FOR585: Smartphone Forensic Analysis In-Depth™
Online
Upcoming Courses
Profile
These days Heather is the Senior Director of Community Engagement at Cellebrite. At the SANS Institute, Heather is the DFIR Curriculum Lead, faculty fellow instructor, author, and the course lead for FOR585: Smartphone Forensic Analysis In-Depth and SEC403: Secrets to Successful Cybersecurity Presentation. As if that isn't a full enough schedule, Heather also maintains www.smarterforensics.com, where she blogs and hosts work from the digital forensics community. She is the co-author of Practical Mobile Forensics (1st -4th editions), currently a best seller from Pack't Publishing, and the technical editor for Learning Android Forensics from Pack't Publishing and SQLite Forensics by Paul Sanderson. Heather is featured in Women Know Cyber as one of the 100 fascination females fighting cybercrime.
Heather is passionate about digital forensics because she loves the challenge. "This field moves so quickly. It is literally impossible to get bored," she says. "If you find yourself bored, branch into another realm of digital forensics. The possibilities are endless and so is the fun! I love digging for artifacts and solving the puzzle. I feel like I learn something new every day."
Heather particularly likes working on smartphones and third-party applications, a focus of her work. "I love cracking into and decoding apps that are supposed to be secure," she explains.
She cites her role as a SANS instructor as one of the most fulfilling achievements of her career. Heather loves it when students reach out to tell her that, thanks to her course and research, they put a criminal away for many years or exonerated the innocent. As she says: "Nothing compares to knowing that the effort you put into writing and maintaining a course makes the world a better and safer place. SANS gives me the opportunity to share that with others."
Heather's background in digital forensics and e-discovery covers smartphone, mobile device, and Windows and Mac forensics, including acquisition, analysis, advanced exploitation, vulnerability discovery, malware analysis, application reverse-engineering, and manual decoding, as well as instruction on mobile devices, smartphones, and computers covering Windows, Linux and Macintosh operating systems.
What's her favorite topic to teach from that impressive résumé? "Decrypting and decoding the unparsed data and writing SQL queries!" she says. "I spend a good chunk of my day job trying to crack into the tough stuff and help validate artifacts of interest of high-profile cases, and my experience naturally flows into the classroom."
Heather previously led the mobile device team for ManTech and Basis Technology, where she focused on mobile device exploitation in support of the federal government. She also worked as a forensic examiner at Stroz Friedberg and the U.S. State Department Computer Investigations and Forensics Lab, where she handled a number of high-profile cases. She has also developed and implemented forensic training programs for the U.S. military and standard operating procedures. Heather is a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.
Outside of work, Heather puts her passions into being a wife, mom, cooking, reading, traveling, and drinking fine wine and bourbon.
Additional Contributions By Heather Barnhart:
Webcasts
- The DIGital FORensics Series
- How To Secure Remote Workers For The Long Haul: Protecting VPN, RDP, Webcams and Beyond
- How Are Remote Workers Working? A SANS Poll
- SANS Women in Cybersecurity Forum
- Women in Cybersecurity: A SANS Survey Panel Discussion
- Women in Cybersecurity: A SANS Survey
- Skip this Webinar - It's just everything you need to know about smartphones
- No tool fits all – Why Building a solid Toolbox Matters
- iOS 11 isn't all fun and games. What we know so far and ways to handle unsupported data sets
- A glimpse of the NEW FOR585 Advanced Smartphone Course
- Phoning it in: Heather talks about smartphone forensics
Presentations
- RSA 2023
- RSA 2022
- RSA 2020
- The 5 Most Dangerous New Attack Techniques and How to Counter Them, RSA 2020
- Building a Pattern of Life – Leveraging Location and Health Data- SANS DFIR Summit 2022
- They See Us Rollin’; They Hatin’: Forensics of iOS CarPlay and Android Auto - SANS DIFR Summit 2019
- Breaking into DFIR
- Using Apple "Bug Reporting" for Forensic Purposes
- View all the Ask the Expert with Heather Barnhart here.
- View Tip Tues with Heather Barnhart here.
Podcasts
- Blueprint LIVE at SANSFIRE 2022
- Life Has No CTRL+ALT+DEL
- Carved From Unallocated
- Cyber Security Interviews, Episode #080 - Heather Barnhart, Earn the Tool
- Behind The Incident - Episode 8 Heather Barnhart
- Security Weekly #478 - Heather Barnhart, SANS
Recommended Free Tools
• ArtEx – Parses iOS extractions, backups, and connected devices. This is an comprehensive tool that simplifies iOS forensics.
• Mush – Simple BPList viewer
• iOS_sms_parser - Parses iOS messages and handles the 18 digit timestamps introduced in iOS 11. Will parse older iOS versions as long as iOS 11 was installed.
• apple_cloud_notes_parser - Parser for Apple Notes data stored on the Cloud as seen on Apple handsets.
• iLEAPP - iOS Logs, Events, And Preferences Parser
• ALEAPP - Android Logs Events And Protobuf Parser
• DFIR-SQL-Query-Repo - Collection of SQL query templates for digital forensics use by platform and application.
• 4n6-scripts - Forensic Scripts created by Adrien Leong.
Recognition
- Heather was named a Top 10 Influential Women Leader of 2023 by Mirror Review Magazine
- Heather has received multiple Forensic 4:Cast awards for her DFIR work
- Heather was named as a 2020 Key Influencer in DFIR by Pro Digital
More
- You can read Heather's blog here.
- Heather was featured on NewsNation with Chris Cuomo discussing the Gilgo Beach Murders.
