Profile
Kathryn encourages her students to be inquisitive and learn how to make the first step in finding answers to the unknowns. Her main goal is to give students a tool-set to allow them to be productive in the office.
“I love teaching students the areas we currently understand, and paving the way for them to go away, pick up those research pieces and dig deeper into the lesser known aspects of the OS and applications. I am not one to be constrained by the live demo curse and love to break out into tools to show how things work in real life. I have always learned much more by doing than watching, and this is very much my teaching style too.” she says.
Kathryn is a Director and Digital Forensic Specialist for Khyrenz Ltd., is a SANS Instructor, and has served as a forensic technical lead and Subject Matter Expert (SME) working in system assurance and evaluation, research, host-based malware intrusion investigation, forensic acquisition, and investigation for both the public and private sectors. She has led various forensic teams since 2010, spending three years embedded within a cross-organizational team, liaising directly with multiple clients.
When Kathryn’s bachelor’s degree included a digital forensics module, she never thought it would change her career interests so drastically. “I was hooked” she says. She then managed to persuade an employer to hire her for a digital forensics role despite not having qualifications in the field. The following two years were spent pursuing her master’s degree in computer forensics and learning on the job to get up to speed.
Since then, Kathryn has served as a forensic technical lead and Subject Matter Expert (SME) working in system assurance and evaluation, research, host-based malware intrusion investigation, forensic acquisition, and investigation for both the public and private sectors. She is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. Kathryn has led various forensic teams since 2010, spending three years embedded within a cross-organizational team, liaising directly with multiple clients.
“As a SME advisor on forensic issues and best practice, seizure, and acquisition in line with ACPO guidelines, I had to manage people and deliver internal forensic training for staff upskilling and knowledge dissemination. Back then, I was also in charge of research and development of new devices, tools, techniques and data sources and associated malware detection behaviors” she says.
Kathryn and SANS go way back. She attended her first SANS course in 2013 and came away utterly exhausted, but insanely exhilarated. “It was a lot of fun and taught me so much”, she says, “I managed to persuade my employer at the time to allow me to do another course through the work study program.” That gave her an amazing insight into SANS and introduced her to many amazing people, who teach, facilitate, and organize the SANS events. After that, she became a regular facilitator and considers many of those people she met very much like her extended family. Becoming an instructor was a natural progression; she wanted to work with the best training team in the world, to give students the same amazing learning experience that she had on that first course.
Kathryn is a firm believer in teaching people to fish rather than providing fish. “It doesn’t matter what your day job is. Some knowledge of digital forensics can be invaluable.” As a mentor, she wants to give back to the community and help others benefit from the lessons she has already learned on the job, the hard way. “Digital forensics is an ever-evolving field, with a never-ending stream of new things to learn. It’s one of the reasons I love it, and teaching gives me the opportunity to assist others a little way along that path, as well as meet some really cool people along the way” she says. As a teacher she encourages her students to be inquisitive and learn how to make the first step in finding answers to the unknowns. Her main goal is to give students a tool-set to allow them to be productive in the office.
Two of the challenges in digital forensics at the moment, are encryption and the increasing volume of data that needs to be analyzed. Both can add significant time to an investigation and make it extremely difficult to locate data of interest. This is the reason she as a teacher, covers step-by-step triage processes, to identify encryption and the data likely to be of most use to an investigation. She also makes sure students understand the importance of acquiring system memory, which is crucial where full disk encryption is enabled. These are standard steps in her day-to-day investigations and what she thinks are key for students to understand and use back at their jobs.
“I love teaching students the areas we currently understand, and paving the way for them to go away, pick up those research pieces and dig deeper into the lesser known aspects of the OS and applications. I am not one to be constrained by the live demo curse and love to break out into tools to show how things work in real life. I have always learned much more by doing than watching, and this is very much my teaching style too.” she says.
In her spare time Kathryn likes to write scripts and dabble in a bit of code, however, her main hobbies are sports and fitness. She has played many different sports throughout her life and grew up as a figure skater, reaching the British National Senior Squad in her late teens. She no longer skates, except maybe a little at Christmas, but still enjoys pretty much any sport and keeping fit. She also has a wish list of places she would like to travel to and explore. The list is long but she has already managed a 4-day mountain trek to Macchu Picchu, seeing the Northern Lights while cruising the Norwegian Fjords and snorkeling along the Great Barrier Reef.
Qualifications Summary
- MSc Computer Forensics, University of Westminster -- Distinction
- BSc (Hons) Information Systems, University of Abertay, Dundee - 1st Class
- GIAC Security Professional (GSP)
- GIAC Experienced Forensics Examiner (GX-FE)
- GIAC Experienced Forensic Analyst (GX-FA)
- GIAC Reverse Engineering Malware (GREM)
- GIAC Network Forensic Analyst (GNFA)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Forensic Examiner (GCFE)
- GIAC Certified Incident Handler (GCIH)
- GIAC Advanced Smartphone Forensics (GASF)
- GIAC Battlefield Forensics and Acquisition (GBFA)
- GIAC iOS and macOS Examiner (GIME)
- GIAC Cloud Forensics Responder (GCFR)
- GIAC Response and Industrial Defense (GRID)
- GIAC Cyber Threat Intelligence (GCTI)
- GIAC Enterprise Incident Response (GEIR)
- GIAC Python Coder (GPYC)
- EnCase Certified Examiner (EnCE)
- Certified Forensic Security Responder (CFSR)
- X-Ways Professional in Evidence Recovery Techniques (X-PERT)
Get to Know Kathryn Hedley
- Blog URL: https://www.khyrenz.com/blog/
- Forensic technical lead and Subject Matter Expert (SME) with over fifteen years' experience, working in system assurance and evaluation, research, host-based malware intrusion investigation and forensic acquisition and investigation for the public and private sectors.
- Director and Digital Forensic Specialist at Khyrenz Ltd
- Career in figure skating for 16 years, representing Great Britain for 3 years and in 6 Internationals, and Scottish Senior Ladies champion for 2 years.
- Ran the Great North Run half marathon in October 2018.
- Avid contributor to the #DFIRFit movement
Webcasts
- Securing Your Future in DFIR, April 2020
- DFIR 101: Digital Forensic Essentials, August 2022
- Demystifying Data: Hands-on Data Conversion Between Binary, Hexadecimal, Decimal, and ASCII
- Beyond File Names: Decoding the Secrets of Files with Signatures & Metadata
- Data Carving: Recovering Hidden Files from Digital Graveyards
- Decoding Time: Understanding Endianness and Timestamp Formats
- Hands-on Digital Forensics: Exploring Evidence with Mounted Images
- Demystifying Base64: A Detailed Beginner's Guide to Encoding and Decoding
SANS Blogs
- DFIR Origin Stories
- Unraveling the Mysteries of Digital Forensics: A Blog on the "Secret Life of Devices" Workshop Series
- New FOR518: Mac and iOS Forensic Analysis Poster Update
SANS posters authored by Kathryn
- DFIR Fundamentals
- Windows Forensic Analysis
- macOS and iOS Forensic Analysis
- Ransomware and Cyber Extortion