Mattia Epifani

Today, Mattia is CEO of Reality Net System Solutions, an Italian infosec and digital forensics consulting company, where he works as a digital forensics analyst and expert for judges, prosecutors, lawyers, and private companies, at times serving as an expert court witness.

Mattia also brings his passion and expertise to the classroom as an instructor for SANS FOR500: Windows Forensic Analysis and FOR585: Smartphone Forensic Analysis In-Depth, a topic he's particularly passionate about. "I spend my days trying to acquire and analyze digital devices, smartphones in particular," he says. An expert with a vast knowledge of tools and techniques for forensic investigation, Mattia always tries to find a way to achieve his goal even when no tools exist. "I do forensics on a daily basis testing, developing new methods, and going deeper and deeper, and I love teaching by providing real cases and scenarios to my students," he says.

First introduced to SANS as a student, Mattia attended the 2010 DFIR Summit then proceeded to take four years of training because he loved the people and content at SANS so much. From there, he became an instructor.

More About Mattia

Profile

According to Mattia, the most important thing students learn in his courses is that you need to build your own methodology in forensics. "It is a mix of techniques, rules, procedures, tools, and creativity," he says. "I want to teach students how to build their methodology based on their roles and their resources, like time and money."

Mattia notes that a challenge for students is the need to stay up-to-date with the daily changes in the digital world, such as new devices, operating systems, and applications. He strives to prepare students for these changes by explaining the general concepts behind each area, then providing new methods, often some manual ones, that he's developed for specific cases. Mattia also challenges students to think outside the box when they hit a roadblock. For example, when dealing with a locked phone and no way to overcome that challenge, he encourages students to ask questions like "was the user using any cloud syncing?" and "Is there any request that we can submit to a provider or carrier to obtain some useful data?" "Usage of encryption and protection mechanisms will make a full analysis of a device more and more difficult, but there are still a lot of things that can be done," he says.

And Mattia has had his own "think outside the box" moments to share with students as a learning example. In one experience, he received a call from a law enforcement unit asking for support on a high-profile case in which an iPhone needed to be unlocked. While facilitating a SANS course in Munich, Mattia took the iPhone to the Cellebrite lab one day after class. With their support he was able to unlock the phone and acquire the necessary data, eventually testifying in court. The information he uncovered provided game-changing evidence for the case.

When he's not teaching and consulting, Mattia supports the EVIDENCE2e-CODEX project through the Italian National Council of Research, where he serves as a researcher helping to build a system to facilitate the exchange of digital evidences among law enforcement agencies in Europe.

Mattia obtained a degree in computer science from the university in Genoa, Italy and received post-graduate training in computer forensics and digital investigations in Milan. He also has several certifications in digital forensics and ethical hacking, including GASF, GCWN, GNFA, GREM, GCFA, GMOB, GCFE, ACE, AME, CCE, CEH, CHFI, CIFI, and MPSC.

A regular speaker on digital forensics at Italian and European universities and events, Mattia authored Learning iOS Forensics and Learning iOS Forensics, Second Edition, edited by PacktPub. He is also a member of the Digital Forensics Association (DFA), International Information System Forensics Association (IISFA), ONIF (Osservatorio Nazionale Informatica Forense) and Tech and Law Center. He is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.

Although computers continue to be his primary hobby, Mattia enjoys DJing at parties and cheering on his favorite soccer team, Genoa. He also enjoys traveling to new places around the world and learning about the culture and people of the areas he visits.

ADDITIONAL CONTRIBUTIONS BY MATTIA EPIFANI:

Presentations

Order of Volatility in Modern Smartphone Forensics




Forensic Analysis of Apple HomePod and Apple HomeKit Environment




Checkm8, Checkra1n and the new "golden age" for iOS Forensics




Forensicating the Apple TV




Apple Watch Forensics: Is It Ever Possible, And What Is The Profit?




Mobile Validation - Working together for the Common Good




iOS Third Party Apps Analysis how to use the new reference guide poster




Tools

Android Triage
https://github.com/RealityNet/android_triage

iOS Triage
https://github.com/RealityNet/ios_triage

SANS Posters

Advanced Smartphone Forensics
https://www.sans.org/posters/dfir-advanced-smartphone-forensics/

Android Third-Party Apps Forensics
https://www.sans.org/posters/android-third-party-apps-forensics/

iOS Third-Party Apps Forensics Reference Guide Poster
https://www.sans.org/posters/ios-third-party-apps-forensics-reference-guide-poster/

Windows Third Party Apps Forensics Poster
https://www.sans.org/posters/windows-third-party-apps-forensics-poster/

Blog

https://blog.digital-forensics.it/