MFSC 101 – BEST PRACTICES IN MAC FORENSICS
April 23 - May 4
IACIS MEMBERS ONLY TRAINING – $1495.00 USD
SUMURI’s Macintosh Forensic Survival Course (MFSC) was designed to provide vendor neutral training that covers the process of examining a Macintosh computer from the first step to the last step in logical order. The course was designed for both the beginner Mac examiner as well as the advanced. No sales pitch, just Mac forensics! The knowledge you gain from our training can be applied to any forensic tool on any platform.
Unlike any other course, students will learn what is necessary to build their own portable Mac OS X forensic workstation which can be used to boot any Intel Mac.
SUMURI’s MFSC shows you how and why you are missing evidence using Windows OS and Windows-based forensic tools. Surprising to most is that the entire course is taught using a Mac to examine a Mac without the use of expensive automated forensic tools. Even more surprising is that the participants realize that they can find more evidence and find it faster! Additionally, this course was designed with the understanding that many agencies are dealing with limited budgets.
- Apple Hardware and Tech
- Introduction to the macOS and the Desktop
- Understanding CoreStorage, Fusion, FileVault and APFS
- Imaging Mac RAM
- Understanding the Mac File System
- Mac Security Issues and Encryption
- Password Recovery
- Building a Mac Forensic Workstation
- Macintosh Search and Seizure
- Safely Obtaining System Information
- Firmware Passwords
- Volatile Data Collection
- Manual and Automated Imaging and Acquisition
- Verifying and Safely Mounting Forensic Images
- Indexing Forensic Images
- Search Techniques Using macOS
- Locating Evidence (Email, Graphics, Internet Artifacts, Documents, System Artifacts, Instant Messaging, logs and more)
- Recovering Deleted Files
- Examining SQLite Databases and PLIST files
- Using macOS for Forensics
- Review of Recommended Applications
- Review of Automated Forensic Tools
- Recommended Macintosh Hardware Requirements for Forensics
- and much more!
WHAT PARTICIPANTS WILL RECEIVE
- Course Manual