Mac investigations can be challenging for a number of reasons. Learn about the Apple File System (APFS) and the changes made as part of the update from HFS+, while discussing the best techniques for successfully completing macOS investigations. In this session we will also investigate APFS Operating System artifacts and files such as: KnowledgeC.db, FSEvents, Volume Mount Points, Quarantined Files, and bash history, providing context on how these artifacts will help connect the dots in your investigations.
To register for this webinar, please complete the form below.
Please ensure to select the correct time slot.