Acquire From macOS Endpoints with AXIOM Cyber
macOS has created roadblocks for examiners for years. Investigators must contend with not only hardware-based encryption like the T-2 chip, to System Integrity Protection (SIP), which prevented disk and write access to specific directories across the Mac. Now with macOS Catalina (10.15) we find even more complications with the addition of a new read-only volume found on macOS endpoints. In this webinar we will review some of the challenge’s examiners have faced when investigating mac’s in recent years as well as demonstrate how you can quickly and covertly connect to and acquire from the latest Mac endpoints.