$895

Investigating macOS Endpoints

Course
49 Lessons
365-day access

Starting with fundamental principles, Investigating macOS Endpoints advances to encompass log analysis, file systems, forensic artifacts, persistence mechanisms, evidence collection, and more! This course offers extensive hands-on practice and a capstone involving the analysis of a compromised system. Tailored for both beginners and seasoned professionals, it serves as an ideal resource for mastering macOS forensics!

Buy now

Frequently Asked Questions

How long is this course?

Approximately 10 hours for the video and written content. The total time required to complete all modules/lessons and perform image analysis is estimated at 20-40 hours.

How long will I have access once I purchase the course?

365-day access is included for all courses. Enjoy a 25% discount if you re-enroll after your initial access period.

🏅 Is there a certification associated with this course?

Yes! You can earn a certification by passing the Knowledge Assessment included with every course purchase. See training.13cubed.com/certifications for details.

Are there any prerequisites?

Just a basic understanding of macOS, and a willingness to learn!

Will new content be added?

Yes! The content will be updated to reflect any significant changes to the topics covered in this course to ensure it remains relevant over time.

Can I suggest new topics for potential inclusion in future modules/lessons?

Yes! Contact us at info@13cubed.com.

Can I obtain a certificate of completion at the end of the course?

Yes! Upon completion of the course, you will automatically receive an email with a link to download your personalized certificate.

🛒 Are bulk purchase discounts available for companies?

Yes! See training.13cubed.com/bulk-purchases for details.

Course Contents

Welcome and Introduction

2 mins
512 MB

Initial Setup

2 mins
318 MB

Introduction to macOS

History

11 mins
1.17 GB

Root Directory Structure

25 mins
1.94 GB

File and Directory Permissions

53 mins
3.97 GB

Users and Groups

16 mins
1.23 GB

Shells and Command History

21 mins
1.59 GB

System Integrity Protection (SIP)

5 mins
373 MB

Transparency, Consent, and Control (TCC)

12 mins
1 GB

XProtect

6 mins
421 MB

FileVault

4 mins
265 MB

macOS Logs

Overview of the Unified Logging System

5 mins
1.14 GB

Unified Logs – System and Kernel Events

13 mins
1.16 GB

Unified Logs – Authentication and Security

16 mins
1.41 GB

Unified Logs – Advanced Authentication and Security

8 mins
665 MB

Unified Logs – Firewalls and Proxies

8 mins
662 MB

Unified Logs – Wi-Fi and Network

12 mins
1.08 GB

Unified Logs – Bluetooth

6 mins
441 MB

Unified Logs – Gatekeeper, TCC, and XProtect

10 mins
910 MB

Unified Logs – Crash Reporting

7 mins
613 MB

Legacy Logs

5 mins
380 MB

Application-specific Logs

5 mins
376 MB

Additional Topics and Tools

31 mins
2.67 GB

macOS File Systems

HFS+

33 mins
2.53 GB

APFS

28 mins
2.15 GB

exFAT

6 mins
415 MB

macOS Core Forensic Artifacts

Introduction

2 mins
298 MB

.DS_Store

22 mins
2.29 GB

Trash

14 mins
1.45 GB

File System Events (FSEvents)

20 mins
1.7 GB

knowledgeC.db

12 mins
929 MB

Biome

5 mins
345 MB

mac_apt + Additional Artifacts

25 mins
2.41 GB

Persistence Mechanisms

Launch Daemons and Launch Agents

13 mins
1.09 GB

Privileged Helper Tools

8 mins
600 MB

Cron Jobs

7 mins
531 MB

3 mins
237 MB

System Extensions

5 mins
356 MB

SSH Keys

7 mins
483 MB

Evidence Collection

Unified Logs

5 mins
364 MB

Fuji

10 mins
799 MB

Unix-like Artifacts Collector (UAC)

19 mins
1.55 GB

Acquiring Memory

2 mins
145 MB

Timelining

UAC + mactime

9 mins
810 MB

Plaso/Log2Timeline

18 mins
1.77 GB

Analyzing a Compromised System

The Scenario

4 mins
425 MB

Getting Started

Incident Postmortem