Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

Jim Clausing

Certified Instructor CandidateTechnical Consultant, Network Security Architect at AT&T

Specialities

Digital Forensics and Incident Response

Connect with Jim

Jim Clausing
Jump to:

About Jim Clausing

Jim Clausing caught his first attacker in 1981 when he discovered a Trojan login program had been planted on a terminal on his college's computer. "Yes, we had only one computer for the entire college," he recalls. Ever since Jim has been working to secure systems and track down attackers. Today, Jim has over 40 years of experience in the IT field including systems and database administration, and security and research in parallel processing and distributed systems. He's spent the past 20 years as a technical consultant and network security architect for AT&T doing malware analysis, forensics, incident response, intrusion detection, system hardening, and botnet tracking.

Jim serves on the GIAC board of directors, and as a volunteer incident handler at the SANS Internet Storm Center. He co-authored the SANS Press book, Securing Solaris 8 & 9 Using the Center for Internet Security Benchmark, and holds the GIAC Security Expert (GSE) certification (#26).

Press & Media

More From Jim

  • sigs.py Generate md5, sha1, sha256, sha512, sha3-384 signatures from files (potentially recursively)
  • mac_robber.py mac_robber rewritten in python
  • docker_mount.py Script to read-only mount docker layered filesystems (currently supports underlying aufs and overlay2)
  • tln_parse.py Python script to replace parse.exe in Mari's KAPE mini-timeline workflow to give me good yyyy-dd-mm UTC timestamps

Students Say

Slide 1 of 0

Free Resources

Review relevant educational resources made with contribution from this instructor.

Building an Automated Behavioral Malware Analysis Environment using Open Source Software

Whitepaper
  • 18 Jun 2009
  • Jim Clausing

docker_mount.py

Open Source ToolsDigital Forensics and Incident Response
  • 17 Jun 2025
  • Jim Clausing

A few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code

BlogDigital Forensics and Incident Response
  • 16 Apr 2019
  • Jim Clausing

A few Ghidra tips for IDA users, part 2 - strings and parameters

BlogDigital Forensics and Incident Response
  • 22 Apr 2019
  • Jim Clausing