Michael Sandee is one of the worlds foremost financial malware experts and has a long track record of investigating and assisting law enforcement with financial malware investigations. As a key member in the Fox-IT financial malware intelligence unit he works full time day to day on investigating Internet originating financial threats. While a lot of the activity happens behind the scenes there are incidental cases where information of the investigation is shared with the public. Michael has been tracking the ZeuS malware since the first years of its existence up until the last moment of peer-to-peer ZeuS and has also researched many of its variants such as KINS, Citadel and Ice-IX. Black Hat 2015 will be the first time we will provide detailed background information to a larger audience about the peer-to-peer ZeuS investigation. It will detail the malware way beyond its technical capabilities and we will also discuss the legal framework under which we operated.