Willi Ballenthin is a reverse engineer at FireEye who specializes in incident response and computer forensics. He can typically be found investigating intrusions at Fortune 500 companies and enjoys reverse engineering malware, developing forensic techniques, and exploring the cutting edge. Willi is the author of a number of cross-platform tools including python-registry, python-evtx, and INDXParse.py.