DF420 - Mac Examinations with EnCase
Duration: 4 Days
The introduction of the iPod, iPhone, and iPad and the use of Intel-based processors have generated a steep increase in the sales of Macintosh computers, which are no longer restricted to the realm of desktop publishing and computer-aided design.
Computer users are attracted by the design of the Macintosh, its UNIX-like stability, ease-of-use, and its ability to run Microsoft® Windows. Most die-hard Windows users will refuse to return their Mac once they’ve started using it.
Delivery method: Group-Live. NASBA defined level: advanced
CPE Credits - 32
This course is intended for EnCase users working as law enforcement officers, corporate and private investigators, computer forensic examiners, and network security personnel. A basic understanding of the concepts of computer forensics is required. This class continues the tuition provided in the DF210-Building an Investigation course with a focus on conducting examinations of the Mac operating systems.
DF210 - Building an Investigation with EnCase Forensic or EnCE Certification. Advance preparation for this course is not required
This hands-on course makes a departure from the world of Microsoft Windows and provides in-depth instruction on analyzing the various Mac operating system artifacts. The course’s topics will cover:
- Acquisition of internal storage in an Apple Macintosh and disk layout
- HFS+ volume structure including in-depth analysis of the Catalog and Extents Overflow files and low-level file recovery
- APFS container and volume structures, including data recovery using APFS checkpoints
- Fundamental Mac OS operations, Mac disk, and disk-image analysis and acquisition
- Mac OS system, user, application, and Internet artifacts