In her role as a SANS instructor for FOR500: Windows Forensic Analysis, Mari draws on nearly 20 years of experience in the IT industry, including 10 years in Digital Forensics and Incident Response (DFIR). "I love teaching this topic because it is the cornerstone of forensics," she says.
Mari has taken SANS training courses herself and spoken at several SANS conferences, always coming away impressed with the quality of the instructors and the students alike. She cites that as one of the reasons she chose to become a SANS instructor.
"SANS training is top-notch, and the content is always relevant, up-to-date, and applicable to the real world," she explains. A strong believer in giving back to the community, Mari also appreciates SANS's offering of the SIFT workstation and webcasts, as well as its proactive support of women in the industry.
A recent highlight of Mari's career was an invitation to be a keynote speaker at the Women in Cybersecurity
Conference, where she shared her journey into forensics and passion for it with hundreds of women.Mari's varied professional background enables her to relate to students from various career paths who attend her courses. She has worked criminal and civil cases, including providing expert testimony, run her own business where she handled many cell phone cases, and managed a team of investigators for large breach cases in her current position.
For Mari, it's important that her students gain a firm understanding of both the artifacts and the investigative process. "My goal is for every student to walk out and feel confident about working a Windows case," she says.
Of course, keeping up with the constant changes in the industry can be a challenge. In her classes, Mari helps students overcome this hurdle by focusing not just on the tools but on sharing techniques and providing a solid understanding of the artifacts. She also encourages students to stay active in the field by attending training sessions and conferences, and by following blogs and the DFIR Twitter community. "There is no magic tool that will do everything for you," she says, "so there needs to be a clear grasp of the underlaying artifacts and not a complete reliance on tools."
A great example of going beyond the tools is a case where Mari discovered Google Analytics artifacts both inside cookies and within the cache artifacts. The Internet history was deleted, and the Google Analytics artifact was all she had, so Mari researched Google Analytics and wrote a tool, then released it to the community to use. "The Google Analytics artifact literally was the saving grace of that case," she explains. "Since then, I have had numerous people tell me the tool has helped them in their investigations as well."
In addition to being a published magazine author and technical editor for several digital forensics books, Mari maintains a blog on which she shares her research and findings. Her blog has been cited as one of the top 10 blogs in digital forensics, "I am passionate about what I do and am constantly digging to find answers to questions," she says.
In her spare time, Mari enjoys working on Maker projects by volunteering monthly at a non-profit Maker lab for teens. "Each month I come up with a project for the kids to build with their hands, then code it," she says. "I love seeing their reactions and sense of accomplishment after they have completed the project." Mari's overarching goal is to introduce the teens to STEM and show them how fun it can be.