Triage and Analysis of macOS/iOS
Students may attend this course through in-person classroom style training or online through a live, virtual delivery of our course from your work or home. Our live virtual course features access to a virtual examination system, direct access to live instructors, and a virtual course manual. Please select “view all upcoming courses” to register.
True to its name, Apple® Forensic Investigations is composed of the essential techniques that every forensic professional needs. Specially crafted by our expert instructors, this course has something for every level of forensic experience.
Apple® Forensic Investigations is the perfect way to quickly and effectively learn how to navigate the most important Mac, iPhone, and iPad device areas. For years, BlackBag has remained a highly reliable, go-to resource when detectives and investigators need advice regarding what to do with seized digital devices, in terms of both acquiring and analyzing evidence. The BlackBag team consistently remains abreast of the latest developments and techniques in digital forensics, and their research and experience with real-world cases act as the framework for the training courses. As a result, the example scenarios discussed in the classroom are driven by relevant data and realistic challenges. In short, BlackBag’s instructors will use their wealth of knowledge and firsthand experience with forensic examinations to help students learn all the tips and tricks needed to successfully complete their work.
Through hands-on learning and case-based scenarios, students will learn from experts how to perform both triage and analysis of specific data artifacts that exist within Apple’s devices, including operating system and file system artifacts. This course will guide students through the most important macOS and iOS device areas. The macOS and iOS operating systems, HFS+ and APFS file systems and significant application data are explored.
To learn more, view the course syllabus here.
Course Length: 5 days
Course Credit: 36 hours – includes course assessment (32 hours of curriculum)
Upon concluding this course, students will have reviewed up to three different case scenarios covering various file system, operating system and application artifacts relevant to real-life cases. Analysis methodologies are covered via hands-on work with actual data and instructor-led exercises. Knowledge is validated with an individual written and practical assessment. Through an interactive, hands-on approach, students will gain a strong familiarity of macOS and iOS artifacts and the confidence with which to conduct thorough examinations.
While all are welcome, strong computer skills and an understanding of basic forensic concepts (imaging, live data acquisition, and evidence handling) are highly recommended for the optimal experience in this course.