ICAC-MTI Class List
ICAC-Cybercop 215 - Macintosh® Triage and Imaging
This 2 day course begins by introducing the students to various models of Apple® hardware that are most likely to be encountered during an investigation. Students will then be introduced to the Mac OS X® operating system and gain the basic skills necessary to navigate and utilize both the graphical and command line interfaces.
Focus will then shift to the identification and collection of volatile data, such as File Vault encrypted data, running applications and processes, open ports, and a current hardware/software inventory, from a running Macintosh® computer that may otherwise be lost or unavailable once power is removed.
Finally, attendees will be familiarized with the available methods for forensically imaging a Macintosh® computer while also becoming aware of the unique challenges this task may present on certain Macintosh® models.
This course is designed for students who already have a solid understanding of computer forensic principles, have prior experience preserving and collecting items of evidentiary value from an electronic crime scene, and have prior experience acquiring forensically-sound images of various types of digital media. Students will use Mac OS X and other third party tools, both free and commercial, currently in use by practitioners in the field.
PREREQUISITES: This course requires the student to have successfully completed Cybercop 101 – BDRA or the equivalent and/or have the experience drawn from the application of the techniques utilized in the Cybercop 101 - BDRA class.
There are currently no scheduled classes for this course. If you are interested in knowing when the next class might be offered
or would like more information in general please see the training contact information on this page.
Back to List