These days Heather is the Senior Director of Digital Intelligence at Cellebrite. At the SANS Institute, Heather the DFIR Curriculum Lead, fellow instructor, author, and the course lead for FOR585: Smartphone Forensic Analysis In-Depth. As if that isn't a full enough schedule, Heather also maintains www.smarterforensics.com, where she blogs and hosts work from the digital forensics community. She is the co-author of Practical Mobile Forensics (1st and 2nd editions), currently a best seller from Pack't Publishing, and the technical editor for Learning Android Forensics from Pack't Publishing.
Heather is passionate about digital forensics because she loves always having to learn something new. "This field moves so quickly. It is literally impossible to get bored," she says. "If you find yourself bored, branch into another realm of digital forensics. The possibilities are endless and so is the fun! I love digging for artifacts and solving the puzzle."
Heather particularly likes working on mobile and third-party applications, a focus of her work. "I love cracking and hacking into apps that are supposed to be secure," she explains.
She cites her role as a SANS instructor as one of the most fulfilling achievements of her career. Heather loves it when students reach out to tell her that, thanks to her course, they put a criminal away for many years. As she says: "Nothing compares to knowing that the effort you put into writing and maintaining a course makes the world a better and safer place. SANS gives me the opportunity to share that with others."
Heather's background in digital forensics and e-discovery covers smartphone, mobile device, and Windows forensics, including acquisition, analysis, advanced exploitation, vulnerability discovery, malware analysis, application reverse-engineering, and manual decoding, as well as instruction on mobile devices, smartphones, and computers covering Windows, Linux and Macintosh operating systems.
What's her favorite topic to teach from that impressive résumé? "Decrypting and decoding the unparsed data!" she says. "I spend almost 90 percent of my day job trying to crack into the tough stuff, and my experience naturally flows into the classroom."
Heather previously led the mobile device team for Basis Technology, where she focused on mobile device exploitation in support of the federal government. She also worked as a forensic examiner at Stroz Friedberg and the U.S. State Department Computer Investigations and Forensics Lab, where she handled a number of high-profile cases. She has also developed and implemented forensic training programs and standard operating procedures.
Outside of work, Heather puts her passions into being a mom, cooking, reading, traveling, and drinking fine wine and bourbon.
Hear Heather talk about proper handling of devices in an investigation here:
ADDITIONAL CONTRIBUTIONS BY HEATHER MAHALIK:
View all the Ask the Expert with Heather Mahalik here.
- iOS_sms_parser - Parses iOS11 messages and handles the 18 digit timestamps. Will parse older iOS versions as long as iOS 11 was installed.
- apple_cloud_notes_parser - Parser for Apple Notes data stored on the Cloud as seen on Apple handsets
- iLEAPP - iOS Logs, Events, And Preferences Parser
- ALEAPP - Android Logs Events And Protobuf Parser
- DFIR-SQL-Query-Repo - Collection of SQL query templates for digital forensics use by platform and application.
- 4n6-scripts - Forensic Scripts
Heather was named as a 2020 Key Influencer in DFIR by Pro Digital
You can read Heather's blog here.