Mac and iOS Forensic Analysis and Incident Response
Course Code: IFIS/SCI/DF001
About this Course
This course aims to enable investigators to investigate the apple devices they encounter. The increasing popularity of Apple devices can be seen everywhere, from college reading rooms, television, restaurants to corporate boardrooms. Dealing with these devices as an investigator is no longer a niche skill.
What You Will Learn?
- Mac and iOS Fundamentals: How to analyze and parse the Hierarchical File System (HFS+) and Apple File System (APFS) by hand and recognize the specific domains of the logical file system and Mac-specific file types.
- User Activity: How to understand and profile users through their data files and preference configurations.
- Advanced Intrusion Analysis and Correlation: How to determine how a system has been used or compromised by using the system and user data files in correlation with system log files.
- Apple Technologies: How to understand and analyze many Mac and iOS-specific technologies, including Time Machine, Spotlight, iCloud, Document Versions, FileVault, Continuity, and FaceTime.
Prerequisites
Prior condition for this course
- In-Depth File System Examination
- File System Timeline Analysis
- Advanced Computer Forensics Methodology
- Mac Memory Analysis
- File System Data Analysis
- Metadata Analysis
- Recovering Key Mac Files
- Volume and Disk Image Analysis
- Analysis of Mac Technologies including Time Machine, Spotlight, and FileVault
- Advanced Log Analysis and Correlation
- iDevice Analysis and iOS Artifacts
Course Outline
Duration and Fees
Duration: 2 days
Pricing: $250
You will be required to also pay $20 and this fee will get you buffet, refreshments like water and sodas, fruits and tea if needed for the 2 days you will be training with us. Note that you can choose not to pay this fee and you will not have the above or pay for specific days. Each day is $10
