FOR585: Smartphone Forensic Analysis In-Depth
Online
Upcoming Courses
Profile
These days Heather is the Senior Director of Community Engagement at Cellebrite. At the SANS Institute, Heather the DFIR Curriculum Lead, faculty fellow instructor, author, and the course lead for FOR585: Smartphone Forensic Analysis In-Depth. As if that isn't a full enough schedule, Heather also maintains www.smarterforensics.com, where she blogs and hosts work from the digital forensics community. She is the co-author of Practical Mobile Forensics (1st -4th editions), currently a best seller from Pack't Publishing, and the technical editor for Learning Android Forensics from Pack't Publishing and SQLite Forensics by Paul Sanderson. Heather is featured in Women Know Cyber as one of the 100 fascination females fighting cybercrime.
Heather is passionate about digital forensics because she loves the challenge.. "This field moves so quickly. It is literally impossible to get bored," she says. "If you find yourself bored, branch into another realm of digital forensics. The possibilities are endless and so is the fun! I love digging for artifacts and solving the puzzle. I feel like I learn something new every day."
Heather particularly likes working on smartphone and third-party applications, a focus of her work. "I love cracking into and decoding apps that are supposed to be secure," she explains.
She cites her role as a SANS instructor as one of the most fulfilling achievements of her career. Heather loves it when students reach out to tell her that, thanks to her course and research, they put a criminal away for many years or exonerated the innocent. As she says: "Nothing compares to knowing that the effort you put into writing and maintaining a course makes the world a better and safer place. SANS gives me the opportunity to share that with others."
Heather's background in digital forensics and e-discovery covers smartphone, mobile device, and Windows and Mac forensics, including acquisition, analysis, advanced exploitation, vulnerability discovery, malware analysis, application reverse-engineering, and manual decoding, as well as instruction on mobile devices, smartphones, and computers covering Windows, Linux and Macintosh operating systems.
What's her favorite topic to teach from that impressive résumé? "Decrypting and decoding the unparsed data and writing SQL queries!" she says. "I spend a good chunk of my day job trying to crack into the tough stuff and help validate artifacts of interest of high-profile cases, and my experience naturally flows into the classroom."
Heather previously led the mobile device team for ManTech and Basis Technology, where she focused on mobile device exploitation in support of the federal government. She also worked as a forensic examiner at Stroz Friedberg and the U.S. State Department Computer Investigations and Forensics Lab, where she handled a number of high-profile cases. She has also developed and implemented forensic training programs for the U.S. military and standard operating procedures. Heather is a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.
Outside of work, Heather puts her passions into being a wife, mom, cooking, reading, traveling, and drinking fine wine and bourbon.
ADDITIONAL CONTRIBUTIONS BY HEATHER MAHALIK:
WEBCASTS
How To Secure Remote Workers For The Long Haul: Protecting VPN, RDP, Webcams and Beyond
How Are Remote Workers Working? A SANS Poll
SANS Women in Cybersecurity Forum
Women in Cybersecurity: A SANS Survey Panel Discussion
Women in Cybersecurity: A SANS Survey
Skip this Webinar - It's just everything you need to know about smartphones
No tool fits all – Why Building a solid Toolbox Matters
iOS 11 isn't all fun and games. What we know so far and ways to handle unsupported data sets
A glimpse of the NEW FOR585 Advanced Smartphone Course
Phoning it in: Heather talks about smartphone forensics
PRESENTATIONS
RSA 2023
RSA 2022
RSA 2020
The 5 Most Dangerous New Attack Techniques and How to Counter Them, RSA 2020
Building a Pattern of Life – Leveraging Location and Health Data- SANS DFIR Summit 2022
They See Us Rollin’; They Hatin’: Forensics of iOS CarPlay and Android Auto - SANS DIFR Summit 2019
Using Apple "Bug Reporting" for Forensic Purposes
View all the Ask the Expert with Heather Mahalik here.
View Tip Tues with Heather Mahalik here.
PODCASTS
Blueprint LIVE at SANSFIRE 2022
Cyber Security Interviews, Episode #080 - Heather Mahalik, Earn the Tool
Behind The Incident - Episode 8 Heather Mahalik
Security Weekly #478 - Heather Mahalik, SANS
RECOMMENDED FREE TOOLS
• ArtEx – Parses iOS extractions, backups, and connected devices. This is an comprehensive tool that simplifies iOS forensics.
• Mush – Simple BPList viewer
• iOS_sms_parser - Parses iOS messages and handles the 18 digit timestamps introduced in iOS 11. Will parse older iOS versions as long as iOS 11 was installed.
• apple_cloud_notes_parser - Parser for Apple Notes data stored on the Cloud as seen on Apple handsets.
• iLEAPP - iOS Logs, Events, And Preferences Parser
• ALEAPP - Android Logs Events And Protobuf Parser
• DFIR-SQL-Query-Repo - Collection of SQL query templates for digital forensics use by platform and application.
• 4n6-scripts - Forensic Scripts created by Adrien Leong.
RECOGNITION
Heather was named a Top 10 Influential Women Leader of 2023 by Mirror Review Magazine
Heather has received multiple Forensic 4:Cast awards for her DFIR work
Heather was named as a 2020 Key Influencer in DFIR by Pro Digital
MORE
You can read Heather's blog here.
Heather was featured on NewsNation with Chris Cuomo discussing the Gilgo Beach Murders.