Explore the worlds best online cybersecurity training with OnDemand - view a Demo Today!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Apple's latest file system - is APFS a blessing or a curse to digital investigators?

  • Tuesday, April 3rd, 2018 at 1:00 PM EDT (17:00:00 UTC)
  • Derrick Donnelly
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

The latest release of Mac OSX and iOS devices utilizes a new file system called APFS. In this webcast, digital investigators will learn how the file system differs from prior Apple and Microsoft filesystems and how that will impact investigations. Derrick will cover how data storage and encryption has changed and what techniques can be used to ensure you acquire an image you can successfully examine. In addition, we'll examine why the new write on copy features used during the deletion process leave more artifacts for examiners to trace than prior Mac file systems. Understanding these changes and the ability to identify these artifacts will be critical for all forensic investigators. At the end of this session forensic examiners will know the following: how to identify a computer with APFS, what techniques to consider when acquiring APFS drives, the write on copy feature file history implications, and how to locate that information when handling encrypted Macs.


Join SANS at the annual Digital Forensics & Incident Response (DFIR) Summit, June 7-14, in Austin, TX. This is the most comprehensive DFIR event of the year, bringing together an influential group of experts, immersion-style training, and industry networking opportunities in one place. Over the course of this training event, you'll enjoy:

  • Highly technical digital forensics and incident response presentations from the industry's top practitioners during the two-day Summit.
  • Nine SANS DFIR courses to choose from to advance your training, build your arsenal of defenses and learn how to better protect your organization.
  • DFIR NetWars: The Coin Slayer - Earn DFIR course coins by correctly answering all questions from all four levels of one (or more) of the six DFIR domains.

Speaker Bio

Derrick Donnelly

Derrick Donnelly serves as the Chief Scientist of BlackBag Technologies. Derrick was an instructor for the FBI Computer Analysis and Response Team (CART) for over 8 years and has taught numerous other agencies around the World. Derrick has completed analysis and given testimony in connection with Federal and state criminal and civil cases.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.