Flexible Training for Today's Critical Cyber Skills - Available Now with Best Specials of the Year - Learn More


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Mobile Security Solutions Forum

  • Friday, February 19th | 10:30 AM - 2:15 PM ESTFriday, February 19, 2021 at 10:30 AM EST (2021-02-19 15:30:00 UTC)
  • Heather Mahalik, Steve Banda, James Eichbaum, Domenica Crognale, John Gfeller VI, Kimberly Kafka, Brendan McKeague


  • Broadcom
  • Cellebrite
  • Guardsquare
  • Lookout
  • MSAB

You can now attend the webcast using your mobile device!



Join the Interactive Slack Workspace. Earn 6 CPE credits for attending live.

Slack Workspace: sansurl.com/sans-mobile-solutions-forum

Event Overview

Industry experts agree that smartphone users often assign a higher value to the data stored on their mobile device than actual value of the smartphone itself. This logic also applies to laptops and tablets. Yet, while many people know they should secure the valuable data on their computers, they frequently dont extend that protection to whats on their mobile devices.

With the popularity of smartphones and tablets continuing to rise, mobile devices are becoming more of a target to cybercriminals. Many individuals are using smaller devices as they would a desktop or laptop computer. They are storing more personal data and connecting apps to GPS, financial, storage, health, and more without taking the time to read and understand what information theyre allowing them to track, store, and share.

Taking time to understand the latest malware, smartphone operating systems, third-party applications, acquisition shortfalls, extraction techniques (jailbreaks and roots) and encryption is key in keeping mobile security safe in the digital era. Getting a basic understanding of mobile device forensics will arm users with the knowledge needed to protect information on their equipment that could otherwise be used to harm them.

This forum will explore various mobile security topics through invited speakers while showcasing current capabilities available today. Presentations will focus on case-studies and thought leadership using specific examples relevant to the industry as we know it.


10:30 - 11:00 AM EST - Event Welcome

Heather Mahalik, @HeatherMahalik, Chairperson, SANS Institute, @SANSInstitute


11:00 - 11:35 AM EST - Best Practices for Securing Remote Workers

Steve Banda, Senior Manager, Security Solutions, Lookout, @Lookout

As organizations enable employees to work remotely, mobile devices and wireless networks will be key tools for maintaining communication and remaining productive allowing employees to work productively from any device and any location can open users to the risks that come with the shared nature of a mobile device. When your employees work from a personal device with access to corporate data, the device's health must be taken into account. It must be assessed for compliance with corporate security and risk policies.

Join Steve Banda, Senior Manager of Security Solutions at Lookout, to learn best practices for securing your mobile workforce, including:

  • Critical considerations for allowing personal devices to access corporate resources
  • What rights should be granted for devices accessing corporate data
  • How to control specific operating systems from gaining unauthorized access
  • What guidance to give users to remain productive and secure while working remotely


11:35 AM - 12:20 PM EST - The Going Dark Problem: Finding the Light Using Hidden App Data

James Eichbaum, @jeichbaum Global Training Manager, MSAB, @MSAB

In an increasingly privacy-conscious world, app developers are building their software with anonymity and encryption top of mind. But when bad actors exploit these protections, investigators are becoming more often left in the dark, locked out of crucial pieces of evidence critical to solving crimes. Investigators must understand that while mobile forensic tools cannot possibly decode or decrypt every app on the market, there are methods to retrieve hidden app data. Being able to manually analyze and parse data from SQLite databases, WAL files, and other files associated with mobile apps is essential to ensuring you are getting the information needed for your investigations.

This hands-on lab will explore the challenges investigators face analyzing encrypted and privacy-centric apps, and provide the tools you need to dissect them - from understanding the different types of data found within SQLite databases to how the WAL and SHM files work and how they may be the key to a successful investigation.


12:20 - 12:30 PM EST - Break


12:30 - 1:05 PM EST - Life Has No CTRL+ALT+DELETE Interactive Podcast: 30 Minute Malware

Host - Heather Mahalik, @HeatherMahalik, Director of Digital Intelligence, Cellebrite, @Cellebrite_UFED

Guest - Lee Crognale, @domenicacrognal Certified Instructor, SANS Institute, @SANSInstitute

If you are an Apple user, it's no secret that you receive more than just a few nudges to upgrade your iOS firmware, but users may have noticed a bit more urgency in the latest patch, 14.4, made available by the vendor. So why was this plea to upgrade issued with such urgency?

This talk will cover a brief history of iOS malware including vulnerabilities and how they've been exploited, how to protect your devices, and the implications iOS vulnerabilities have on mobile forensic investigations.


1:05 PM - 1:40 PM EST - How to Strengthen Your Mobile Strategy

John Gfeller VI, Principal Solution Engineer, Symantec, A Division of Broadcom, @symantec

Now that work from home has become a regular routine, mobile devices are playing an even more critical role in business. At the same time, mobile has increasingly become an attractive target for malicious actors. Join us to hear Symantec Mobile Engineers Mike Soto and Devyn Prasad who will discuss the key factors every enterprise should consider when building their mobile defense. In this session, you will:

  • Find out why skipping mobile protection in your security plan is not an option
  • Learn why you need mobile technologies that protect against a wide range of mobile threats without sacrificing employee productivity
  • Hear the details of the important elements of a robust mobile defense
  • See a real-world attack illustrating what can happen if a malicious actor successfully pulls off an attack


1:40 - 2:05 PM EST - SANS.edu Penetration Testing and Incident Response Programs

Kimberly Kafka, Admissions Specialist, SANS Institute, @SANSInstitute

Brendan McKeague, Senior Threat Analyst, FireEye, Inc., @FireEye

Learn more about SANS Technology Institutes Penetration Testing and Incident Response Programs, featuring current student and alumni, Brendan McKeague from Mandiant/FireEye.

This presentation will highlight information pertaining to SANS Technology Institute. The SANS Technology Institute is an accredited college and offers programs at the graduate and undergraduate level. Well cover an overview of the schools graduate programs, including; admissions requirements, curriculum review, funding and frequently asked questions. In addition, you will have the opportunity to hear from a current student about his experience at the graduate school.


2:05 - 2:15 PM EST - Closing Remarks

Heather Mahalik, @HeatherMahalik, Chairperson, SANS Institute, @SANSInstitute


Speaker Bios

Heather Mahalik

Heather Mahalik is a SANS senior instructor and course lead for FOR585: Smartphone Forensic Analysis In-Depth. As the senior director of digital intelligence at Cellebrite, Heather focuses on forensic research and making the community smarter on all aspects of digital intelligence. Her background in digital forensics and e-discovery covers smartphone, mobile device, Mac and Windows forensics, including acquisition, analysis, advanced exploitation, vulnerability discovery, malware analysis, application reverse-engineering and manual decoding. Prior to joining Cellebrite, Heather focused on mobile device forensics in support of the federal government and served as a technical lead performing forensic examinations for high-profile cases. Heather maintains www.smarterforensics.com, where she blogs and shares presentations.

Steve Banda

Steve has more than 20 years of experience across marketing, product management, and business analyst roles in financial technology and software companies. Before joining Lookout, he spent 8 years in product management at a technology managed services provider bundling technology solutions for the alternative investment industry. At Lookout, Steve focuses on product and marketing strategies to best position Lookout mobile security solutions and support sales initiatives. In his free time, he enjoys skiing, fishing, golfing and spending time with his family.

James Eichbaum

James Eichbaum is MSAB’s Global Training Manager and instructor. He is a former peace officer, having served a combined total of 16 years with the Modesto Police Department and Stanislaus County Sheriff’s Office in California. As a detective with both agencies, James was a digital forensics examiner assigned to the Sacramento Valley High Tech Crimes Task Force. James possesses a Bachelor’s Degree in Information Systems Security and an Associate’s Degree in Computer Science.

Domenica Crognale

Domenica is one of the course co-authors of SANS FOR585: Advanced Smartphone Forensics. She has been working in digital forensics for more than 10 years and specializing in mobile devices since 2009. In previous jobs she has provided training to military and government agencies, worked on high-profile cases, tested and validated various mobile forensics utilities, and provided security assessments for many mobile applications. In her day job, she spends time dissecting third-party mobile applications, where there is no shortage of interesting data left behind. She maintains multiple certifications including the GASF, EnCE, CCE, and CISSP. @domenicacrognal

John Gfeller VI

John has been with Symantec Enterprise for over 7 years, and in the IT field in general for over 20 years. Before coming to Symantec he worked in IT Security at The Johns Hopkins University Applied Physics Lab, prior to that he was an IT Admin at the Hubble Space Telescope Science Institute.

Kimberly Kafka

As an Admissions Specialist, Kim Kafka assists with the management of prospective student inquiries and applications. She is also part of the team responsible for identifying skilled and academically qualified individuals who would benefit both professionally and personally from a graduate program at SANS Technology Institute.

Brendan McKeague

Brendan currently serves as a Senior Threat Analyst for FLARE Advanced Practices at FireEye, Inc. As a student of the SANS Technology Institute (SANS.edu) he has completed the Penetration Testing & Ethical Hacking Graduate Certificate and is on his way to finishing the Incident Response Graduate Certificate.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.