unknown viruses and their frequent mutations. All this data is then turned into a signature based detection system. By indexing and hashing your files on your system and then comparing them to known virus hashes and signatures you can confirm if you have any malware on your system. It's even faster to identify new files, no major scans are needed. So each time your anti-virus program provides you an update, its adding to the list of known viruses to scan for. Sounds simple, but is full of major issues, including these two.

Issue 1: An advance persistent threat (APT) aka China or a talented black hat hacker or the NSA make a 100% custom, never seen before virus (Stuxnut anyone?) and sends it to one system (Iran?) instead of blanketing it on the internet for McAfee to stumble upon. Do you think on one targeted machine McAfee will find it and then send out a signature file for the rest of us? Probably not.

Issue 2: I can confirm McAfee (and others big boy virus companies) white list (ignore) viruses for law enforcement and other intelligence agencies (including private companies). So you could have a keylogger, Remote Access Tool or other malware on your machine that McAfee is allowing!

So now what virus tool do you use?

Open source/Free tools may not have the same R&D budgets that the above companies have, but they do have the power of crowd sourcing and no bureaucracy or agenda other than protecting you. There isn't a goal to update only once a month or with a subscription fee. Instead most open source tools update as soon as a new issue is identified.

Personally I use two forms of virus protection: Microsoft Security Essentials and Malware bytes. Microsoft really impressed people with their free, low resource anti-virus tool just before Windows 7 was released. It keeps a stable anti-virus tool with the resources of big boy Microsoft running on my machine. Malware bytes is my resource to make sure Microsoft is doing its job and not missing any newly identified custom viruses like Stuxnut or caving into law enforcement and white listing some keylogger. Running this once a week seems to work well and not eat my system resources. Sometimes when I'm extra paranoid I throw in Trend Mirco's online scan for good measure.

I will never pay for a service that cares more about subscription fees and helping the government over my protection and privacy.

See question on Quora
September 16, 07:01 PM
Brandon Gregg, Does living in a surveillance van count?

Super Circuits has a great selection of wearable hidden cameras that law enforcement and other security professionals use often. http://www.supercircuits.com/Hid...

Personally I suggest making your own covert camera out of a basic pinhole camera for less that $20 and staying away from wearable cameras. As good as some of the cameras are at Super Circuits and other CCTV vendors, they a) charge a ton for a cheap camera because its in a cheesy covert cover and b) fail to advertise the recording and power requirements needed to successfully use their camera like a scene out of a spy movie. Just imagine a camera in your tie. How are you powering it? What is it recording too? How are you powering the recording device? And please don't mention wireless or I will scream.

If you must use a wearable camera, stick to the pen dvr cameras found on ebay. They offer audio (something most legit cctv vendors are scared to sell), they run on batteries in the pen and record to a mirco sd card for easy playback. Best part you can put it on a desk, write with it or wear it on your shirt/purse and no one will be the wiser... http://www.google.com/products/c...

For custom cameras visit www.BMGInvestigations.com

See question on Quora
September 16, 12:45 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

Contact me on Quora or visit my website at www.BMGInvestigations.com

See question on Quora
September 13, 07:52 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

Alan Cohen and Kim Guldberg offer some good software solutions to monitor internet traffic, however I see one piece missing, how you access the traffic. A standard router won't show you other user's traffic. To actively monitor another machine on your network you need to use a hub or your router needs to be able to output the targeted computer's data via a span or tap port. If buying a hub is out of the question or your router doesn't support tap ports you could always use APR poisoning via the program Cain and Able.

Once you have the proper connection made you can record your traffic via wireshark or some of the tools mentioned in the answers above. I recommend recording with wireshark and reviewing the data with RSA's Netwitness Investigator freeware. If there is specific data you are looking to monitor please post in the comment and I will update my answer.

See question on Quora
September 11, 01:59 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

The largest publicly known Chinese hack has been the Aurora attack in early 2009. The following companies have stated they were victim: Google, Adobe, Juniper, Rackspace and unofficially (but confirmed by leaked emails in an Anonymous hack) Morgan Stanley and Dupont. The press also indicated Yahoo, Symantec, Northrop Grunman and Dow Chemical were part of the hack. In total at least 20 companies were victim of that one attack by China.

China has also been linked to a recent hack at RSA that lead to three more defense companies to publicly admit to being hacked: Lockheed Martin, L-3 Communications, and Northrop Grumman to be hacked by the Chinese. So Alan Cohen's friends are correct... 

Unofficially the press has also labeled China responsible for hacking "The United Nations, the Indian government, the International Olympic Committee, the steel industry, defense firms, computer security companies, the governments of the United States, Taiwan, South Korea, Vietnam, and Canada, the Association of Southeast Asian Nations, and the World Anti-Doping Agency."

See question on Quora
September 07, 02:40 AM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

I can't speak for the MacBook Air, however the Seagate's series of FDE drives all encrypt data "as it is being written and decrypts data as it is being read." Once a computer is turned off, the drive "locks" and all the data on the drive remains encrypted until the computer is powered on and a password is entered. Leaving the computer in sleep or hibernation keeps the drive active and unlocked for anyone to wake back up and take your data.

Not only do I suggest using an FDE drive to protect your files, but still use file/directory level encryption to protect your files from hackers that may be remotely on your systems or from live images collected by law enforcement/your company/bad guys. Sounds paranoid but you can never be to safe with your personal data.

See question on Quora
September 07, 02:21 AM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

For free use Cybergate... if you want something less risky check out Spectorsoft.com. They have monitoring tools starting at $99. Very impressive software.

See question on Quora
September 02, 07:05 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

Not all states allow the search of people's license plates. For example, in California after actress Rebecca Schaeffer was killed by a stalker who got her home address from a private investigator who got it from her vehicle and abortion clinic staff were stocked by their license plate information, California passed the Driver's Privacy Protection Act of 1994 (DPPA) to lock down this kind of information. So unless you are law enforcement or have a have a special license to search unrestricted ($50,000 Bond needed) with DMV you are out of luck to covertly get an address and name from a license plate in many states. If you don't mind the owner of the vehicle knowing you are looking for them then use a Request for Record Information (INF 70) form found here:http://dmv.ca.gov/forms/inf/inf7...

In other states, such as Minnesota you can simply go onto the many database sites online and pay a small fee $.25 (Accurint/TLO) to $50 for the shaddy websites to get the information. TLO (www.tlo.com) takes it one step further and shows you pictures of the make/model/color of the vehicle. Nice touch.

Lastly there is Google. You would be surprised that even license plate information can be found online. An old trick I use to use back in the day was searching Government Smog check sites for the plate. Not only would they say if the car passed or not, often the website would list the smog shop that serviced the car or vin # of the car. Then I would search the vin for more details and/or ask the smog shop for the vehicle owners information...

See question on Quora
August 17, 12:58 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

I have to disagree with Alex K. Chen's statement about Anonymous. The hacking done by the collective group Anonymous and Lulzsec is the greatest example of destructive hacking used for good. Have the targets been controversial and illegal? Yes. Has the damage cost millions? Yes. But their hacks truly have been for the greater good vs self interest.

Instead of using their black hat skills to covertly penetrate systems, steal millions of our credit cards and silently slip back into the night, the two groups are exposing major security holes by publicly outing the company or government they have chosen to attack (most oftentimes also behind a social issue). The constant news about such hacks and leaked information has awaken the IT security world and caused many global businesses and governments to take a more serious view on security and protecting their user's data/privacy. Just think if Anonymous as a white hat group went to Sony with their findings privately. Sony would be grateful no doubt, but how long would it take to fix there security holes? Could other hackers be in the same systems riding the zero day attack? With the publicity from Sony and other attacks, security was increased and should be taken seriously now...

On a personal note: Anonymous cannot be controlled based on its design. However I do agree with a recent panel discussion at Defcon that Anonymous should continue their mission by attacking dictators, child porn sites and other obvious abuses on the internet. Just my two cents.

See question on Quora
August 17, 12:43 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

As Tom Robinson stated, connect to a VPN whenever on wifi. I prefer Cyberghost. Its free, fast and easy to use for any level of computer user. cyberghostvpn.com.

See question on Quora
August 14, 03:28 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

Actually this hack would be easy to pull off for even a non-computer nerd.

Step 1) Use a War Dialing program in the school's prefix. I.e: Call all numbers between 904-0000 and 904-9999 looking for unlisted modem connections at the school.

Step 2) Simple password guessing or social engineering. Remember this was the 80's. Not a lot of education on strong passwords or leaving a user name taped to the desk.

Step 3) Change your grades.

Pretty simple if the stars are aligned for you.

See question on Quora
July 27, 02:41 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

Nothing is more easy then buying a Seagate FDE drive. Computer turns on, type in password, drive unlocked, boot up starts. When computer turns off, drive stays encrypted. The problem comes into play at an enterprise level with key/password management.

Unfortunately people are blind to protecting themselves and the governement isn't going to push encryption (without a backdoor) on the population. Companies like WD and Seagate should sell all drives with FDE at no added cost and make it a standard...

See question on Quora
July 27, 02:37 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

My experience has shown Jan Mixon's statement about non-chain convenience stores as huge money laundering operations to be true 100%. Plus they are everywhere. Lets just say I could walk into a store front operation (covert camera recording for documentation) and spot if the store was a front in seconds...

The best business front I ever ran into was an African Arts and Antique store. All the items were bulk purchased trinkets from third world corners probably for pennies and confirmed Pier One Import cheesy art, priced 1000% mark up or more and then "sold" on the books to clean the cash...

See question on Quora
July 27, 02:29 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

Bitcoin might sound like a good tool for laundering money after repeated statements about bitcoins being anonymous, however researchers have just published work "An Analysis of Anonymity in the Bitcoin System"(http://arxiv.org/abs/1107.4524) that proves different. For a quick recap of there findings see: http://anonymity-in-bitcoin.blog...

Long story short the researchers were able to identify the suspect of a recent bitcoin theft by tracking patterns found in the users public transaction keys over time. This effectively shuts down the anonymous argument and may lead to tracking of criminals using Bitcoins for Silk Road or money laundering...

See question on Quora
June 24, 02:19 PM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

Synthetic cannabis.

See question on Quora
June 03, 09:32 AM
Brandon Gregg, Corporate Investigations, Intelligence Gatherin...

The objective is to save lives. Zipping down the highway, often higher than the posted speed limit can come to a deadly end when you approach a construction zone. However having a CHP posted with their lights flashing or flares near/on a construction zone can decrease a driver's speed and remind them to drive safe.

See question on Quora
abcdefghijklmnopqrstuvwxyz abcdefghijklmnopqrstuvwxyz