Lodrina Cherne

A lifelong curiosity about technology and puzzles, and particularly codes and cryptography, made digital forensics a perfect career for Lodrina Cherne. She sees forensics investigation as a series of facts and data waiting to be identified and discovered, sometimes leading to a clear path, other times showing the investigator that more needs to be done. Lodrina brings that curiosity to her professional work and to her role as an instructor for SANS FOR500: Windows Forensic Analysis.

More About Lodrina


Lodrina became a SANS instructor to help instill solid foundational skills, practices, and techniques in students to advance their understanding of Digital Forensics and Incident Response (DFIR), as well as to advance the overall DFIR profession. Lodrina finds it particularly rewarding that even one footnote or a single mention among the hundreds of pages covered in a week-long course can help a student someday break a case.

Lodrina's goal as an instructor is to help students look at an investigation from multiple angles by using different tools to find as many facts as possible. She wants her students to understand the mindset needed and the possible blind spots to be explored when investigating a case. "Even when Windows upgrades and new artifacts are present, we will work to understand the different investigative techniques needed," she explains.

Lodrina also helps students use forensic principles to understand artifacts they might not have even known existed, providing a strong sense of user activity. These artifacts include logons, the external devices used, and the websites visited, among many others.

Lodrina is a Partner and Services Product Manager at Cybereason, where she collaborates with customers to deliver optimal solutions. Previously she worked as a computer forensics examiner for Arsenal Consulting, where she focused on preservation and analysis of electronic evidence, including host-based analysis of Windows, macOS, Android, and iOS systems in matters concerning intellectual property theft, employment disputes, and evidence tampering.

Lodrina has been pursuing her interests or working in cybersecurity for nearly 15 years. In one particularly memorable investigation, she helped in the acquittal of more than 200 foreign imprisoned senior military officers in Turkey after showing that the electronic documents used to indict them were forged. Known as "Sledgehammer," the case involved sophisticated forgery and backdating of documents related to a military coup in Turkey. Lodrina explained that while everything in the indictment initially looked "right" on the surface to tools and parsers, a few details just didn't line up. "Digging through documents at the lowest level and finding the answers in hex was extremely satisfying and had real-world ramifications for the people who had been wrongly indicted," she says.

Lodrina has a bachelor's degree in computer science from Boston University and holds the GCFE, GCFA, and GASF certifications. She is a member of the GIAC Advisory Board, contributes to the Forensics Wiki, and is a two-time Lethal Forensicator Coin Holder.

Lodrina is a powerhouse outside of work as well. She's an internationally classed powerlifter who earned the title of National Champion at the 2013 USA Powerlifting championship and received the bronze medal at the 2014 IPF World Championships. She is also a volunteer case reviewer for the Massachusetts foster care system.