It’s that time of year again – the Forensic 4:Cast awards season and nominations are open. Last year I won 4 awards and my team won an additional 2! It was mind blowing and humbling. Thank you again if you voted for me.
I have taken the time to think over the last two weeks on who I want to nominate and why. Last year I played it safe and made suggestions. This blog is going to be honest about who I personally nominated and why. Take it as suggestions if you are still unsure about who to nominate and why. Note: these are my personal opinions, not those of my company or SANS! https://forms.gle/r7XwVwdoUFR4We4X9
DFIR Commercial Tool of the Year – Cellebrite Physical Analyzer
PA (Physical Analyzer) has made a difference in every smartphone case I have worked. I have used this tool since it’s been logical analyzer and I have witnessed the progress and the growth over the years. Now that I work at Cellebrite, I am able to see what is coming, changes made and sprint plans. I love that I am able to push feature requests and see them integrated. While mobile may be a small facet of DFIR, Physical Analyzer adds major impact and deserves this award.
DFIR Non – commercial Tool of the Year – ArtEx
Ian Whiffin, the mastermind behind ArtEx is also a friend and co-worker of mine. ArtEx is brilliant to say the least and is a tool I rely upon to conduct iOS testing and validation. It is the fastest way to get answers without extracting and parsing data! Not only is ArtEx my new tool of choice for iOS testing, but Ian’s blogs are helpful and detailed! If you find ArtEx is missing something you need – ask Ian! Check it out: https://www.doubleblak.com/blogs.php
DFIR Show of the Year – Life Has No Ctrl+Alt+Del
This show, created by (me) Heather Mahalik and sponsored by Cellebrite has been running for exactly a year at this point. When COVID happened, I wanted a way to cheer up the DFIR community and I created a show that ran at lunch 5 days a week. That lasted 2 weeks and then I cut it back to 3 days a week. That lasted 2 months. After trying to book fresh speakers for each episode, I cut it back to Mondays and it’s still going strong! This show is about us – the DFIR community and what we know, want to know and is a forum to relax, make friends and collaborate. Check it out and start joining on Monday! https://www.cellebrite.com/en/series/ctrl-alt-del/
DFIR Blog of the Year – Cellebrite Ask the Expert
My brilliant co-workers and I have been working on a series called Ask the Expert where you, the community, select topics and we record videos and write blogs on that topic. It’s current, relevant and is ongoing. Check it out here: https://www.cellebrite.com/en/ask-the-expert/
DFIR Book of the Year – iOS Research & Exploration Volume I
James Duffy wrote this book and it’s helpful in understanding key terminology and concepts for iOS devices.
DFIR Article of the Year – How to use iOS Bluetooth Connections to Solve Crimes Faster
This blog https://www.cellebrite.com/en/how-to-use-ios-bluetooth-connections-to-solve-crimes-faster/ was written by Matt Goeckel and myself and literally includes 3 years of research. It has been accepted by the DFIR Review and is hosted on that site as well. Matt and I were both researching this topic for the same Detective before ever meeting. Ironic that our worlds collided and we finished the research and closed the loop. Sharing is caring and Matt and I really do care. 🙂
DFIR Social Media Contributor of the Year – Me :)
I bust my butt on social to keep everyone informed and entertained. So nominate me. @heathermahalik on Twitter if you don’t follow me.
DFIR Training Program of the Year – SANS Cyber Camp
Lee Whitfield created the SANS Cyber Camp that ran 2 times in 2020. He recruited experts from the field to create fresh content and labs for teens around the world. Best part – it was FREE! Let’s face it, we aren’t getting any younger so the next generation of DFIR professionals need to be trained correctly and by the right people.
Most Valuable Threat Intel Contribution – STAR Webcast
Katie Nickels leads the STAR Webcast and it rocks. This is the SANS Cyber Threat Analysis Rundown. Check it out. https://www.sans.org/webcasts/star-webcast-threat-hunting-rise-targeted-ecrime-intrusions-114620
DFIR Groundbreaking Research of the Year – Cellebrite Qualcomm Live in UFED
In my job, I need full file system extractions, especially with Android. UFED supports a ton of devices for full file system extractions under the Generic Qualcomm Live option. This hidden gem has helped me so many times I can’t even count!
DFIR Newcomer of the Year – Jason Wilkins or Sahil Dudani
I recommend both! Jason and I met on Life Has No Ctrl+Alt+Del (show of the year nomination) and we have been friends since. He is a loyal follower of the show and loves to learn! Show your love to Jason.
Or Sahil Dudani who I met during my FOR585 course a few years ago. Sahil is now an intern at Cellebrite as he works on his PhD at Virginia Tech. He is a go getter and will make big waves in DFIR!
DFIR Resource of the Year – Cellebrite Capture the Flag
The Cellebrite CTF was a labor of love and was a huge team effort between the Dream Team, Cellebrite Training, IT, Marketing and Product. If you haven’t created a CTF, you won’t understand the amount of work it takes to create solid datasets, create questions and run the CTF. Every second was worth it to see the participation and the outcome. And now 4 public images have bene provided for testing and training! Please nominate us. 🙂 https://www.cellebrite.com/en/cellebrite-capture-the-flag-follow-up-our-experts-review-the-questions-and-answers/
DFIR Team of the Year – Cellebrite
I have been with Cellebrite for almost 2 years and I can say I work with the best people on the planet. They are my nearest and dearest of friends and I trust them. I haven’t even been a part of a team where everyone cares as much as I do and at Cellebrite we all care. If you haven’t heard of the Dream Team, it’s because you haven’t attended Life Has No Ctrl+Alt+Del or I Beg to DFIR. The Dream Team is one tiny part of the entire time. We work hard and we play hard. (Note: Matt Goeckel and Ian Whiffin are missing from this pic)
Digital Forensic Investigator of the Year – Paul Lorentz
See the guy on the right in the picture above? That is Paul. If you don’t know him you should try your best to meet him. I have learned so much from Paul since being at Cellebrite. He is the master of knowing every single make, model, version, lock, encryption type and more for Android. It’s creepy scary with how much he knows off the top of his head. Not only is Paul and Android master, he loves helping customers and is always researching and sharing his findings. When you ask me questions, I guarantee Paul is on the response and helping research the solution. Paul has contributed to so many in 2020 and he deserves this aware. If you want to see some of his work, check out the webinars, join I Beg to DFIR, watch Life Has No Ctrl+Alt+Del (he is running a game show the first Mon in April) and follow him on Twitter @PaulScurvy.
Thanks for reading this and consider nominating your favorites as well. These awards matter to DFIR! https://forms.gle/r7XwVwdoUFR4We4X9