- This event has passed.
MFSC 201 – ADVANCED PRACTICES IN MAC FORENSICS
May 6 @ 8:00 am - May 10 @ 5:00 pm
This course is part of the IACIS Training in Orlando, Florida.
This course was designed to provide unparalleled vendor neutral and tool agnostic instruction in advanced topics relating to the forensic use and analysis of Apple hardware, technologies, and applications. The training is designed for the participant to learn in a team-work environment and is taught by instructors who maintain a “no one left behind” attitude. In addition, complicated topics are made easy to understand through instructor-led exercises and real-life scenarios— supported by a quality student manual to be utilized as a supplemental resource at the completion of the course.
Topics include but are not limited to:
Advanced File System Analysis – Students will be introduced to the concept of domains within the macOS environment and be able to locate evidentiary artifacts in each Additionally, students will learn how to manually deconstruct any installed application
Advanced Command Line – Underneath macOS’s interface and desktop is the Unix shell, including a Terminal that gives users endless power and control from the “command-line” Participants will learn advanced tips using the “command-line” to assist in forensic examinations of a Mac
AppleScript and Automator – Included with macOS are two native applications that allow the user to develop custom programs and workflows to automate almost any task. Participants will learn how to create their own AppleScript and Automator applications to simplify and enhance their forensic examinations
macOS Log Analysis – Learn how to identify artifacts from persistent and volatile logs including the new Apple Unified Logs
File System Event Monitoring and Analysis – Work with live File System Events to identify artifacts quickly. Learn how to parse stored File System Events to determine the history of file usage on a volume or disk
Identifying and Using Virtual Machines – Participants will learn how to identify the use of a VM within macOS, and the procedures necessary to analyze them. In addition, the participant will learn how to use a VM to assist in forensic examinations from within the Mac environment
macOS Server Forensics – Participants will learn about macOS server technology, including services and user accounts. Instruction will be provided on best practices for acquiring data safely from live systems, as well as responding to an incident on compromised systems
Macintosh Timeline Analysis – building a timeline of a file system can retrace the suspect’s history minute by minute or second by second. The training will help the participant understand Mac timestamps and use them for analysis
iCloud Forensics – Participants will learn how to find and analyze documents and other data synced with an Apple iCloud account
Time Machine Analysis – Understand the Time Machine backup process and structure in order to find data
Unique Apple Technology – Participants will be provided with best practices and resources to deal with troublesome and unique Apple technology
Advanced Search Techniques – The training shows the user how to conduct advanced indexed and live searches to find any data
Application Deconstruction – Participants will learn how to find any and all artifacts left behind by any application