"In seeking the truth, I am both a scientist and philosopher. The scientist part of me wants to know how, while the philosopher part of me wants to know why." Jason Jordaan
A self-described philosophical science and tech nerd, Jason's career in digital forensics grew with the developing field. He first joined the South African police force as a detective fresh out of school, putting his problem-solving talents to use. As the only one in his unit interested in computers, Jason was given every case that looked even remotely like it involved technology. This was in the early 1990s during the early stages of digital forensics, and practitioners like Jason were laying the groundwork for a whole new discipline, even if they didn't realize it at the time.
When he moved to the Special Investigating Unit within South Africa's Department of Justice, Jason developed a formal digital forensics lab for the unit, eventually becoming the national head of the Cyber Forensic Laboratory of the Special Investigating Unit.
As one of the founders of modern-day digital forensics, Jason has perspective on the gaps in training that have existed within the field, which is one of the reasons he began teaching at SANS.
"SANS instructors are real global leaders in their fields, in many ways the best of the best, and I wanted to be part of that elite group," Jason says. "I also loved that SANS instructors were not only some of the best technical teachers in the world, but that all of them were real-world practitioners who taught what they do. SANS instructors are practical experts sought after around the world for their skills and expertise, and they love what they do so much that they share it through teaching."
Beyond being a Certified Instructor for SANS, where he teaches FOR500: Windows Forensic Analysis, Jason also teaches digital forensics and incident response at Rhodes University and serves on the Advisory Board for the Department of Computer Science at the University of Pretoria.
In 2014, Jason left government work to start his own digital forensics practice, broadening his involvement within South Africa and expanding his work to Europe, the United States, and the Middle East. He now serves as the principal forensic analyst at DFIRLABS, an independent digital forensics and incident response laboratory. He is also an active researcher and writer and has published in several textbooks and academic journals. In addition, he remains active in the law enforcement community by mentoring officers in the Asia Pacific region and Europe.
Jason finds testifying in court a particularly fulfilling part of his job. He considers it the ultimate test of the quality of his work. Jason testifies regularly as an expert witness and has established a reputation for objectivity and quality evidence. His extensive court experience has given him insight into the intersection between digital forensics and the law, an important aspect of forensics he shares with his students.
In one complex case, Jason's investigation took over six months and involved a deep-dive analysis of hundreds of compromised computers and services. He uncovered how the hacker had compromised the network, stolen user credentials and source code, modified the code, and created accounts to initiate fraudulent payments, resulting in millions of dollars in losses. When the case went to trial, Jason testified for over two weeks. At the end of the trial, the judge sentenced the perpetrator to a 30-year prison sentence, the longest hacking sentence to date in South Africa, and specifically pointed to the detailed forensic analysis and how it showed the real extent of the hack and the damage that it had done. Following the trial, Jason's expertise was recognized by the South African Department of Justice, and he was invited to serve on an advisory board headed by the Deputy Minister of Justice to develop new cyber-crime legislation.
Jason's passion for the craft is evident in his work and in the classroom. "For many people digital forensics is a job they do, but for me it is who I am. It is part of my DNA and core," he says. Because of this, Jason's teaching philosophy is focused on sharing what he loves, and he is passionate about equipping students with the skills and knowledge to catch the bad guys, protect the innocent, and make an impact in the world.
Jason also recognizes that the learning never stops. "We need to be comfortable living in a world where we have to constantly learn or else risk becoming obsolete," he says. "As an active digital forensic practitioner, I am constantly working on cases, and using the very same methods and techniques that I teach in class to get answers. Everything that I teach I use."
Beyond the methods and techniques, Jason also teaches students to understand what's happening at the file system, operating system, and application level so that they can apply their knowledge critically to determine optimal solutions. Plus, he has some pretty great war stories to share.
Jason has master's degrees in computer science and forensic investigation, an honors degree in information systems, and bachelor's degrees in criminal justice computer science and policing. He is currently completing a PhD in computer science and holds the CFCE, GCFE, GCFA, GCIH and CFE certifications.
When he's not reading, experimenting, or learning about digital forensics, Jason channels his passion for technology and problem-solving into building Lego projects with his son, playing console and board games (he admits he's played his share of Dungeons and Dragons), and pursuing his interest in Star Wars and Star Trek. Jason is also an avid field hockey player and plays competitively in the Masters Interprovincial Division, and he is a long-time martial artist practicing Ninpo.
- 20+ year veteran of the digital forensics field
- Former National Head of the Cyber Forensic Laboratory of the Special Investigating Unit in South Africa, which he developed
- Certified Instructor for SANS FOR500: Windows Forensic Analysis
- Teaches digital forensics and incident response at Rhodes University
- Serves on the Advisory Board for the Department of Computer Science at the University of Pretoria
- Law enforcement officer mentor in the Asia Pacific region and Europe.
- Trainer, lecturer, and mentor in the field of digital forensics since 2010
- Researcher and writer whose work has been published in several textbooks and academic journals
- GIAC Certified Forensic Examiner (GCFE)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Incident Handler (GCIH)
- Certified Forensic Computer Examiner (CFCE)
- Certified Fraud Examiner (CFE)
Get to Know Jason Jordaan
ADDITIONAL CONTRIBUTIONS BY JASON JORDAAN:
Securing Your Future in DFIR, April 2020
Behind the Incident, October 2019
Tips and Techniques for Testifying Successfully, March 2018
Working with the Lawyers, February 2018
So You Have to Testify, Now What?, February 2018