Mac Forensics

Training - Mac Forensics


Outline: The usage of Apple Mac computers increases by the day, and they are often used in investigations. This course provides the investigator with the knowledge required to understand the operation of Mac OS, including for services, file storage and in searching for content.

Course coverage

The course will run in a completely virtualised environment in order to investigate a range of DDoS methods, including examining logs which contain evidence which would be useful in determine the source and target of a DDoS attack, along with possible mitigation techniques:

  • Day 1: Introduction to MAC Forensics: Introduction to file systems, Mac OS/Linux file structure, Mac processes and boot, capturing images, defining timelines of activity, un-deleting content, carving files from images, and mounting drives on virtual systems.
  • Day 2: Deep search analysis on MAC OS. Search analysis for key search types (email address, passwords, and so on), evidence batch processing and automated report generation, recovering from corrupted media, advanced carving of documents, and real-life crime investigation. Analyzing iOS artifacts recovered from an iOS Backup File. OS File System Analysis.

Attendees who successfully complete the course will be awarded a credit rated certificate from The Cyber Academy.


This course has now been delivered. Look for more announcements in the forthcoming events.