This Mac forensics training course (3 days) gives delegates a practical understanding of:
- Data structures and potential evidence as produced in Apple Mac OS X environments
- Implementing forensic tools on Mac OS X-based file systems
Delegates who successfully complete the exam included at the end of the training course will be awarded the Certified Mac Forensics Specialist (CMFS) qualification.
1. Introduction
Mac OS X vs. Mac OS
NeXT/BSD
Darwin
Apple Hardware
Mac OS X Server
2. System Settings
Key Directories
Time Zone and Synchronisation
System Installation
Networking
Startup
3. User Accounts
Home Directories
Logon Settings/Autologin
Password Storage
User Details
4. Activity Logging
System and Application Logs
Command and Application History
System Boot/Shutdown
5. Common Applications
iChat
iCal
Mail
iPhoto
iWorks
Mac Office
6. Web Activity
Safari
Firefox3
History, Cache, Settings
7. Files behind the Scenes
Temporary Files
Print and Preview
Trash
Sleepimage
Swapfiles
8. Partitioning
Apple Partition Map
GUID Partition Table
9. File System Basics
File System Support in Mac OS X
HFS+ vs. HFS
HFSX
HFS+ Time Stamps
Special Files vs. User Files
10. HFS+ in Detail
Volume Headers
Special Files
Hot Files
Resource Forks
iNode Files/Hard Links
11. Time Machine
Automated Backups in OS X
Time Capsule
