- This event has passed.
Session: Forensic Artifacts and Techniques that are Essential for Mac Investigations
September 30 @ 3:00 pm - 4:00 pm EDT
Presented By: Trey Amick
Mac investigations can be challenging for a number of reasons. Learn about the Apple File System (APFS) and the changes made as part of the update from HFS+, while discussing the best techniques for successfully completing macOS investigations in Magnet AXIOM. In this lab we will not only discuss changes made with the latest macOS 10.15 (Catalina) update, but also investigate operating system artifacts and files such as:KnowledgeC.db, FSEvents, Volume Mount Points, Quarantined Files,AirDrop and bash history, providing context on how these artifacts will help connect the dots in your investigations.