"Sometimes there's a moment in a case where I find a crucial piece of evidence hidden away where not many investigators would think to look. And I think to myself, 'I'm glad I was the one to work on this case, because this finding was important.' That's how I know I'm in the right field." ~ Hal Pomeranz
Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has worked with law enforcement agencies in the United States and Europe, and with global corporations.
While perfectly at home in the Windows and Mac forensics world, Hal is a recognized expert in the analysis of Linux and Unix systems, and has made key contributions in this domain. His EXT3 file recovery tools are used by investigators worldwide. His research on EXT4 file system forensics provided a basis for the development of open source forensic support for this file system. Hal has also contributed a popular tool for automating Linux memory acquisition and analysis. But Hal is fundamentally a practitioner, and that's what drives his research. His EXT3 file recovery tools were the direct result of an investigation, recovering data that led to multiple indictments and successful prosecutions.
Raised in the Open Source tradition, Hal shares his most productive tools and techniques with the community via his GitHub and blogging activity. And nobody can show you how to forensicate with Open Source tools like Hal!
Hal is a SANS faculty fellow and the creator and primary instructor for the Securing Linux/Unix (SEC506) course. In the SANS DFIR curriculum he teaches Advanced Digital Forensics, Incident Response, and Threat Hunting (FOR508), Advanced Network Forensics and Analysis (FOR572), Mac Forensics Analysis (FOR518), and Reverse-Engineering Malware: Malware Analysis Tools and Techniques (FOR610). Hal holds the GIAC certification for the following courses: GCUX, GCFA, GNFA, and GREM.
Hal is a regular contributor to the SANS Digital Forensics and Incident Response blog and co-author of the Command Line Kung Fu blog. He's a former board member for USENIX, BayLISA and BackBayLISA; former technical editor for Sys Admin Magazine; and a respected author and highly rated instructor at industry gatherings worldwide. Hal is an avid baseball fan, so in the summer you'll usually find him at his local minor league ballpark or catching up on major league games. He enjoys travel, theatre, and food (both cooking and eating), but his first priority is keeping up with the interests of his kids: Disney, gymnastics, Legos, and video games.
Get to Know Hal
- Over 25 years of industry experience
- Founder and Principal Consultant for Deer Run Associates
- GIAC Certified Forensic Analyst (GCFA), Network Forensic Analyst (GFNA), Malware Analyst (GREM), and Unix Administrator (GCUX)
- SANS Faculty Fellow and SANS' longest tenured instructor
- Hal is a contributor to the SANS Digital Forensics and Incident Response blog
Learn more about Hal Pomeranz in this DFIR Hero interview on the SANS DFIR Blog.
Here's What Students Are Saying about SANS Certified Instructor Hal Pomeranz:
"Great intro to malware analysis. Hal Pomeranz, instructor, was extremely knowledgeable on the subject. Highly recommended." - Jonathon Hinson, Duke Energy
"Hal is one of the finest instructors I've ever had the pleasure the take a class from. He possesses the rare ability to bring information on cutting edge techniques to the classroom and present it in a way that makes his students comfortable with these techniques as if they were old hat." - Chris Calabrese, Medco Health Solutions, Inc.
Listen to Hal discuss Incident Response Event Log Analysis.