This Course is available in the following format:
Mac Forensic Analysis Training Course Hands-on
Digital forensic investigators have traditionally dealt with Windows machines, but what if they find themselves in front of a new Apple Mac or iDevice? The increasing popularity of Apple devices can be seen everywhere, from coffee shops to corporate boardrooms, yet most investigators are familiar with Windows-only machines.
Times and trends change and forensic investigators and analysts need to change with them. The Mac Forensic Analysis Training course provides the tools and techniques necessary to take on any Mac case without hesitation. The intense hands-on forensic analysis skills taught in the Mac Forensic Analysis Training course will enable Windows-based investigators to broaden their analysis capabilities and have the confidence and knowledge to comfortably analyze any Mac or iOS system.
Mac Forensic Analysis aims to form a well-rounded investigator by introducing Mac forensics into a Windows-based forensics world. This Mac Forensic Analysis Training course focuses on topics such as the HFS+ file system, Mac specific data files, tracking user activity, system configuration, analysis and correlation of Mac logs, Mac applications, and Mac exclusive technologies. A computer forensic analyst who successfully completes the Mac Forensic Analysis Training course will have the skills needed to take on a Mac forensics case.
• If you are familiar with some aspects of this course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the course in manner understandable to lay audiences.
The knowledge and skills that a learner must have before attending this Mac Forensic Analysis Training course are as follows:
Students should have familiarity with network penetration testing concepts, such as those taught in : Hacker Tools, Techniques, Exploits, and Incident Handling training or Network Penetration Testing and Ethical Hacking training before taking this Mobile Device Security and Ethical Hacking Training.
Audience / Target Group:
The target audience for this Mac Forensic Analysis Training course:
• Experienced Digital Forensic Analysts who want to solidify and expand their understanding of file system forensics and advanced Mac analysis.
• Law Enforcement Officers, Federal Agents, or Detectives who want to master advanced computer forensics and expand their investigative skill set.
• Media Exploitation Analysts who need to know where to find the critical data they need from a Mac system.
• Incident Response Team Members who are responding to complex security incidents/intrusions from sophisticated adversaries and need to know what to do when examining a compromised system.
• Information Security Professionals who want to become knowledgeable with Mac OS X and iOS system internals.
What You Will Learn:
Upon completing this Mac Forensic Analysis Training course, learners will be able to meet these objectives:
• Parse the HFS+ file system by hand, using only a cheat sheet and a hex editor.
• Determine the importance of each file system domain.
• Conduct temporal analysis of a system by correlating data files and log analysis.
• Profile an individual’s usage of the system, including how often they used the system, what applications they frequented, and their personal system preferences.
• Determine remote or local data backups, disk images, or other attached devices.
• Find encrypted containers and FileVault volumes, understand keychain data, and crack Mac passwords.
• Analyze and understand Mac metadata and their importance in the Spotlight database, Time Machine, and Extended Attributes.
• Develop a thorough knowledge of the Safari Web Browser and Apple Mail applications.
• Identify communication with other users and systems though iChat, Messages, FaceTime, Remote Login, Screen Sharing, and AirDrop.
• Conduct an intrusion analysis of a Mac for signs of compromise or malware infection.
• Acquire and analyze memory from Mac systems.
• Acquire iOS and analyze devices in-depth.
Mac Forensic Analysis Training – Course Syllabus:
• In-Depth HFS+ File System Examination
• File System Timeline Analysis
• Advanced Computer Forensics Methodology
• Mac-Specific Acquisition and Incident Response Collection
• Mac Memory Acquisition and Analysis
• File System Data Analysis
• Metadata Analysis
• Recovery of Key Mac Files
• Volume and Disk Image Analysis
• Analysis of Mac Technologies, including Time Machine, Spotlight, and FileVault
• Advanced Log Analysis and Correlation
• iDevice Analysis and iOS Artifacts