Class #: 9260-20645

Class Description:

This 36-hour course is designed to provide cybercrime forensic investigators with working knowledge of Apple devices, this covers the process of examining a Macintosh computer from the first to the last step in logical order. The course is designed for both beginner and advanced Mac examiners. The knowledge the investigator will gain from this training can be applied to any forensic tool on any platform, it will show them how and why they are missing evidence using Windows OS and Windows-based forensic tools. The course is taught using a Mac to examine a Mac without the use of expensive automated forensic tools. Even more surprising is that the participants realize that they can find more evidence and find it faster! Additionally, this course was designed with the understanding that many agencies are dealing with limited budgets. The course will consist of lectures, hands-on exercises, instructor-led exercises, and self-paced lab work. The course is a prerequisite for the Certified Forensics Mac Examiner certification, which will be provided to students at no additional cost.

Who Should Attend:

Law enforcement assigned to a cybercrime unit/task force, and are responsible for investigating digital device cases.

Pre-requisites:

Students must have completed the Advanced Training Center's Computer Digital Evidence Recovery (CDER-D300); and should be currently working on doing forensics

Class Objectives:

The objective of this course is to give the students a foundation of understanding of the Mac OS, coupled with hands-on experience in that environment. Students will use Macintosh computers which will help explain file system structure, operating system components, location of forensically relevant files and folders, examination and analysis, and a comparison of Mac vs. Windows based examinations.

Class Outline:

• ·Apple Technology Overview
  

  ·Overview of MacOS Versions

  ·Review of Mac GUI and Native Applications

  ·Mac File System Technology

  ·Intel Mac Technology and Bootcamp

  ·M1 Silicon Mac Technology

  ·Mac Security and File Vault

  ·Macintosh Search and Seizure

  ·Open Firmware Passwords

  ·Command Line Forensics

  ·Volatile Data Collection

  ·Imaging Intel & M1 Silicon Macs

  ·Verifying and Safely Mounting Forensic Images

  ·Indexing Forensic Images

  ·Search Techniques using MacOS

  ·Examining Native macOS Applications

  ·Locating Evidence (email, graphics, internet artifacts, etc.)

  ·Recovering Deleted Files

  ·Examining SQLite Databases and PLIST files

  ·Documentation and Reporting

  ·Examining iOS Device Artifacts

  ·Using the macOS as a Forensic Platform

  ·Viewing Suspect Files Natively

  ·Recommended Macintosh Hardware Requirements for Forensic

Cost

This is a tuition free course for Law Enforcement.