MFSC-101: Online, Eastern Standard Time

Name: MFSC-101: Online, Eastern Standard Time
Start: 2026-02-09T00:00:00-05:00
End: 2026-02-13T23:59:59-05:00

February 9, 2026 - February 13, 2026

$3,199.00

Best Practices in Mac Forensics will be presented by SUMURI from February 09 – 13, 2026, 8:00 AM to 5:00 PM EST.

SUMURI’s Macintosh Forensic Survival Course (MFSC-101) provides vendor-neutral training that covers the process of examining a Macintosh computer from the first step to the last step in logical order.

MFSC-101 is designed for both the beginner Mac examiner as well as the advanced. The knowledge you gain can be applied to any forensic tool on any platform. No sales pitch, just Mac forensics!

MFSC-101 is the first of the two prerequisite courses required for the Certified Forensic Mac Examiner (CFME). Learn more about our training courses and how to become a CFME: https://sumuri.com/mac-training/

Start your journey to certification and elevate your expertise today!

Note: Students will need access to a Mac computer running the current version of macOS for the course.

Need to Hide

Topics to include but are not limited to:

Overview of macOS Versions

Identifies features of forensic importance in different macOS and when they appeared

Understanding the Mac File System Technology

A review of all file system technology supported by macOS such as APFS, Core Storage, Fusion Drives, and macOS Extended

Intel Mac Technology and Bootcamp

Explains the forensic significance of Mac Intel Technology

Silicon Mac Technology

Explains the unique issues and forensic significance of M1 Silicon Technology

Mac Security Issues and FileVault Attacks

Current best practices for dealing with Mac Security

Macintosh Search and Seizure

Best practices for seizing Mac and iOS hardware

Safely Obtaining System Information

How to safely obtain system information without making changes to the evidence

Open Firmware Passwords

Explains OFP, how to set and remove OFP if it is necessary

Volatile Data Collection

Discussion on unique issues concerning Mac Volatile Data, methods to collect it, and the need for a Trusted Utilities Disk

Forensic Imaging

Discussion and exercises on imaging Intel and M1 Silicon Macs to include issues present by Mac security features

Imaging Mac RAM

Discussion on the challenges in capturing RAM due to macOS security features

Mounting Forensic Images in the macOS

Safely mounting forensic images for Processing and analysis

Indexing Forensic Images

How to index forensic images using macOS

Search Techniques Using macOS

Creating custom search expressions  from the command-line and GUI

Locating Evidence

How to identify, analyze and extract macOS and application artifacts such as Email, Graphics, Internet Artifacts, Documents, System Artifacts, Instant Messaging, logs, and more

Recovering Deleted Files

An exercise in manually recovering deleted files and the dangers of Mac optimization

Examining SQLite Databases and PLIST files

Examining the heart of Mac data storage

Using macOS for Forensics

How to utilize built-in macOS technology for forensics

Report Development

How to create native reports using the Mac to view data properly

Recommendations for Mac Forensics system configuration and hardware

Our recommendations for commercial and non-commercial tools to assist with Mac forensics.

Secure Your Spot – Limited Seats Available!

LIMITED TIME OFFER

Use this coupon code below to get 15% discount.

“MFSC15”

Details

Start:: February 9, 2026
End:: February 13, 2026
Cost:: $3,199.00
Event Categories:: Best Practices in Mac Forensics, Macintosh Forensics Training

Tickets

The numbers below include tickets for this event already in your cart. Clicking "Get Tickets" will allow you to edit any existing attendee information as well as change ticket quantities.

MFSC-101 260209ON

This MFSC-101 US Eastern Online Course is open for registration and will be taught in the US Eastern Daylight Time. Visit our website for more information.

$ 3,199.00

25 available