Andrew Moore

Head and shoulders photo of Andrew Moore For media enquiries please contact the Press Team
Senior Lecturer Practitioner
Faculty:
Faculty of Science and Engineering
School:
Computing and Information Science
Location:
Cambridge
Areas of Expertise:
Digital Forensics , Malware and Reverse Analysis , Incident Response and Automation , Cyber Security , Artificial Intelligence , Consulting, Professional Services and Training , Data Centre Management
Research Supervision:
Yes

Andrew is a digital forensics and cyber security professional with over 10 years of experience. He has worked in small and large-scale financial and security consulting firms. He works as a Digital Forensics Consultant at ALT Digital Investigations Ltd, and trains security professionals. He is experienced in digital forensics, malware reverse analysis, cyber security, data centre management, and e-discovery.

Andrew is also the Course Director for ARU's BSc (Hons) Cyber Security and Digital Forensics, and Vice-Chair of the Cyber Forensics specialist group for the British Computing Society (BCS).

Andrew is particularly interested in working with law enforcement, education, and professional services, and welcomes emails and messages from potential collaborators in these areas.

[email protected]

Visit the BCS Cybercrime Forensics specialist group webpage

Follow Andrew on GitHub (most projects are private)

Connect with Andrew on LinkedIn

View Andrew's ResearchGate profile

Background

Andrew is a committed and proactive professional who specialises in using digital forensics, cyber security, consulting, training professional service personnel, data centre management, and e-discovery to develop, create, and innovate how we use technology.

Having worked in companies such as PA Consulting (7safe), FTI Consulting London, and OWASP, he currently leads ALT Digital Investigations in Cambridge, UK.

Andrew was Co-principal investigator for Digital Forensics Standards for ECTEG and Salamanca University, leading on the certification standards for law enforcement and professional services. Andrew was also the Infrastructure Consultant for Bot Prob, a Department for Digital, Culture, Media & Sport (DCMS) backed project with a successful spinout company via CyberASAP funding.

Andrew is also the Research Ethics Chair for Computing and Information Science (CIS) at ARU, and a Facility Research Ethics Panel (FREP) member.

Motivated, hard-working, and happy to teach, he strives to learn from everyone around him. He holds various digital forensics, malware, incident response, and cyber security certifications, an MSc in Cyber Security, a BSc in Digital Forensics, and a PGCE in Learning and Teaching in Higher Education.

Research interests

Typically, Andrew prefers PowerShell or automation-based projects focusing on the following topics. Pedagogical projects in the areas below are also welcome.

  • Artificial intelligence
  • Computer networking
  • Cybercrime and policing
  • Cyber security
  • Digital forensics
  • Incident response
  • Malware reverse analysis

Andrew is a member of ARU's Cyber Security, Networking and Applications Research Group (CNA).

Areas of research supervision
  • Digital forensics
  • Malware
  • Cyber security
  • Incident response
  • PowerShell automation and scripting
Previous projects supervised with student employer commendation awards

2024-2025: (highest per staff member this year):

  • Rosie-Mai Stebbings – Malware Investigations using gamification to train law enforcement and professional services.
  • Harry Lewis – Highly available homelab with Proxmox clustering and edge computing.
  • Jack Overton – Digital Forensics Triage tools using nothing but PowerShell for Windows 10/11 environments.
  • Callum Livingstone – Cyber Security Homelab with containerised deployments using Docker and Ansible playbooks.

2023-2024:

Daniel Brown - Is it feasible for a novice to conduct a Windows 10 Forensic investigation within a 6-month timeframe using open-source tools?

Teaching

Courses:

Module Leader:

  • Advanced Digital Forensics (Windows Environments)
  • Principles of Digital Forensics (Windows Environments)
  • Digital Forensics & Malware Science (Windows Environments)
  • Cloud & IoT (Oracle and AWS Environments, Linux)
  • Mobile Forensics (Android)
Qualifications
  • MSc Cyber Security, Anglia Ruskin University
  • BSc (Hons) Digital Forensics & Information Security, Anglia Ruskin University
  • PGCE Learning & Teaching in Higher Education, Anglia Ruskin University
Certifications
  • Certified Malware Investigation Professional (CMIP) (Distinction), PA Consulting
  • Certified Cyber Investigator (CCI) (Distinction), PA Consulting
  • Certified Malware Investigator (CMI) (Merit), PA Consulting
  • Certified Cyber Security Incident Responder: Hands-On (CSIR), (Distinction) 7Safe
  • Certified Forensic Investigation Specialist (CFIS) (Merit), 7Safe
  • Certified Forensic Investigation Practitioner: Hands-On (Merit) (CFIP), 7Safe
  • Artificial Intelligence with Python (Cert No: UC-RVIH5S51)
  • Machine Learning using Python (Cert No: UC-EDNXZH64)
  • Advanced NetFlow and IPFIX Training, Plixer
Memberships, editorial boards
  • Fellow, the Higher Education Academy (FHEA)
  • Member, the British Computer Society (MBCS)
  • Member, The Open Web Application Security Project (OWASP)
Selected recent publications

Graham, M., Winckles, A. and Moore, A. (2014) 'Botnet Detection in Virtual Environments using NetFlow. In: Edgar-Nevill, D. (Ed.) (2014) Proceedings of the 7th International Conference on Cybercrime Forensics Education and Training - CFET - No. 6. (ISBN: 9781909067158)

Moore, A. and Winckles, A. (2014) 'Learning and teaching in digital forensics'. In: Edgar-Nevill, D. (Ed.) (2014) Proceedings of the 7th International Conference on Cybercrime Forensics Education and Training - CFET - No. 6. (ISBN: 9781909067158)

Moore, A. and Winckles, A. (2013) 'Analysis of Ghost Partitions for Court Room Use'. In: Weir, G. and Daley, M. (Eds.) (2013) Cyberforensics Perspectives : Proceedings of the 3rd International Conference on Cybercrime, Security and Digital Forensics (Cyberforensics 2013). ISBN 978-0-947649-97-5

Recent presentations and conferences

2014 - Cybercrime Forensics Education & Training 2015 (CFET) International Conference, Botnet Detection in Virtual Environments using NetFlow.

2014 - The All-Round Cyber Crime and Security Professional: Circular Teaching for the Professional and the Technical – Experiences from the Witness Box, Anglia learning and Teaching, Cambridge, England.

2013 - Cybercrime Forensics Education & Training 2015 (CFET) International Conference, Analysis of Ghost Partitions for Court Room Use.

Media experience

Interview on Black Friday cyber security advice and consumer issues, ITV Anglia News, November 2024.

'How to spot a cyberbot – five tips to keep your device safe', The Conversation (with Adrian Winckles), 18 January 2023.

Dodgy internet connection? Here’s what might be behind it', The Conversation (with Adrian Winckles), 17 March 2021.

Technical Writer, OWASP Summit, June 2017.