DF420 – Macintosh Examinations with EnCase Forensic Training
The introduction of the iPod, iPhone, and iPad and the use of Intel-based processors have generated a steep increase in the sales of Macintosh computers, which are no longer restricted to the realm of desktop publishing and computer-aided design.
Computer users are attracted by the design of the Macintosh, its UNIX-like stability, ease-of-use, and its ability to run Microsoft® Windows. Most die-hard Windows users will refuse to return their Mac once they’ve started using it.
This hands-on course makes a departure from the world of Microsoft Windows and provides in depth instruction on analysing the various Macintosh operating system artifacts. The course’s topics will cover:
- Acquisition of internal storage in an Apple Macintosh, and disk layout
- HFS+ volume structure including in-depth analysis of the Catalog and Extents Overflow files and low-level file recovery
- APFS container and volume structures, including data recovery using APFS checkpoints
- Fundamental Mac OS X operations, Mac disk, and disk-image analysis and acquisition
- Max OS X system, user, application, and Internet artifacts
This course is intended for EnCase users, working as law enforcement officers, corporate and private investigators, computer forensic examiners, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum continues with the tuition provided in the DFIR-Building an Investigation course, continuing with a focus on conducting examinations of the Macintosh operating systems.
- DF210 – Building an Investigation with EnCase Forensic or EnCE Certification.
- Advance preparation for this course is not required
This training will be delivered by highly qualified instructors in the field of Computer Forensics.
Regarding Tuition Fees, please contact us to find out more.