بازرسان دیجیتالی پزشکی قانونی و پاسخ به حوادث به طور سنتی با دستگاه های ویندوز سر و کار داشته اند، اما اگر خود را در مقابل یک دستگاه جدید اپل مک یا iOS ببینند چه کار خواهند کرد؟ محبوبیت روزافزون دستگاه های اپل را می توان در همه جا مشاهده کرد، از کافی شاپ ها گرفته تا اتاق های هیئت مدیره شرکت ها. برخورد با این دستگاهها بهعنوان یک محقق دیگر یک مهارت خاص نیست – هر تحلیلگری باید مهارتهای اصلی لازم برای بررسی دستگاههای اپل را داشته باشد.
دوره آموزشی SANS FOR518 که بهطور مداوم بهروزرسانی میشود، تکنیکها و مهارتهای لازم برای استفاده از مک یا iOS را بدون تردید فراهم میکند. تجزیه و تحلیل عملی شدید پزشکی قانونی و مهارتهای پاسخ به حادثه که در این دوره آموزش داده میشود، به تحلیلگران این امکان را میدهد تا قابلیتهای خود را گسترش دهند و اعتماد و دانش را برای تجزیه و تحلیل راحت هر دستگاه مک یا iOS به دست آورند. علاوه بر تحقیقات سنتی، این دوره سناریوهای واکنش به نفوذ و حادثه را ارائه میکند تا به تحلیلگران کمک کند راههایی را برای شناسایی و تعقیب مهاجمانی که دستگاههای اپل را به خطر انداختهاند، بیاموزند.
لینک دانلود دوره آموزشی SANS FOR518: Mac and iOS Forensic Analysis and Incident Response
دانلود – eBooks PDF – حجم: 316 مگابایت
Date: 2020
Price: $8,525 USD
Publisher: SANS
By: Sarah Edwards
Format: eBook PDF + WorkBook
What You Will Learn
Digital forensic and incident response investigators have traditionally dealt with Windows machines, but what if they find themselves in front of a new Apple Mac or iOS device? The increasing popularity of Apple devices can be seen everywhere, from coffee shops to corporate boardrooms. Dealing with these devices as an investigator is no longer a niche skill – every analyst must have the core skills necessary to investigate the Apple devices they encounter.
This consistently updated FOR518 course provides the techniques and skills necessary to take on any Mac or iOS case without hesitation. The intense hands-on forensic analysis and incident response skills taught in the course will enable analysts to broaden their capabilities and gain the confidence and knowledge to comfortably analyze any Mac or iOS device. In addition to traditional investigations, the course presents intrusion and incident response scenarios to help analysts learn ways to identify and hunt down attackers that have compromised Apple devices.
“Again, SANS proves to provide the best technical training the market has to offer. Sarah has put together a comprehensive, coherent, challenging, and downright fun (is convivial too much?) course to attend. The FOR518 is everything I wanted it to be and so much more. I realize only now how apt a phrase “Impera Magis, Aliter Cogita” truly is: if you want to be successful at this course, embrace the command line, and abandon all ye know of Windows, because this is a different OS. I am thrilled to be taking this course and can’t wait to dive even deeper into the limitless nuance MacOS & iOS forensics have to offer.”
What Is macOS and iOS Forensics Analysis?
MacOS and iOS Forensic Analysis is the recovery, analysis, and interpretation of data stored on Apple devices.
Business Takeaways
- Empower employees to investigate various crimes such as computer misuse, malicious device intrusions, corporate espionage, insider threats, and fraud.
- Learn how various Apple data is stored and how to analyze using tool agnostic methods without the requirement for expensive commercial forensic tools.
- Identify different forensic artifacts and nuances between the Apple platforms (macOS and iOS).
- Understand the wealth of user related information that can show how a device was used or abused.
- Learn the differences of performing forensics and security assessments when Apple devices are involved versus other industry-standard operating systems.
Skills Learned
- Understand the nuances between macOS and iOS devices
- Dive into how the Apple magic works between devices, and how that can help investigations
- Determine the importance of each file system domain and how data is organized
- Conduct temporal analysis of a system by correlating data files and log analysis
- Profile how individuals used the system, including how often they used the system, what applications they frequented, and their personal system preferences
- Identify remote or local data backups, disk images, or other attached devices
- Find encrypted containers and FileVault volumes, understand keychain data, and crack Mac passwords
- Analyze and understand macOS metadata and their importance in the Spotlight database, Time Machine, and Extended Attributes
- Develop a thorough knowledge of the Safari Web Browser, Apple Mail and many more applications by looking that their internal databases
- Identify communication with other users and systems though Messages, FaceTime, SSH remote login, Screen Sharing, and AirDrop
- Conduct an intrusion analysis of an Apple devices for signs of compromise or malware
- Understand the APFS file system and its significance with a bonus Lab to parse the APFS file system by hand, using only a reference sheet and a hex editor
- Understand how the Apple Ecosystem of devices work and interact with each other. From AirTags, to VisionPro, to the Apple Watch, to HomeKit – all these Apple technologies will have artifacts on macOS and iOS devices.
Hands-On macOS and iOS Forensics Training
The hands-on portion of FOR518 is unique and especially suited to those who love to dig into the data. The labs were created to show how Apple data is stored and how to interpret it without the need for an expensive commercial utility. These labs will allow a student to get a hands-on perspective of the data that is shown in the class presentations and apply the concepts to the course dataset. The labs in this course are a major component of the learning experience and enables the student to increase their success in applying various analysis course topics after they leave the classroom.
“Labs were very accurate and relevant to the topics we were learning during class. Very entertaining, interesting and challenging.”
“The exercises were complicated, but the walkthroughs and questions were easily digestible, which is hard to do! Some of the more recent classes I’ve taken had such complicated labs that you couldn’t easily track back to a mistake. Sarah’s designed the labs to be just as complicated, if not more so, while using language, and questions, to make troubleshooting so much easier.”
“Really enjoyed the labs, love that it’s highly encouraged to use the command line tools. Nothing against any vendor and their GUI, but my goal since starting in cyber security was to use the command line as much as possible (without being impractical). This course is a master class in that.”
Syllabus Summary
- Section 1: An introduction to the Apple platforms including data storage, file analysis, and data interpretation.
- Section 2: Log analysis and review of various user and system settings.
- Section 3: It’s all about the metadata stored within multiple file system artifacts.
- Section 4: Every application is different, review how each app stores it’s data.
- Section 5: All other things; from pattern of life analysis, to password cracking, to malware, and “one more thing!”
- Section 6: The Apple Forensics Challenge, take what you learn in class and compete in a CTF-style challenge against others.
Syllabus
FOR518.1: Mac and iOS Essentials
FOR518.2: Log Analysis, User Data, and System Configuration
FOR518.3: File Systems and Related Artifacts
FOR518.4: Application Data Analysis
FOR518.5: Advanced Analysis Topics
FOR518.6: Mac Forensics & Incident Response Challenge
