Enhance your computer forensic skills by mastering OS X timestamps through hands-on validation exercises and interactive learning tailored for Mac examiners.
Dive into the world of OS X time stamps and become a savvy Mac examiner! This course is all about getting your hands dirty and learning through practical exercises that show you how user activity impacts date and time records on your Mac.
Build core computer forensic skills and learn how to interpret & validate Mac OS X dates & times
Welcome to the Surviving Digital Forensics series. This class is focused on helping you get a better understanding of OS X Time Stamps and to become a better Mac examiner.
As with previous SDF classes you will learn by doing. The class begins with a brief overview of OS X time - as Apple sees it - then we will get into a number of validation exercises to see how user activity really affects Apple time stamps. Learning is hands on and we will use applications already installed on your Mac to do so.
Expert and novice Mac examiners alike will gain from this class. Since we are doing it the SDF way we are going to teach you real computer forensic skills that you can apply to all versions of OS X. Therefore you are not just going to learn about OS X timestamps but learn a method you can use to answer many date and time questions that may come up in the future.
Class Outline
1. Introduction and Welcome to the SDF series
2. What this class is all about
3. How to get the most of this class
4. The finer points of OS X dates and times
5. Time from a User's point-of-view
6. Apple metadata timestamps & the MDLS command
7. Latency issues
8. Validation Exercise: New file
9. Validation Exercise: Modified file
10. Validation Exercise: Moving file within same volume
11. Validation Exercise: Moving file to a different volume
12. Validation Exercise: Accessing a file
13. Validation Exercise: Downloading a file
14. Validation Exercise: Deleting a file
15. Summary of findings
16. Thoughts on time attribute artifacts
17. Conclusion & final thoughts
Students will learn about OS X timestamps as Apple defines them
Students will learn how OS X timestamps really behave by doing a number of instructor lead validation exercises that address the affects of common user activity
Students will learn how to use the Terminal.app in order to find OS X date & time attributes
3 Lectures
3 Lectures
9 Lectures
Over 20 years of experience in Digital Forensics and Security Incident Response. Investigations span corporate (Fortune 500) incident response, technical litigation support for civil and criminal cases, and e-discovery. Author and developer of computer forensic training and analysis tools. Specialties include Windows forensics, Linux forensics, Mac forensics, & mobile device forensics. Certifications include: C|EH, CFCE, CISSP, EnCE, CCE
Great match
La sesión permite conocer el sistema de metadata de un sistema Mac, sin embargo faltó más información cuando un archivo es borrado y qué tipo de herramienta se puede utilizar para su identificación.
.
I am a beginner to the forensic world. I think this is helpful to read timestamps and metadata info on files within a MacOS.
I really do hope the instructor creates more Surviving digital forensic courses for the macOS
It is a great course on Mac timestamps with 2 exceptions.
The deleted files section, which to me as an examiner, is of great importance, is very vague.
Also, it appears to me that all these courses are dealing with live systems. Nearly 90% of the investigations that law enforcement receives, as well as the private industry, are performed on E01 files or another archived file type ie: .dd files. I haven't had a chance to test this but I am curious if exporting these files from E01s will change any of the time stamps attributes.
I came in with very limited knowledge of OSX and this course provided a great foundation to build off of. The material is straight-forward and explained in a clear way that is easy to follow along with.
Your email address will not be published. Required fields are marked *
Chandan S.
good