Essential Forensic Techniques II

In-Depth macOS, iOS and APFS Analysis


As the second part of our Essential Forensic Techniques series, this course is targeted toward students who have completed EFT I; however, advanced examiners may contact our Training Department if you have not taken EFT I but believe you would be comfortable in an EFT II course. We will provide you with a short placement exam to determine which course would best accommodate your knowledge, skills, and abilities.

Course Description

Essentials Forensic Techniques II will delve into more complex concepts, including the specific data points found within any iOS, Windows and/or Mac OS X analysis. Operating systems and file systems leave complex artifacts in both active and unallocated space, all of which will this course covers in detail. It is because BlackBag’s instructors remain in contact with investigators from both the law enforcement and corporate environments that the data used in classes is current and relevant. With continued hands-on learning and realistic scenarios, BlackBag’s instructors will guide students through methods of discovery for new application data, analysis of known data, and best reporting practices. As with the EFT I course, BlackBag’s team of instructors will use their extensive knowledge and experience to address practical, significant casework challenges facing investigators today.

To learn more, view the course syllabus here.


Course Length: 5 days
Course Credit: 32 hours

Course Objectives

At the conclusion of this course, students will have reviewed three different case scenarios, learning about specific file system date artifacts, gaining access to passwords, and navigating Time Machine backups. In addition, we’ll discuss techniques for analyzing multiple operating systems, data artifacts from unknown applications, and other operating system features. As with the first course, Essential Forensic Techniques II includes a written and practical assessment of the students' comprehension of the material.


Attendees should have above-average computer skills, should have attended Essential Forensic Techniques 1 or other validated Mac Training course(s) and be comfortable working in macOS, HFS+ and APFS at more than a casual user level. This course is for advanced examiners who desire a deep dive into the challenges presented by Apple devices, specifically APFS, encryption, CoreStorage, Fusion, RAIDS, Time Machine, etc. Those who do not already possess the necessary knowledge base and familiarity with Mac and iOS devices may struggle to successfully complete this class.


$3,300 USD Government / Private Sector

Set Descending Direction

6 Item(s)

  1. Training Bundle

  2. EFT II - Essential Forensic Techniques II - June 24-28, 2019 - Linthicum Heights, MD

    Essential Forensic Techniques II

    Linthicum Heights, MD - Jun 24, 2019

    LE only

  3. EFT II - Essential Forensic Techniques II - August 26-30, 2019 - Netherlands

    Essential Forensic Techniques II

    Apeldoorn, Netherlands - Aug 26, 2019

    LE only

  4. EFT II -Essential Forensic Techniques II -September 16-20, 2019 - Ashburn, VA

    Essential Forensic Techniques II

    Ashburn, VA - Sep 16, 2019

  5. EFT II -Essential Forensic Techniques II -November 11-15, 2019 - Brighton, UK

    Essential Forensic Techniques II

    Brighton, UK - Nov 11, 2019

  6. EFT II - Essential Forensic Techniques II - December 9-13, 2019 - Netherlands

    Essential Forensic Techniques II

    Veenendaal, NL - Dec 9, 2019

    LE only