This 40 hour class is designed to provide unparalleled vendor neutral and tool agnostic instruction in advanced topics relating to the forensic use and analysis of Apple hardware, technologies and applications. The training is de-signed for the participant to learn in a team work environment, and is taught by Sumuri instructors who maintain a “no one left behind” attitude. In addition, complicated topics are made easy to understand through instructor led exercises and real-life scenarios—supported by a quality student manual to be utilized as a supplemental resource at the completion of the course. Students will be introduced to the concept of domains within the macOS environment and be able to locate evidentiary artifacts in each. Additionally, students will learn how to manually deconstruct any installed application.

Who Should Attend –Law enforcement assigned to a cybercrime unit/task force, and responsible for investigating Apple digital device cases.

Pre-requisite – Students must have completed the Advanced Training Center’s Computer Forensics-Maintosh (D425), and should be currently working on doing forensics

Course Objectives: -The objective of this course is to build upon the lessons taught in Sumuri’s Best Practices in Mac Forensics. Advanced Practices in Mac Forensics provides new skills and goes deeper into understanding the Apple file system and artifacts, capturing the footprint of any application running on a Mac to discover evidence, advanced search techniques, automating forensic tasks, log analysis, proper use of Apple timestamps in forensic analysis and more.

Course Outline