At the 2019 Computer Technology Investigators Network (CTIN) Conference, leading digital forensic experts across the country will gather at the Microsoft campus in Redmond WA to hear the latest developments in forensic technology, electronic discovery, and legal aspects of digital investigations. Pierson Clair, associate managing director in Kroll’s Cyber Risk practice, will lead two sessions focusing on the growing field of MacOS forensics, including triage and acquisition. More details on Pierson’s sessions below:
What’s New in Mac Forensic Artifacts
Schedule: May 24, 1:00 p.m. – 2:00 p.m. (PDT)
Recently identified artifacts including FSEventsD, CoreAnalytics, and KnowledgeC, APFS functionality, T2 chip implications, macOS Malware; new MacOS security functionality and tools to help parse data including Mac APT, AutoMacTC and Knock Knock
Mac Hardware Triage and Acquisition
Schedule: May 24, 2:15 p.m. – 3:15 p.m. (PDT)
Tips and tricks learned from a decade of conducting Mac acquisitions and investigations including differences in flavors of MacOS; fusion drives, core storage and forensic extraction methodologies.
