Sarah Edwards, Senior Digital Forensic Researcher, BlackBag Technologies

Sarah, congratulations on joining BlackBag! What made you decide to take the leap from government contract work to vendor work?

It was a tough decision, I’ve been lucky to work with some amazingly smart people on projects that have been both extremely challenging and interesting.I’ve decided that working for BlackBag will allow me to keep working with smart people and still have an impact on forensics research, and likely a broader impact.

What will your role at BlackBag be?

I will be joining the research and development team. I will be researching all things forensic to help advance the products. I hope to help implement much of the research that I’ve been doing in the community.

What excites you the most about your new role, and about joining BlackBag overall?

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

I get to work with my friends! I’ve known Joe, Vico, and Derrick for years and it’s comforting to start a new position where you already know someone. I also get to keep researching. I love digging into things like obscure forensic artifacts and how devices and operating systems work.

Your research over the last year or so has covered a lot of interesting ground, from what data is collected by IoT iOS devices, to what it means for us as consumers. What drew you to this research?

I’ve been lucky to have the time to spend digging into the pattern-of-life artifacts over the last few years. I have this obsession to know exactly what these devices are storing about our daily lives and how they can be used to further forensic investigations.

I find it facinating that I can aggregate many databases on iOS to determine exactly what a user was doing on their devices days, weeks, or even years ago! As consumers we have to be cognizant of the data that is being stored on the device, as well as what is being sent back to the carrier, manufacturer, or to app developers. Sometimes it is just information used for debugging, but it may also be an invasion of our privacy.

What is the most interesting thing you've learned from this research? Any surprises?

The amount of seemingly odd and obscure data that is being stored. For example, why is the flashlight usage being tracked? I frankly have no idea why that needs to be stored, but it has turned out to be quite useful in a few investigations! I’ve learned not to try to put logic into the ‘why’ and just use the data if it can help further a forensic analysis.

What's next for your research in 2020, and how do you anticipate being at BlackBag will help?

I will continue to work on APOLLO and the various pattern-of-life research – there are always new artifacts and updated artifacts to update! I think implementation of APOLLO into BlackBag will help make this research more accessible to investigators. Forensic analysts do not always have the time to spend researching.

If I can spend the time researching these artifacts, I hope it will help other analysts in their investigations. Research is worthless if it doesn’t get used, it’s a win-win for everyone.

You've been on an epic travel adventure in recent weeks. What was your favorite experience on this trip?

I was fortunate enough to take an extended vacation through Southeast Asia. I visited Thailand, Vietnam, Singapore, Indonesia, and Australia. I love learning about the cultures in all these places, each of them different from the rest, but my favorite experience by far was snorkeling the Great Barrier Reef. It felt as if I was in a well-stocked aquarium or a show on the Discovery channel. I could have stayed in the water for hours!

You tweeted that you wouldn't jailbreak and look at your phone while on vacation. How'd that go? How did you distract yourself (or not)?

I initially brought my laptop, iPad, and a few iPhones just in case I got bored. Turns out I shouldn’t have brought them at all! I took the time to relax, read, explore, and of course sleep!

Early on in my vacation I decided that I was going to make it a strict no-laptop vacation. No research, no jailbreaking, no blogging, nothing technical. It was just the type of break that I needed. I think everyone should take a break like this, at least for a few days!

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles