BEGIN:VCALENDAR VERSION:2.0 PRODID:-//SUMURI - ECPv6.15.18//NONSGML v1.0//EN CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALNAME:SUMURI X-ORIGINAL-URL:https://sumuri.com X-WR-CALDESC:Events for SUMURI REFRESH-INTERVAL;VALUE=DURATION:PT1H X-Robots-Tag:noindex X-PUBLISHED-TTL:PT1H BEGIN:VTIMEZONE TZID:America/New_York BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20250309T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20251102T060000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20260308T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20261101T060000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20270314T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20271107T060000 END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTART;VALUE=DATE:20260720 DTEND;VALUE=DATE:20260725 DTSTAMP:20260404T175932 CREATED:20260126T151817Z LAST-MODIFIED:20260227T204810Z UID:283160-1784505600-1784937599@sumuri.com SUMMARY:MFSC-101: Online\, Eastern Daylight Time DESCRIPTION:Best Practices in Mac Forensics will be presented by SUMURI from July 20 – 24\, 2026\, 8:00 AM to 5:00 PM EDT. \nSUMURI’s Macintosh Forensic Survival Course (MFSC-101) provides vendor-neutral training that covers the process of examining a Macintosh computer from the first step to the last step in logical order. \nMFSC-101 is designed for both the beginner Mac examiner as well as the advanced. The knowledge you gain can be applied to any forensic tool on any platform. No sales pitch\, just Mac forensics! \n  \nMFSC-101 is the first of the two prerequisite courses required for the Certified Forensic Mac Examiner (CFME). Learn more about our training courses and how to become a CFME: https://sumuri.com/mac-training/ \nStart your journey to certification and elevate your expertise today! \n \n \n \n \n \n \n \n \n Item #2 \n \n \n \n \n \n \n \n \n Topics to include but are not limited to: \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n Understanding the Mac File System Technology:\n \n Students will gain a foundational understanding of macOS file systems\, focusing on the key differences between APFS and HFS+ and how they compare to non-Mac formats like exFAT and NTFS. The module covers challenges unique to analyzing each format\, including how macOS handles volume management with technologies like synthesized disks\, Core Storage\, and Fusion Drives. This knowledge is essential for interpreting file structures and ensuring accurate evidence collection and analysis. \n \n \n \n Understanding the Mac File System Technology:\n \n Learn the differences between APFS\, HFS+\, and other formats\, along with challenges in analyzing each and related technologies like synthesized disks\, Core Storage\, and Fusion Drives. \n \n \n \n Intel Mac Technology and Bootcamp:\n \n Understand Intel-based Mac architecture\, its differences from Apple Silicon\, and forensic considerations for Secure Enclave\, Secure Boot\, Bootcamp\, and virtualization. \n \n \n \n Silicon Mac Technology:\n \n Examine Apple Silicon architecture\, security features\, imaging challenges\, and how to properly seize and analyze these newer devices. \n \n \n \n Mac Security:\n \n Explore macOS security layers including Secure Enclave\, Secure Boot\, FileVault\, and user permissions\, plus examiner techniques for working within these constraints. \n \n \n \n Macintosh Search and Seizure:\n \n Learn seizure procedures to protect against risks like remote wipe\, user traps\, and evidence loss\, with a step-by-step on-scene process. \n \n \n \n Safely Obtaining System Information:\n \n Identify system details such as macOS version\, hardware type\, and security settings to guide acquisition decisions for live and powered-down Macs. \n \n \n \n Volatile Data Collection:\n \n Understand challenges in modern RAM capture and learn alternative methods for collecting valuable live-response data before it is lost. \n \n \n \n Forensic Imaging:\n \n Gain hands-on experience performing logical and physical imaging\, selecting source disks\, and using free tools to acquire data securely. \n \n \n \n Mounting Forensic Images in macOS:\n \n Safely mount images to preserve evidence while enabling access to indexed data and macOS-native search tools. \n \n \n \n Indexing and Searching Forensic Images in macOS:\n \n Use macOS indexing and search from both GUI and command line to locate evidence quickly and efficiently. \n \n \n \n Manual Artifact Deconstruction of First-Party Applications:\n \n Learn to locate\, analyze\, and extract data from Apple’s native apps\, building skills for unsupported or unfamiliar artifacts. \n \n \n \n Recovering Deleted Files on macOS:\n \n Test recovery methods while understanding the impact of APFS\, TRIM\, encryption\, and hardware limitations on file recovery. \n \n \n \n Examining SQLite Databases and PLIST Files:\n \n Locate and analyze these key artifacts with proper tools\, SQL queries\, and PLIST conversion techniques. \n \n \n \n Report Development:\n \n Create high-quality\, native-format reports using macOS tools to present artifacts accurately and clearly. \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n Secure Your Spot – Limited Seats Available! \n \n \n \n \n \n \n \n \n \n \n Item #2 \n \n \n \n \n\n \n \n \n \n \n \n \n \n Topics to include but are not limited to: \n \n \n \n \n\n \n \n \n \n Understanding the Mac File System Technology \n \n \n \n A review of all file system technology supported by macOS such as APFS\, Core Storage\, Fusion Drives\, and macOS Extended. \n \n \n \n Intel Mac Technology and Bootcamp \n \n \n \n Explains the forensic significance of Mac Intel Technology \n \n \n \n Silicon Mac Technology \n \n \n \n Explains the unique issues and forensic significance of M1 Silicon Technology \n \n \n \n Mac Security Issues and FileVault Attacks \n \n \n \n Current best practices for dealing with Mac Security \n \n \n \n Macintosh Search and Seizure \n \n \n \n Best practices for seizing Mac and iOS hardware \n \n \n \n Safely Obtaining System Information \n \n \n \n How to safely obtain system information without making changes to the evidence \n \n \n \n Open Firmware Passwords \n \n \n \n Explains OFP\, how to set and remove OFP if it is necessary \n \n \n \n Volatile Data Collection \n \n \n \n Discussion on unique issues concerning Mac Volatile Data\, methods to collect it\, and the need for a Trusted Utilities Disk \n \n \n \n Forensic Imaging \n \n \n \n Discussion and exercises on imaging Intel and M1 Silicon Macs to include issues present by Mac security features \n \n \n \n Imaging Mac RAM \n \n \n \n Discussion on the challenges in capturing RAM due to macOS security features \n \n \n \n Mounting Forensic Images in the macOS \n \n \n \n Safely mounting forensic images for Processing and analysis \n \n \n \n Indexing Forensic Images \n \n \n \n How to index forensic images using macOS \n \n \n \n Search Techniques Using macOS \n \n \n \n Creating custom search expressions 
from the command-line and GUI \n \n \n \n Locating Evidence \n \n \n \n How to identify\, analyze and extract macOS and application artifacts such as Email\, Graphics\, Internet Artifacts\, Documents\, System Artifacts\, Instant Messaging\, logs\, and more \n \n \n \n Recovering Deleted Files \n \n \n \n An exercise in manually recovering deleted files and the dangers of Mac optimization \n \n \n \n Examining SQLite Databases and PLIST files \n \n \n \n Examining the heart of Mac data storage \n \n \n \n Using macOS for Forensics \n \n \n \n How to utilize built-in macOS technology for forensics \n \n \n \n Report Development \n \n \n \n How to create native reports using the Mac to view data properly \n \n \n \n Recommendations for Mac Forensics system configuration and hardware \n \n \n \n Our recommendations for commercial and non-commercial tools to assist with Mac forensics. \n \n \n \n \n \n \n \n \n Secure Your Spot – Limited Seats Available! URL:https://sumuri.com/event/mfsc-101-260720on/ CATEGORIES:Best Practices in Mac Forensics,Macintosh Forensics Training ATTACH;FMTTYPE=image/webp:https://sumuri.com/wp-content/uploads/2024/11/MFSC-101-250203ON-Event-Banner-v2.webp END:VEVENT END:VCALENDAR