Session Schedule

Loading Events

« All Events

  • This event has passed.
Sep 30

Session: Forensic Artifacts and Techniques that are Essential for Mac Investigations

September 30 @ 3:00 pm - 4:00 pm EDT

Presented By: Trey Amick


Mac investigations can be challenging for a number of reasons. Learn about the Apple File System (APFS) and the changes made as part of the update from HFS+, while discussing the best techniques for successfully completing macOS investigations in Magnet AXIOM. In this lab we will not only discuss changes made with the latest macOS 10.15 (Catalina) update, but also investigate operating system artifacts and files such as:KnowledgeC.db, FSEvents, Volume Mount Points, Quarantined Files,AirDrop and bash history, providing context on how these artifacts will help connect the dots in your investigations.



September 30
3:00 pm - 4:00 pm EDT