According to Mattia, the most important thing students learn in his courses is that you need to build your own methodology in forensics. "It is a mix of techniques, rules, procedures, tools, and creativity," he says. "I want to teach students how to build their methodology based on their roles and their resources, like time and money."
Mattia notes that a challenge for students is the need to stay up-to-date with the daily changes in the digital world, such as new devices, operating systems, and applications. He strives to prepare students for these changes by explaining the general concepts behind each area, then providing new methods, often some manual ones, that he's developed for specific cases. Mattia also challenges students to think outside the box when they hit a roadblock. For example, when dealing with a locked phone and no way to overcome that challenge, he encourages students to ask questions like "was the user using any cloud syncing?" and "Is there any request that we can submit to a provider or carrier to obtain some useful data?" "Usage of encryption and protection mechanisms will make a full analysis of a device more and more difficult, but there are still a lot of things that can be done," he says.
And Mattia has had his own "think outside the box" moments to share with students as a learning example. In one experience, he received a call from a law enforcement unit asking for support on a high-profile case in which an iPhone needed to be unlocked. While facilitating a SANS course in Munich, Mattia took the iPhone to the Cellebrite lab one day after class. With their support he was able to unlock the phone and acquire the necessary data, eventually testifying in court. The information he uncovered provided game-changing evidence for the case.
When he's not teaching and consulting, Mattia supports the EVIDENCE2e-CODEX project through the Italian National Council of Research, where he serves as a researcher helping to build a system to facilitate the exchange of digital evidences among law enforcement agencies in Europe.
Mattia obtained a degree in computer science from the university in Genoa, Italy and received post-graduate training in computer forensics and digital investigations in Milan. He also has several certifications in digital forensics and ethical hacking, including GASF, GCWN, GNFA, GREM, GCFA, GMOB, GCFE, ACE, AME, CCE, CEH, CHFI, CIFI, and MPSC.
A regular speaker on digital forensics at Italian and European universities and events, Mattia authored Learning iOS Forensics and Learning iOS Forensics, Second Edition, edited by PacktPub. He is also a member of the Digital Forensics Association (DFA), International Information System Forensics Association (IISFA), ONIF (Osservatorio Nazionale Informatica Forense) and Tech and Law Center.
Although computers continue to be his primary hobby, Mattia enjoys DJing at parties and cheering on his favorite soccer team, Genoa. He also enjoys traveling to new places around the world and learning about the culture and people of the areas he visits.
ADDITIONAL CONTRIBUTIONS BY MATTIA EPIFANI:
- ios_triage - Bash script to extract data from a "chekcra1ned" iOS device.