High Technology Crime Investigation Association
Prev MonthPrev Month Next MonthNext Month
NY Metro Chapter : Mac Day!
Monday, June 08, 2020, 1:00 PM - 4:00 PM EDT
Category: Webinar

HTCIA NY Metro is excited to announce Mac Day!

Join us on June 8 as we explore macOS tools and artifacts with some of the leaders in research and development pertaining to mac forensics!

Confirmed Speakers include Sarah Edwards, Trey Amick and Yogesh Khatri. 

 

 

 

Schedule: 

Opening Remarks 1 – 1:10

 

Trey Amick – 1:15 – 1:45

Title: Making Sense of the Media Mayham with Mac & iOS

 

Sarah Edwards – 2 – 2:45

Title: Exploring MacOS with APOLLO

Abstract: In 2018 I introduced a proof-of-concept tool called APOLLO correlate and analyze the pattern-of-life data provided by iOS devices. Since its introduction, it has been heavily used in many forensic investigations across the world and integrated into commercial forensic products. I have spent hours of my life continuously updating with each iOS update. There are always more databases to add, changed database schemas, and new features to be investigated. This presentation will show updates to the tool that will include macOS specific data. macOS devices may not seem as in tune to the intimacies of our lives, but you would be surprised that much of that data is synced across devices. Users will likely be doing more productive work on macOS devices versus iOS therefore I will also discuss the security specific tracking data. This talk will discuss some of the differences, similarities, and difficulties that macOS presents over iOS

 

Yogesh Katri - 3-3:45

Title: Lightning fast triage with mac_apt 

Abstract: mac_apt OR MacOS Artifact Parsing Tool is an open source tool (or plugin based framework) that can immensely speed up your evidence processing by parsing the most pertinent artifacts up front, while you wait for your commercial tools to churn through your disk images. On an average disk image, it will complete processing most artifacts within a few minutes. This is a project that is updated year round by myself and at this point almost all known mac artifacts are processed. In this talk, I will walk you through mac_apt usage, talk and explore parsed out data, and demonstrate the ease of using it.

As of last week, mac_apt processes all kinds of mac disk images including those from T2 macs and fully encrypted volumes in a variety of formats.

 

Closing Remarks 3:45 - 4:00

 

We would love to see many of you on Mac Day!

Date: June 8, 2020

Time: 13:00 - 16:00

 

Upon registration, you will receive the registration to the zoom webinar. 


If you have any questions, please let us know.

Respectfully, Your HTCIA 2020 Chapter Board!

President, Warren Kruse
1st Vice President, Jessica Hyde
2nd Vice President, Bill Moylan
Secretary, Emmah Padilla
Treasurer, George Wade


Contact: Emmah Padilla, Secretary NY Metro HTCIA