Certified Mac Forensics Specialist (CMFS)
Provided by QA
Overview
This specialist-level course is for experienced forensic investigators whose role requires them to expertly examine Apple devices, giving them knowledge and confidence in handling the data and forensic evidence in Mac OS X and iOS environments.
COURSE OVERVIEW
Apple is becoming increasingly popular and as a consequence, computers running Mac OS X operating systems are increasingly becoming the subject of forensic investigation.
This three-day course concentrates on identifying what is, how can I find, extract, decode and interpret the data stored on an Apple device from a forensic practitioner;s perspective using hands-on exercises to demonstrate and reinforce understanding.
Prerequisites
Completion of the 7Safe CFIP course is highly recommended. Otherwise you will need:
Forensic practitioners, systems administrators and cyber investigators who want to extend their experience with Window-based systems to the Mac OS X and iOS environments.
.
Delegates will learn how to
THE SKILLS YOU WILL LEARN
This course will give you the opportunity to:
SYLLABUS Apple device and OS development Review of forensics methodology and best practice Pro;s and con;s of using Windows based forensic software Latest OS X features Data structures - Plists & SQLite & Base64 Seizure and imaging Disk Partitioning - APM & GPT Apple File Systems HFS+ in detail from a forensic perspective File Vault - encryption System Configuration User Accounts Log Files Printing Trash Popular Apps - E-mail, iMessage, iWorks Safari - Web browser Time Machine Introduction to iOS Seizure & Imaging (iPhone / iPad) Device specific artefacts iOS device backups Virtual machines Identifying, extracting and investigating virtual machines such as Parallels and VMWare Fusion OS X Versions How file versioning works, where they are stored and their forensic value Live data capture How to capture live data from a machine running OS X
This specialist-level course is for experienced forensic investigators whose role requires them to expertly examine Apple devices, giving them knowledge and confidence in handling the data and forensic evidence in Mac OS X and iOS environments.
COURSE OVERVIEW
Apple is becoming increasingly popular and as a consequence, computers running Mac OS X operating systems are increasingly becoming the subject of forensic investigation.
This three-day course concentrates on identifying what is, how can I find, extract, decode and interpret the data stored on an Apple device from a forensic practitioner;s perspective using hands-on exercises to demonstrate and reinforce understanding.
Prerequisites
Completion of the 7Safe CFIP course is highly recommended. Otherwise you will need:
- Knowledge of the principles and guidelines surrounding forensic investigation
- Basic knowledge of data structures, e.g. binary and hexadecimal
Forensic practitioners, systems administrators and cyber investigators who want to extend their experience with Window-based systems to the Mac OS X and iOS environments.
.
Delegates will learn how to
THE SKILLS YOU WILL LEARN
- You will learn the underlying data structures of Apple devices and the many forensic artefacts specific to Mac OS X and iOS.
- You will practice using real life examples to identify, find, extract, decode and interpret the data stored on an Apple device from a forensic practitioner;s perspective
This course will give you the opportunity to:
- Learn effective techniques for the identification and interpretation of forensic artefacts on OS X and iOS devices
- Understand Apple disk partitioning and develop confidence when identifying and isolating artefacts from Apple devices
- Improve your ability to respond effectively to a wider range of forensic incidents
SYLLABUS
Enquire
| Start date | Location / delivery | |
|---|---|---|
| No fixed date | United Kingdom | Book now |
01132207150
01132207150
Related article
CYBER PULSE: EDITION 179 | 18 MARCH 2022
QA's practice director of Cyber Security, Richard Beck, rounds up the latest cyber security news.