Last Day to Save $300 on 4-6 Day Cyber Security Courses at SANS Cyber Defense Initiative® in Washington, DC!


To attend this webcast, login to your SANS Account or create your Account.

iOS 11 isn't all fun and games. What we know so far and ways to handle unsupported data sets

  • Wednesday, November 8th, 2017 at 10:30 AM EST (15:30:00 UTC)
  • Heather Mahalik and Domenica Crognale
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


This webcast will cover the latest SANS DFIR blog post "Time is NOT on our side when it comes to messages in iOS 11". SANS instructors Heather Mahalik and Domenica "Lee" Crognale will discuss iOS 11 messages and the differences they have seen compared to older iOS versions. They will walk you through their methods for testing and creating data sets for examination, as well as provide attendees with tips on how to better understand iOS 11 messages. Additionally, they will discuss procedures used for developing the query and how your mobile forensics tools might be blurring the lines on what the data represents.

Smartphones are constantly changing and the†FOR585 course is forced to evolve. The course material has been updated to include 7 new labs, new sections and bonus material for students interested in smartphones that aren't common to all parts of the world, but really matter to some investigations. A glimpse of the new sections in†FOR585 will be also provided in this webcast including, SQLite forensics, advanced third-party application parsing, recovering artifacts from deleted chat applications, Android Nougat, iOS 11 and more!

Speaker Bios

Heather Mahalik

Heather has worked on high-stress and high-profile cases, investigating everything from child exploitation to Osama Bin Ladenís media. She has helped law enforcement, eDiscovery firms, and the federal government extract and manually decode artifacts used in solving investigations around the world. All told she has more than 14 years of experience in digital forensics, including eight years focused on mobile forensics Ė thereís hardly a device or platform she hasnít researched or examined or a commercial tool she hasnít used. These days Heather is the Director of Forensic Engineering at ManTech CARD.†Heather previously led the mobile device team for Basis Technology, where she focused on mobile device exploitation in support of the federal government. She also worked as a forensic examiner at Stroz Friedberg and the U.S. State Department Computer Investigations and Forensics Lab, where she handled a number of high-profile cases. She has also developed and implemented forensic training programs and standard operating procedures.†@HeatherMahalik

Domenica Crognale

Domenica is one of the course co-authors of SANS FOR585: Advanced Smartphone Forensics. She has been working in digital forensics for more than 10 years and specializing in mobile devices since 2009. In previous jobs she has provided training to military and government agencies, worked on high-profile cases, tested and validated various mobile forensics utilities, and provided security assessments for many mobile applications. In her day job, she spends time dissecting third-party mobile applications, where there is no shortage of interesting data left behind. She maintains multiple certifications including the GASF, EnCE, CCE, and CISSP.†@domenicacrognal

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.