SUMURI’s Macintosh Forensic Survival Course (MFSC) has been designed by the top experts and practitioners in the field of Macintosh forensics. SUMURI is recognized as a leader in computer forensic and incident response training worldwide. SUMURI’s Macintosh Forensic Survival Course is designed knowing that an examiner must be able to successfully testify in a court of law, work within limited budgets and high case loads, develop comprehensive reports and process cases in a “no nonsense” and timely fashion.  Our training was designed for the student to learn what is needed with a no one left behind attitude in a team work atmosphere with hands on training. Students will walk away with the skills necessary to properly seize, acquire, analyze and document an examination of an Intel-based Macintosh computer in a forensically sound manner. Unlike most instructional environments, our forensic training is conducted without relying on automated forensic tools, allowing the participant to apply what is learned to any tool in their forensic arsenal. The training was built upon a systematic approach for forensic examination of a Macintosh from start to finish, in a way that just makes logical sense.  Additionally, our training and materials are designed to be used as a supplemental reference library to allow an examiner to utilize what was learned after course completion, and when it’s time for the next Mac exam. And as an added bonus, we also provide supplemental instruction on advanced topics such as working with NTFS media, and the forensic examination of Apple iPod® and iPhone® devices.

COURSE SCHEDULE:

Day ONE
Introduction and Course Overview
Non-Intel Mac Issues (PowerPC and Classic OS)
Overview of Mac OS X Versions
Introduction to the Mac OS X and the Desktop
Mac File System Basics

Recovering Deleted Files
Intel Mac Technology and Bootcamp

Day TWO
Mac Security Issues and FileVault
Setting up a Mac for Forensic Use
Macintosh Search and Seizure
Obtaining System Information (Date and Time)
Bypassing Open Firmware Passwords
Collecting Volatile Data

Day THREE
Manual Imaging an Acquisition
Automated Imaging and Acquisition
Verifying and Safely Mounting Forensic Images
Indexing Forensic Images
Search Techniques Using Mac OSX

Day FOUR
Locating Evidence (Email, Graphics, Internet Artifacts,
Documents, System Artifacts, Instant Messaging, Logs files)
Using Mac OS X Technology for Forensics (QuickView,
CoverFlow, Forensic User Accounts)
Report Development
iPod® Forensics
Apple Device Artifacts

Day FIVE
Practical Skills Assessment
Working with NTFS
Review of Recommended Applications
Review of Automated Forensic Tools
Recommended Macintosh Hardware Requirements
for Forensics.

ALL STUDENTS RECEIVE:
• Course Manual
• PALADIN Acquisition & Preview Disc
• Mediafour MacDrive Software
• Parallels for Mac
• File Juicer
• Emailchemy
• iPod® Nano

Registration for upcoming training courses can be found here.

Law Enforcement, Government and Higher Education tuition is $2195.00 USD.

Corporate tuition is $2495.00 USD.

• < Prev