arrow_back
Start Here
HMAC Syllabus
HMAC Syllabus for Download
Labs Download
Tools Download
Pre-Course Survey (Please respond ASAP)
Module 1 Mac Basics
1.1 Background and Basics
1.2 Background and Basics Knowledge Check
1.3 Background and Basics Lab
1.4 Intro to Mac Security
1.5 Intro to Mac Security Knowledge Check
1.6 Intro to MacOS Filesystems
1.7 Intro to MacOS Filesystems Knowledge Check
Module 1 Slides with Answers & References
Background and Basics
Intro to Mac Security
Intro to macOS Filesystems
Module 1 Slides to Download
macOS Background & Basics
Intro to Mac Security
Intro to macOS Filesystems
Module 2 Mac Acquisitions
2.1 Intro to Mac Acquisitions
2.2 Intro to Mac Acquisitions Lab
2.3 Preparing for Acquisition
2.4 Intro to Mac Acquisitions Knowledge Check
2.5 macOS Basic Logical Acquisition
2.6 macOS Basic Logical Acquisition Knowledge Check
2.7 Live Acquisition with Fuji
2.8 macOS Full Logical Acquisition
2.7 macOS Full Logical Acquisition Knowledge Check
2.8 Accessing Disk Image
2.9 Mac Physical Acquisition
2.9 Mac Physical Acquisition Knowledge Check
2.10 macOS RAM Acquisition
2.11 macOS RAM Acquisition Knowledge Check
Module 2 Slides with Answers and References
Intro to Mac Acquisitions
macOS Basic Logical Acquisition
macOS Full Logical Acquisition
Mac Physical Acquisition
macOS RAM Acquisition
Module 2 Slides to Download
Intro to Mac Acquisitions
macOS Basic Logical Acquisition
macOS Full Logical Acquisition
Mac Physical Acquisition
macOS RAM Acquisition
Module 3 Mac Data Structures
3.1 Intro to macOS File Formats
3.1 Slides Download
3.2 Intro to macOS File Formats Knowledge Check
3.3 PList Basics for Macs
3.3 Slides Download
3.4 Plist Basics for Macs Knowledge Check
3.5 PList Tooling
3.5 Slides Download
3.6 PList Analysis Knowledge Check
3.7 PList Lab
3.8 SQLite Fundamentals for Macs
3.8 Slides Download
3.9 SQLite Fundamentals Knowledge Check
3.10 SQLite Tooling
3.10a SQLite Query Slides Download
3.11 SQLite Query Lab
3.12 SQLite Analysis Lab
3.13 LevelDB Analysis
3.13 Slides Download
3.14 LevelDB Analysis Knowledge Check
3.15 LevelDB Tooling
3.15 Slides Download
3.16 LevelDB Lab
3.17 Protobuf Analysis for Macs
3.17 Slides Download
3.18 Protobuf Analysis Knowledge Check
3.19 Protobuf Tooling
3.19 Slides Download
3.20 Protobuf Lab
3.21 SEGB & Biome Analysis
3.21 Slides Download
3.22 SEGB & Biome Knowledge Check
3.23 SEGB Parsing
3.23 Slides Download
3.24 SEGB Parsing Lab
Module 3 Slides to Download
3.1 Intro to macOS File Formats
3.3 PList Basics for Macs
3.5 PList Tooling
3.8 SQLite Fundamentals for Mac
3.10 SQLite Tooling
3.13 LevelDB Analysis
3.15 LevelDB Tooling
3.17 Protobuf Analysis for Macs
3.19 Protobuf Tooling
3.21 SEGB & Biome Analysis
3.23 SEGB Parsing
Module 3 Slides with Answers and References
Intro to macOS File Formats
PList Analysis for Macs
SQLite Fundamentals for Macs
LevelDB Analysis for Macs
Protobuf Analysis for Macs
SEGB and Biome Analysis for Macs
Module 4 RAM, Logs and System Artifacts
4.1 RAM Analysis
4.1 Slides Download
4.2 RAM Analysis Lab
4.3 Photorec
4.4 Photorec Lab
4.5 macOS Device and User Identifiers
4.5 Slides Download
4.6 macOS Primary Logs and Databases
4.6 Slides Download
4.7 Logs and Databases Lab
4.8 Powerlogs
4.8 Slides Download
4.9 Powerlogs Lab
4.10 KnowledgeC and FSEvents
4.10 Slides Download
4.11 FSEvents Query Lab
4.12 Etc System Artifacts
4.12 Slides Download
4.13 Etc System Artifacts Lab
4.14 Hidden and DS Store Files
4.14 Slides Download
4.15 DS Store Lab
4.16 Spotlight
4.16 Slides Download
4.17 Spotlight Lab
4.18 Binary Lookups
4.18 Slides Download
4.19 Unified Log & Sysdiagnose Analysis
4.49 Slides Download
4.20 Unified Log & Sysdiagnose Analysis Knowledge Check
4.21 Unified Log & Sysdiagnose Analysis Lab
4.22 Additional Sysdiagnose Artifacts
4.22 Slides Download
4.23 Additional Sysdiagnose Artifcacts Knowledge Check
Module 4 Slides with Answers and References
RAM Analysis for Macs
macOS Device and User Identifiers
macOS Primary Logs and Database Analysis
macOS Etc System Artifacts
macOS Unified Log & Sysdiagnose Analysis
Module 5 User Data, Live Monitoring & 3rd Party App Analysis
5.1 macOS 1st Party User Data Analysis
5.1 Slides Download
5.2 iMessage Lab
5.3 Safari Data
5.3 Slides Download
5.4 Safari Lab
5.5 Maps, Photos, Calendar
5.5 Slides Download
5.6 macOS Identifying Artifacts
5.6 Slides Download
5.7 Identifying Artifacts Knowledge Check
5.8 Unearth and Diff Analysis
5.8 Slides Download
5.9 Unearth and Diff Analysis Lab
5.10 Live Analysis and Translate Artifacts
5.10 Slides Download
5.11 macOS 3rd Party App Data Analysis
5.12 3rd Party App Lab
5.13 3rd Party App Lab 2
Module 5 Slides with Answers and References
macOS 1st Party User Data Analysis
macOS Identifying Artifacts & Live Monitoring
macOS 3rd Party App Data Analysis
Module 6 Backups, Snapshots and Malware
6.1 macOS Backups & Snapshots
6.1 Slides Download
6.2 Backups and Snapshots Knowledge Check
6.3 macOS Malware
6.3 Slides Download
6.5 Malware Lab
6.6 Malware Databases
6.6 Slides Download
6.7 Malware Knowledge Check
6.8 Reverse Engineering Apps & Malware
6.8 Slides Download
6.9 Reverse Engineering Apps & Malware Lab
6.10 Reverse Engineering Mach-O Resources
6.10 Slides Download
6.11 macOS Analysis and Parsing Tooling
6.11 Slides Download
6.12 macOS Analysis and Parsing Tooling Knowledge Check
Post Course Survey
Module 6 Slides with Answers and References
macOS Backups & Snapshots
macOS Malware
Reverse Engineering Applications & Malware
macOS Analysis and Parsing Tooling