ICAC-MTI Class List
ICAC-Cybercop 215 - Macintosh® Triage and Imaging
This course is funded
through OJJDP. To register for this class, you must be affiliated with an ICAC
Task Force. Furthermore, you must agree to comply with the Best Practices and
Standards established by ICAC. If you have any questions about the ICAC Best
Practices and Standards, please contact your ICAC
This 2 day course begins by introducing the students to various models of
Apple® hardware that are most likely to be encountered during an investigation.
Students will then be introduced to the Mac OS X® operating system and gain the
basic skills necessary to navigate and utilize both the graphical and command
Focus will then shift to the identification and collection of volatile data, such as File Vault encrypted data, running applications and processes, open ports, and a current hardware/software inventory, from a running Macintosh® computer that may otherwise be lost or unavailable once power is removed.
Finally, attendees will be familiarized with the available methods for forensically imaging a Macintosh® computer while also becoming aware of the unique challenges this task may present on certain Macintosh® models.
This course is designed for students who already have a
solid understanding of computer forensic principles, have prior experience
preserving and collecting items of evidentiary value from an electronic crime
scene, and have prior experience acquiring forensically-sound images of various
types of digital media. Students will use Mac OS X and other third party tools,
both free and commercial, currently in use by practitioners in the field.
This course requires the student to have successfully completed Cybercop 101 – BDRA or the equivalent and/or have the
experience drawn from the application of the techniques utilized in the Cybercop
101 - BDRA class.
There is 1 ICAC-MTI class currently scheduled.
Mon, Apr 13, 2015
3760 West Dimond Boulevard
Anchorage, AK 99502
Back to List