DF320 Advanced Digital Forensic Analysis: macOS (Apr 2019)

Monday Apr 15, 2019 - 07:00am UTC to Thursday Apr 18, 2019 - 04:00pm UTC
Event Description: 

This course teaches students to identify and collect volatile data, acquire forensically sound images of Apple Macintosh computers, and perform forensic analysis of macOS operating system and application artifacts. Students gain hands-on experience scripting and using automated tools to conduct a simulated live triage, and use multiple methods to acquire forensically sound images of Apple Macintosh computers. Topics include how the macOS default file system stores data, what happens when files are sent to the macOS Trash, where operating system and application artifacts are stored, and how they can be analyzed. Forensic artifacts covered include password recovery, recently opened files and applications, encryption handling, Mail, Safari, Messages, FaceTime, Photos, Chrome, and Firefox.

Course structure:

  • Performing live triage. Learn about preserving data from systems in different states, and review commands for collecting non-persistent data as well as an introduction to shell scripting.
  • Macintosh imaging. Review manual and automated imaging methods and how to identify imaging challenges.
  • Processing basics. Learn about mounting images, viewing hidden files, and the standard OS X directory structure.
  • Partitioning schemes. Understand the Apple Partition Map, Globally Unique Identifier Partition Table, and Master Boot Record.
  • HFS+. Review the structure of an HFS+ formatted storage volume and how files and directories are tracked and saved.
  • Artifacts. Learn about operating system and application artifacts.
Location: 
2600 Pacific BLVD SW 1st Floor, Community Room
Albany, OR 97321
United States
Event Cost Information
AmountDescription
$0.00
Free
Space Available: 
Yes
Organizer Information
Event POC: 
Damita Jones
Event POC Email: 
Event POC Phone: 
1-800-221-4424
Category: