Ransomware Investigation
The workshop will be led by Larry Cameron, a globally recognized expert in cybercrime investigations with over two decades of experience. He has successfully solved hundreds of cases and has trained more than a hundred law enforcement agencies across North America, Europe, and Asia—including the FBI, INTERPOL, and Europol.
Mr. Larry Cameron , speaking about the upcoming workshop for the Digital Forensics Conference, set to take place on November 4 and 5 at the Sava Centar in Belgrade, said:

Larry Cameron
CEO at Paradigm Intelligence
This workshop provides hands-on expertise in cybercrime and financial crime investigations. Participants will first explore Dark Web In my workshop, I provide hands-on training in cybercrime and financial crime investigations with a focus on ransomware. We start with a deep dive into ransomware—its methods, impact, and legal challenges—then move into advanced forensics, OSINT techniques, and dark web investigations.
Participants learn to trace crypto transactions, detect laundering services, and analyze real-world cases like REvil and Colonial Pipeline. I also cover ransom negotiation tactics, incident response planning, and compliance strategies.
By the end, attendees gain practical skills to investigate and respond to today’s evolving digital threats.

TARGET AUDIENCE
Financial crime compliance professionals
Investigators
Law enforcement
Regulators
Forensic analysts with prior knowledge of cryptocurrency and digital forensics
KEY TOPICS COVERED
Comprehensive Overview of Ransomware (30 min)
This module covers the history, definition, and evolution of ransomware, detailed profiles of its variants, common attack methodologies and techniques, sector-specific impact analysis (including healthcare, government, and private industries), and legal frameworks with global jurisdictional challenges.
Advanced Cyber Investigative Techniques (45 min)
Participants will learn detailed forensic analysis procedures, how to identify and interpret indicators of compromise (IOCs) and ransomware artifacts, advanced encryption and decryption practices, and both static and dynamic malware analysis techniques.
Deep Dive into OSINT Techniques (60 min)
This session explores OSINT foundations and best practices, profiling of ransomware threat actors, analysis of ransom communications, use of breach databases, and advanced techniques for web reconnaissance and domain intelligence gathering.
Investigating the Dark Web (30 min)
Attendees will gain skills in exploring dark web environments, profiling ransomware-as-a-service (RaaS) models, monitoring and infiltrating ransomware forums, investigating leak sites and darknet marketplaces, and utilizing dark web intelligence tools.
Extensive Ransomware Case Studies (60 min)
Participants will review detailed case studies of major ransomware incidents including WannaCry, Colonial Pipeline, REvil, Ryuk, Conti, and NetWalker, with analysis of law enforcement responses, associated crypto addresses, and extensive IOC databases.
Ransom Negotiations and Communication Strategies (45 min)
This session covers the principles and workflows of ransom negotiations, effective communication strategies, psychological considerations, operational security practices, and includes role-playing scenarios for practical application.
WORKSHOP OBJECTIVES
Equip participants with advanced skills to investigate and analyze ransomware attacks through forensic techniques, malware analysis, and identification of indicators of compromise.
1Enable effective tracking of cybercriminal activity across open and covert networks, including the use of OSINT, dark web monitoring, and profiling of ransomware-as-a-service (RaaS) actors.
2Develop proficiency in blockchain forensics and cryptocurrency tracing to uncover laundering methods, identify illicit wallets, and support lawful asset seizure.
3Strengthen capabilities in ransom negotiation, incident response, and compliance strategies to enhance organizational resilience and support collaboration with law enforcement and regulatory bodies.
4