AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Fabian Mendoza

Fabian Mendoza

…is a current contributor to the DFIR Definitive Compendium Project as of January 2023 and is currently a Senior DFIR Consultant at Palo Alto Networks Unit 42. He was previously a DFIR Manager on KPMG’s Cyber Threat Management team, an Incident Response Consultant within CrowdStrike’s Professional Services division, and a Senior DFIR Investigator within Kroll’s Cyber Risk practice. Fabian’s expertise is primarily within ransomware, advanced persistent threats (APTs), and active cyber intrusions but has also responded to various business email compromises (BECs), insider threat cases, and intellectual property (IP) theft cases. Fabian authored an article titled, The Key to Identify PsExec back in January 2023 on AboutDFIR.com where he introduced a new method for identifying PsExec and the source system that it originated from. Fabian also authored an article titled, GX-FA Exam: My Experience in September 2023 on AboutDFIR.com where he provided feedback and tips on how to prepare for the GIAC Experienced Forensic Analyst (GX-FA) Exam. Fabian also co-authored numerous Anti-Forensics articles during his time at Kroll. Fabian’s most impactful experience occurred in the second half of 2022 when he and his team responded to a high profile active cyber intrusion involving a highly persistent and financially motivated eCrime threat group which originally rose to prominence through their SIM Swapping campaign targeting Telecommunications and Business Process Outsourcing (BPO) organizations.

Fabian earned a Bachelor of Science degree in Information Technology from the New Jersey Institute of Technology in Newark, New Jersey. He also holds multiple GIAC certifications and other various vendor certifications, and is a member of the GIAC Advisory Board. Fabian can be found on LinkedIn and Twitter!