A Technical Autopsy of the Apple – FBI Debate using iPhone forensics | SANS DFIR Webcast

There is much confusion surrounding what is possible and not possible technically when iPhone forensics is discussed. Focusing solely on the technical matters at hand with the industries top Smartphone experts, we aim to answer these key questions:

What kind of evidence could one generally expect to obtain on the iPhone 5c running iOS 9?
What can be generally extracted with iPhone forensics?
Why does everyone keep talking about the iOS version?
Why is the iPhone so secure?
If the FBI unlocks the phone, what might they find?
What additional steps could be taken at this point?

This webcast aims to answer only the key technical questions of what is possible and not possible regarding iPhone forensics so you can be armed to answer questions for your own organization and your peers in the community.

Link to BLOG ARTICLE: https://digital-forensics.sans.org/bl…

Additional information and courses on iPhones at SANS:
https://www.sans.org/course/advanced-…
https://www.sans.org/course/mac-foren…

Speaker Bios

Heather Mahalik

Heather Mahalik is leading the forensic effort for Ocean’s Edge as a project manager. Heather’s extensive experience in digital forensics began in 2003. She is currently a certified instructor for the SANS Institute and is the course lead for FOR585: Advanced Smartphone Forensics. Most of Heather’s experience includes:

Smartphone forensics: including acquisition, analysis, vulnerability discovery, malware analysis, application reverse engineering, and manual decoding Forensic instruction on mobile, smartphone, computer and Mac forensics in support of the U.S. Government, LE, and commercial level Co-author of Practical Mobile Forensics, currently a best seller from Pack’t Publishing Technical editor for Learning Android Forensics from Pack’t Publishing. Previously, Heather led the mobile device team for Basis Technology, where she focused on mobile device exploitation in support of the U.S. Government. She also worked as a forensic examiner at Stroz Friedberg and the U.S. State Department Computer Investigations and Forensics Lab, where she focused her efforts on high profiles cases. Heather maintains www.smarterforensics.com where she blogs and hosts work from the digital forensics community.

Sarah Edwards

Sarah is a senior digital forensic analyst who has worked with various federal law enforcement agencies. She has performed a variety of investigations including computer intrusions, criminal, counter-intelligence, counter-narcotic, and counter-terrorism. Sarah’s research and analytical interests include Mac forensics, mobile device forensics, digital profiling, and malware reverse engineering. Sarah has presented at the following industry conferences; Shmoocon, CEIC, BsidesNOLA, TechnoSecurity, HTCIA, and the SANS DFIR Summit. She has a Bachelor of Science in Information Technology from Rochester Institute of Technology and a Master’s in Information Assurance from Capitol College.

Cindy Murphy

Detective Cindy Murphy works for the City of Madison, WI Police Department and has been a Law Enforcement Officer since 1985. She is a certified forensic examiner and has been involved in digital forensics since 1999. She earned her Master’s degree in Forensic Computing and Cyber Crime Investigation through University College, Dublin in 2011. She has directly participated in the examination of many hundreds of hard drives, cell phones, and other items of digital evidence pursuant to criminal investigations including homicides, missing persons, computer intrusions, sexual assaults, child pornography, financial crimes, and various other crimes. She has testified as a computer forensics expert in state and federal court on numerous occasions, using her knowledge and skills to assist in the successful investigation and prosecution of criminal cases involving digital evidence. She is also a part time digital forensics instructor at Madison College, and a part time Mobile Device Forensics instructor for the SANS Institute.

. . . . . . . .

Print Friendly

Leave a Reply