DF420 – Macintosh Examinations with EnCase Forensic Training
The introduction of the iPod, iPhone, and iPad and the use of Intel-based processors have generated a steep increase in the sales of Macintosh computers, which are no longer restricted to the realm of desktop publishing and computer-aided design.
Computer users are attracted by the design of the Macintosh, its UNIX-like stability, ease-of-use, and its ability to run Microsoft® Windows. Most die-hard Windows users will refuse to return their Mac once they’ve started using it.
This hands-on course makes a departure from the world of Microsoft Windows and provides in depth instruction on analysing the various Macintosh operating system artifacts. The course’s topics will cover:
- Acquisition of internal storage in an Apple Macintosh, and disk layout
- HFS+ volume structure including in-depth analysis of the Catalog and Extents Overflow files and low-level file recovery
- APFS container and volume structures, including data recovery using APFS checkpoints
- Fundamental Mac OS X operations, Mac disk, and disk-image analysis and acquisition
- Max OS X system, user, application, and Internet artifacts
This course is intended for EnCase users, working as law enforcement officers, corporate and private investigators, computer forensic examiners, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum continues with the tuition provided in the DFIR-Building an Investigation course, continuing with a focus on conducting examinations of the Macintosh operating systems.
- DF210 – Building an Investigation with EnCase Forensic or EnCE Certification.
- Advance preparation for this course is not required
This training will be delivered by highly qualified instructors in the field of Computer Forensics.