Graeme Edwards
Queensland Police Service (QPS)
Graeme Edwards has been an investigator in the Financial and Cyber Crime Group in Brisbane for the past twelve years. He has conducted numerous investigations into cyber and financial crime, its effects on consumers and identifying new methodologies on how criminals are using the internet.

Detective Edwards has been a member of the Queensland Police Service since March 1999, having previously been a Detective in the New Zealand Police Service. He is a Certified Fraud Examiner and is the current President of the Brisbane chapter of the Association of Certified Fraud Examiners. He has provided presentations to many organisations ranging from community groups to national and international conferences covering subjects including cybercrime, financial crime, cloud computing, social engineering and current criminal methodologies targeting business. He has also providing cyber and fraud awareness training to businesses and company boards.

Detective Edwards has successfully completed a Doctorate of Information Technology with a thesis of investigating cybercrime in a cloud-computing environment, a Masters of Information Technology (Security) and a Bachelor of Business Studies (Information Technology).

TUTORIAL: Cybercrime scene management and evidence preservation (Half Day)

When a cyber breach occurs, the victim organisation may view it as a security issue or an event requiring investigation to recover the stolen data as well as identify and prosecute the person behind the attack. This is particularly relevant when the person behind the data breach is an internal employee or contractor.

In the event an investigation is undertaken to identify and prosecute a suspect, the investigation is subject to the same rules of evidence as any police investigation and the manner in which evidence is identified, secured and examined may be subject to intense legal scrutiny. There are many hazards in operating what is in effect a crime scene and this presentation will provide an understanding of the practical steps you can take to identify, secure and examine evidence.

This tutorial will discover many of the legal and investigative steps you will need to comply with including planning for an investigation, scene investigation, dealing with a suspect, evidence collection, preparation of evidence for a court hearing and how to prepare a referral to police for follow up investigation.

TUTORIAL: The first 72 hours of legal and investigative incident response (Half Day)

This workshop covers in detail the first 72 hours of investigative action and legal considerations after a cyber breach. The workshop will be aimed towards managers required to oversee or respond to a cyber incident as well as those required to brief senior managers.

This workshop will run in detail through the first 72 hours of a data breach from the initial incident, actions by the incident response team, how to obtain and handle evidence in a forensically sound manner, legal options available to the business and compliance with mandatory data breach rules. There will be detailed analysis of the decision making process with regards to identification, preservation and seizure of evidence and the potential legal consequences of making errors.

Presented by Nicole Murdoch (Intellectual Property and Information Security Director of Bennett & Philp Lawyers and Director of AISA) and Dr Graeme Edwards (Director of CYBERi and former Fraud and Cyber Crime Detective) this workshop covers both the investigative and legal aspects of a data breach. Each presenter will share war stories and tips from their considerable respective experiences in investigating and prosecuting cyber incidents, highlighting the pitfalls of failing to account for the requirements of the law.

Learning’s include: 1. Initial reactions by the business; 2. Actions by an Incident Response Team, including legal assessment; 3. How to obtain evidence securely for a possible court hearing; 4. Rules of the law regarding digital evidence; 5. The use of forensic teams; 6. Planning and implementing your response in 7. Legal options available to the business; 8. Discussions on the data breach notification requirements 9. Tips and war stories from the presenters