Apple\\'s latest file system - is APFS a blessing or a curse to digital investigators?
The latest release of Mac OSX and iOS devices utilizes a new file system called APFS. In this webcast, digital investigators will learn how the file system differs from prior Apple and Microsoft filesystems and how that will impact investigations. Derrick will cover how data storage and encryption has changed and what techniques can be used to ensure you acquire an image you can successfully examine. In addition, we'll examine why the new write on copy features used during the deletion process leave more artifacts for examiners to trace than prior Mac file systems. Understanding these changes and the ability to identify these artifacts will be critical for all forensic investigators. At the end of this session forensic examiners will know the following: how to identify a computer with APFS, what techniques to consider when acquiring APFS drives, the write on copy feature file history implications, and how to locate that information when handling encrypted Macs.
Join SANS at the annual Digital Forensics & Incident Response (DFIR) Summit, June 7-14, in Austin, TX. This is the most comprehensive DFIR event of the year, bringing together an influential group of experts, immersion-style training, and industry networking opportunities in one place. Over the course of this training event, you'll enjoy:
- Highly technical digital forensics and incident response presentations from the industry's top practitioners during the two-day Summit.
- Nine SANS DFIR courses to choose from to advance your training, build your arsenal of defenses and learn how to better protect your organization.
- DFIR NetWars: The Coin Slayer - Earn DFIR course coins by correctly answering all questions from all four levels of one (or more) of the six DFIR domains.
.PNG "DFIR_ICON_(1).PNG"){kind=icon}
