image of Chris CourtisChris Courtis

Clayton Utz FTS Senior Manager , Sydney T +61 2 9353 4245

Chris works as part of the Cyber capability in the FTS team, leading operational activities within the area of Digital Forensics and Incident Response. 

His work ranges from end-to-end Digital Forensic & Incident Response activities to security hardening and proactive threat hunting across a range of different industries. Chris's work has contributed to reports published by the Auditor General, and he is a regular contributor to the Australian Cyber Security community at large.

Read MoreShow Less


Expand allCollapse all

Forensic and technology services

Financial Services and Insurance

  • Responded to a number of Ransomware cases as part of the Cyber Response panel for an Insurance company. In each case, the company had a large amount of its data returned and was able to resume normal business operations without paying a ransom.
  • Investigation into a cyber-attack against a bank that was used to facilitate an electronic stock fraud, where the attacker was successfully fingerprinted based on their obfuscation techniques.


  • Provided breach disclosure and credit monitoring advice to the legal representation of a multinational manufacturer of retail goods who had its customer database stolen by hackers.

Construction and Real Estate

  • Pre-emptively discovered and halted a ransomware attack from encrypting data while investigating and advising on a separate major data breach.

Government and Local Council

  • Engagement conducted on behalf of a state Auditor General's office. Network monitoring was set up in a number of government departments in order to detect cyber security and policy breaches. The outcome of this investigation was a publicly disclosed report published by the Auditor General.
  • Investigation into the breach of IT Systems maintained on behalf of a state government department. A system containing customer data was left unsecured when an untested patch caused it to accept any user password as the correct password. We provided Crisis advice and Forensic Breach Analysis. Our investigation provided the department with an understanding of which accounts had been affected during the Incident and data on the internet services undertaking the access.
  • Breach detection investigation conducted on behalf of a number of public hospitals. As a result, a number of compromised systems, unmitigated network attacks and a variety of policy violations were discovered.

Energy & Resources

  • Response to a number of cyber-attacks against energy infrastructure organisations, where the attacker was isolated and contained before they were able to pivot into the industrial control system network.
  • Investigation into the breach of a safety system that had been deployed on cloud infrastructure to track the location of mining contractors and employees while in remote parts of Australia.
  • Responded to an "advanced persistent threat" discovered on a laptop. The threat allowed an attacker to steal banking credentials and redirect nearly a million dollars in payments. Contained the threat and assisted the client in successfully pursuing an insurance claim.


  • Conducted an Incident Response on behalf of an organisation with more than 50 locations. It had experienced a digital intrusion that resulted in a data loss incident across a number of its regional locations. Our team identified the attacker's access methodology, linking them back to a former member of staff. After containing the attacker's access, we were able to track the attacker's movements across multiple office locations and administrator accounts. Our team identified key data which was accessed and destroyed, and provided accurate reporting and analysis to its legal representation supporting both breach disclosure and insurance claims.

See Forensic and technology services


    Related knowledge information is loading