homepage
Call Open menu
Request Info Apply Now

Sarah Edwards

A self-described Mac nerd, Sarah Edwards is a forensic analyst, author, speaker, and both author and instructor of SANS FOR518: Mac and iOS Forensic Analysis and Incident Response. She has been a devoted user of Apple devices for many years and has worked specifically in Mac forensics since 2004, carving out a niche for herself when this area of forensics was still new.

Although Sarah appreciates digital forensics in all platforms, she has a passion for working within Apple environments and is well known for her work with cutting-edge Mac OS X and iOS, and for her forensic file system expertise.

Sarah's dynamic classroom and presentation skills have been heralded by both her students and colleagues. She keeps students interested and engaged. Sarah has more than 12 years of experience in digital forensics, and her passion for teaching is fueled by the ever-increasing presence of Mac devices in today's digital forensic investigations. Given the complexity of most cases and the high probability that an OS X or iOS will be a part of an investigation, deep knowledge of these Operating Systems is crucial to ensure that forensic analysts grasp all the information required in a case and not omit valuable data.

More About Sarah
Specialties
Headshot of Sarah Edwards

Profile

A frequent presenter, Sarah has spoken at industry conferences including Shmoocon, Enfuse (formerly known as CEIC), DEF CON, BSides New Orleans, BSides Las Vegas, and the SANS DFIR Summit. Sarah is a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. She has a bachelor's degree in information technology from the Rochester Institute of Technology and a master's in information assurance from Capitol College.

Beyond her deep interest in digital forensics and anything Mac, Sarah loves cooking, reading tech books, traveling anywhere, and "making things work". "Apple devices will continue to grow in popularity, and digital forensic investigators and analysts must start paying more attention to them," Sarah explains. "Windows analysis is the base education in the field of digital forensics, and any additional skills you can acquire set you apart from the crowd, whether it is Mac, mobile, memory, or malware analysis."

Sarah has worked with federal law enforcement agencies on a variety of high-profile investigations in such areas as computer intrusions, criminal cases, counter-intelligence, counter-narcotics, and counter-terrorism. Her research and analytical interests include Mac forensics, mobile device forensics, digital profiling, and malware reverse engineering.

ADDITIONAL CONTRIBUTIONS BY SARAH EDWARDS:

WEBCASTS

Improve Network Security with Application Intelligence, October 2019

Launching APOLLO - Creating a Simple Tool for Advanced Forensic Analysis, October 2019

What’s New with FOR518 - Mac and iOS Forensic Analysis & Incident Response, May 2018

iOS Location Forensics, May 2016


PRESENTATIONS

Forensic Lunch 8/14/20 - Sarah Edwards and Jared Barnhart

MDOYVR19 - Sarah Edwards - Launching Apollo

DEF CON 23 - Sarah Edwards - Ubiquity Forensics: Your iCloud and You

TOOLS

  • APOLLO - Apple Pattern of Life Lazy Output'er (APOLLO) extracts and correlates data from numerous databases, then organizes it to show a detailed event log of application usage, device status, and many other pattern-of-life artifacts from Apple devices.
  • MacMRU - Mac MRU parser