ICAC-MFA Class List

ICAC-Cybercop 325 - Macintosh® Forensic Analysis

This course is funded through OJJDP. To register for this class, you must be affiliated with an ICAC Task Force. Furthermore, you must agree to comply with the Best Practices and Standards established by ICAC. If you have any questions about the ICAC Best Practices and Standards, please contact your ICAC commander.

This 4 day course begins by detailing the partitioning schemes (including Apple® Partition Map, GUID Partition Table, and Master Boot Record) supported by Mac OS X®. Next is an examination of the HFS+ file system to understand how Mac OS X’s® default file system stores data, what changes occur when data is deleted, and how to recover deleted data. Focus will then shift to the forensic analysis of Mac OS X® operating system and application artifacts. Topics covered will include the Mac OS X® default folder structure, system configuration, recently opened files and applications, handling encryption issues, built-in applications artifacts (Safari®, Mail, Messages®, iTunes®, FaceTime®, iPhoto®, Time Machine®, etc), and popular third party applications artifacts (Chrome, FireFox, Skype, etc)

This course is designed for students who already have a solid understanding of computer forensic principles, have prior experience preserving and collecting data of evidentiary value from an Apple® Macintosh® computer, and are already comfortable navigating and using Mac OS X®. Students will use Mac OS X® and other third party tools, both free and commercial, currently in use by practitioners in the field.

PREREQUISITES: This course requires the student to have successfully completed Cybercop 215 – Macintosh® Triage and Imaging or have equivalent training and/or experience.

There are currently no scheduled classes for this course. If you are interested in knowing when the next class might be offered or would like more information in general please see the training contact information on this page.

Back to List

Forensics Tool Testing

National Institute of Standards and Technology

In an effort to enhance its support for law enforcement at the state and local level, NW3C participates in the National Institute of Standards and Technology’s Computer Forensics Tool Testing (CFTT) steering committee.

More . . .

Hosting NW3C Classes

If you are interested in hosting NW3C’s training in your area please review the appropriate information below. Note that your agency will be allowed to reserve seats for the class(es) and must meet the criteria described in the document associated with the type of hosting you request.

Training Contacts

Instructor Led
Phone:   (877) 628-7674
Email: training@nw3c.org

Email:     onlinelearning@nw3c.org

NW3C Social Media Channels

© 2012. NW3C, Inc. d/b/a the National White Collar Crime Center. All Rights Reserved.
Disclaimer | Privacy Policy | Sitemap