Last Day to Save $200! Choose from six courses offered in Northern Virginia- Alexandria

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Mobile Forensics: Recovering Data You May Be Missing

  • Friday, November 22nd, 2013 at 1:00 PM EST (18:00:00 UTC)
  • Paul Henry, Jad Saliba and Lance Mueller

Sponsor

  • Magnet Forensics

You can now attend the webcast using your mobile device!

Overview

Once youve acquired an image of a smartphone or tablet, how can you be sure that youre finding all the possible evidence? The days of being able to easily extract data from a simple feature phone to quickly find standard artifacts like call logs, SMS, contacts, MMS and calendar are going away. The explosion in usage of smartphones that are loaded with user downloaded and configured 3rd party mobile apps for messaging/chat, social media, webmail, and cloud storage has created both a challenge and an opportunity for forensic professionals. The opportunity is clear, these apps can be a goldmine for evidence and their importance and relevance to investigations are continuing to rise. However, the challenge of recovering mobile app data is significant; for starters, most mobile forensic tools are geared to towards image acquisition and basic decoding but dont focus on all the potential evidence that can be found in mobile apps and in the deleted space of the phone.

Below are some fast facts on just how important mobile apps have become.

  • Mobile Chat Apps Users of mobile chat apps like Whatsapp, Kik Messenger, Skype , etc. send over 50B messages per day. In fact, chat apps have now overtaken SMS in terms of message volume.
  • Mobile Picture Sharing Apps - Users of apps like Snapchat, Instagram, Facebook, and Flickr are sharing a combined 600M pictures & videos daily
  • Webmail - 90% of smartphone users are accessing webmail accounts (Gmail, Hotmail, Yahoo etc.) on their phones daily
  • Social Networking - 47% of the worlds social networking activity (Facebook, Twitter, Google+, Linkedin) is being done on mobile devices
  • Cloud Storage Apps - Dropbox alone has over 175M active users many of which are uploading content directly from their smartphone or tablet

Join Paul Henry from SANS who will be discussing mobile forensics trends and challenges followed by a live demo of Internet Evidence Finder (IEF) Advanced from Jad Saliba and Lance Mueller of Magnet Forensics

Speaker Bios

Paul A. Henry

Paul Henry is a Senior Instructor with the SANS Institute and one of the world's foremost global information security and computer forensic experts with more than 20 years' experience managing security initiatives for Global 2000 enterprises and government organizations worldwide.

Paul is a principal at vNet Security, LLC and is keeping a finger on the pulse of network security as the security and forensic analyst at Lumension Security.

Throughout his career, Paul has played a key strategic role in launching new network security initiatives to meet our ever-changing threat landscape. Paul also advises and consults on some of the world's most challenging and high-risk information security projects, including the National Banking System in Saudi Arabia, the Reserve Bank of Australia, the Department of Defense's Satellite Data Project (USA), and both government as well as telecommunications projects throughout Southeast Asia.

Paul is frequently cited by major and trade print publications as an expert in computer forensics, technical security topics, and general security trends and serves as an expert commentator for network broadcast outlets, such as FOX, NBC, CNN, and CNBC. In addition, Paul regularly authors thought leadership articles on technical security issues, and his expertise and insight help shape the editorial direction of key security publications, such as the Information Security Management Handbook, where he is a consistent contributor. Paul serves as a featured and keynote speaker at seminars and conferences worldwide, delivering presentations on diverse topics including anti-forensics, network access control, cyber crime, DDoS attack risk mitigation, firewall architectures, security architectures, and managed security services.


Jad Saliba

Jad Saliba - Jad Saliba is Founder & CTO, Magnet Forensics (formerly JADsoftware.) As a police officer working in the Waterloo tech crimes unit in 2009, Jad Saliba encountered a challenge. Web and online usage had exploded, and finding Internet-related evidence on a suspect's hard drive was a manual, pain-staking process. Unfortunately for forensic examiners at the time, evidence recovery tools were poor or non-existent, so Saliba decided to put his college programming skills to use and build his very own data recovery software called Internet Evidence Finder. Now referred to simply as 'IEF' by thousands of customers in the world's top law enforcement, government, military and corporate organizations, IEF has become a go-to forensics tool that searches computer hard drives and live memory for data from 60+ Internet-related communications, and gets users to key evidence as quickly and easily as possible so they can build the best possible cases.


Lance Mueller

Lance has had a successful career in Law Enforcement and forensics spanning 24 years, Mueller spent his first 14 years in law enforcement; including a 5-year stint investigating high-tech crimes as a DA investigator assigned to California’s Computer and Technology Crime High-Tech Response team (CATCH). In 2003, Mueller left Law Enforcement for a position with Guidance Software as a Master Instructor and trainer for law enforcement, military, government and corporate examiners. While there, he developed several of the training courses that are still in use by the company. Mueller then transitioned to Guidance’s professional services division where he conducted incident response and forensic examinations for many of their Fortune 500 clients. Mueller then took a position with the US Department of State Antiterrorism Assistance (ATA) program in 2005, traveling to multiple countries to teach digital forensics best practices, setting up computer forensics laboratories and conducting forensic capability assessments. For the last two years, Mueller has worked at Qualcomm as a member of their global security team, responsible for conducting incident response, digital forensics and world-wide investigations. He also maintains a popular forensics blog: www.ForensicKB.com.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.