Mac Forensic Analysis Training
Mac Forensic Analysis Training Course Hands-on
Digital forensic investigators have traditionally dealt with Windows machines, but what if they find themselves in front of a new Apple Mac or iDevice? The increasing popularity of Apple devices can be seen everywhere, from coffee shops to corporate boardrooms, yet most investigators are familiar with Windows-only machines.
Times and trends change and forensic investigators and analysts need to change with them. The Mac Forensic Analysis Training course provides the tools and techniques necessary to take on any Mac case without hesitation. The intense hands-on forensic analysis skills taught in the Mac Forensic Analysis Training course will enable Windows-based investigators to broaden their analysis capabilities and have the confidence and knowledge to comfortably analyze any Mac or iOS system.
Mac Forensic Analysis aims to form a well-rounded investigator by introducing Mac forensics into a Windows-based forensics world. This Mac Forensic Analysis Training course focuses on topics such as the HFS+ file system, Mac specific data files, tracking user activity, system configuration, analysis and correlation of Mac logs, Mac applications, and Mac exclusive technologies. A computer forensic analyst who successfully completes the Mac Forensic Analysis Training course will have the skills needed to take on a Mac forensics case.
• Parse the HFS+ file system by hand, using only a cheat sheet and a hex editor.
• Determine the importance of each file system domain.
• Conduct temporal analysis of a system by correlating data files and log analysis.
• Profile an individual’s usage of the system, including how often they used the system, what applications they frequented, and their personal system preferences.
• Determine remote or local data backups, disk images, or other attached devices.
• Find encrypted containers and FileVault volumes, understand keychain data, and crack Mac passwords.
• Analyze and understand Mac metadata and their importance in the Spotlight database, Time Machine, and Extended Attributes.
• Develop a thorough knowledge of the Safari Web Browser and Apple Mail applications.
• Identify communication with other users and systems though iChat, Messages, FaceTime, Remote Login, Screen Sharing, and AirDrop.
• Conduct an intrusion analysis of a Mac for signs of compromise or malware infection.
• Acquire and analyze memory from Mac systems.
• Acquire iOS and analyze devices in-depth.
With onsite Training, courses can be scheduled on a date that is convenient for you, and because they can be scheduled at your location, you don’t incur travel costs and students won’t be away from home. Onsite classes can also be tailored to meet your needs. You might shorten a 5-day class into a 3-day class, or combine portions of several related courses into a single course, or have the instructor vary the emphasis of topics depending on your staff’s and site’s requirements.
• In-Depth HFS+ File System Examination
• File System Timeline Analysis
• Advanced Computer Forensics Methodology
• Mac-Specific Acquisition and Incident Response Collection
• Mac Memory Acquisition and Analysis
• File System Data Analysis
• Metadata Analysis
• Recovery of Key Mac Files
• Volume and Disk Image Analysis
• Analysis of Mac Technologies, including Time Machine, Spotlight, and FileVault
• Advanced Log Analysis and Correlation
• iDevice Analysis and iOS Artifacts
Whether you are looking for general information or have a specific question, we want to help
Request More Information