{"id":1221,"date":"2017-08-11T20:53:35","date_gmt":"2017-08-12T00:53:35","guid":{"rendered":"https:\/\/allprowebworks.dev\/_iacis\/?page_id=1221"},"modified":"2025-04-05T12:59:14","modified_gmt":"2025-04-05T16:59:14","slug":"macintosh-forensic-survival-course-mfsc","status":"publish","type":"page","link":"https:\/\/allprowebworks.dev\/_iacis\/training\/macintosh-forensic-survival-course-mfsc\/","title":{"rendered":"MFSC-101: The Best Practices in Mac Forensics"},"content":{"rendered":"<p style=\"font-weight: 400;\">This course is given by SUMURI.\u00a0The Best Practices in Mac Forensics (MFSC-101) course shows you how and why you are missing evidence using non-native forensic solutions and how to find what is missed by using a Mac to process a Mac.<\/p>\n<p style=\"font-weight: 400;\">Steve Whalen developed this course to provide vendor-neutral and tool-agnostic training that covers the process of examining a Macintosh computer from the first step to the last step in logical order. MFSC-101 is designed for both the beginner Mac examiner as well as the advanced. The knowledge you gain can be applied to any forensic tool on any platform. Surprising to most is that the entire course is taught using a Mac to examine a Mac without expensive automated forensic tools. Even more surprising is that the participants realize that they can find more evidence and find it faster!<\/p>\n<p style=\"font-weight: 400;\">MFSC-101 is the first of two prerequisites for the Certified Forensic Mac Examiner (CFME) certification. The CFME is a two-part certification process that tests the candidate on topics covered in MFSC-101 and MFSC-201. It is absolutely at no extra cost to those candidates who have attended both of the courses.<\/p>\n<p style=\"font-weight: 400;\"><strong><u>Topics include but are not limited to:<\/u><\/strong><\/p>\n<ul style=\"font-weight: 400;\">\n<li>Overview of macOS Versions \u2013 identifies features of forensic importance in different macOS and when they appeared<\/li>\n<li>Understanding the Mac File System Technology \u2013 a review of all file system technology supported by macOS such as APFS, Core Storage, Fusion Drives, and macOS Extended<\/li>\n<li>Intel Mac Technology and Bootcamp \u2013 explains the forensic significance of Mac Intel Technology<\/li>\n<li>Silicon Mac Technology \u2013 explains the unique issues and forensic significance of M1 Silicon Technology<\/li>\n<li>Mac Security Issues and FileVault Attacks \u2013 current best practices for dealing with Mac Security<\/li>\n<li>Macintosh Search and Seizure \u2013 best practices for seizing Mac and iOS hardware<\/li>\n<li>Safely Obtaining System Information \u2013 how to safely obtain system information without making changes to the evidence<\/li>\n<li>Open Firmware Passwords \u2013 explains OFP, how to set and remove OFP if it is necessary<\/li>\n<li>Volatile Data Collection \u2013 discussion on unique issues concerning Mac Volatile Data, methods to collect it, and the need for a Trusted Utilities Disk<\/li>\n<li>Forensic Imaging \u2013 discussion and exercises on imaging Intel and M1 Silicon Macs to include issues present by Mac security features<\/li>\n<li>Imaging Mac RAM \u2013 discussion on the challenges in capturing RAM due to macOS security features<\/li>\n<li>Mounting Forensic Images in the macOS \u2013 safely mounting forensic images for Processing and analysis<\/li>\n<li>Indexing Forensic Images \u2013 how to index forensic images using macOS<\/li>\n<li>Search Techniques Using macOS \u2013 creating custom search expressions \u2028from the command-line and GUI<\/li>\n<li>Locating Evidence \u2013 how to identify, analyze and extract macOS and application artifacts such as Email, Graphics, Internet Artifacts, Documents, System Artifacts, Instant Messaging, logs, and more<\/li>\n<li>Recovering Deleted Files \u2013 an exercise in manually recovering deleted files and the dangers of Mac optimization<\/li>\n<li>Examining SQLite Databases and PLIST files \u2013 examining the heart of Mac data storage<\/li>\n<li>Using macOS for Forensics \u2013 how to utilize built-in macOS technology for forensics<\/li>\n<li>Report Development \u2013 how to create native reports using the Mac to view data properly<\/li>\n<li>Recommendations for Mac Forensics system configuration and hardware<\/li>\n<\/ul>\n<p style=\"font-weight: 400;\"><strong>WHEN:\u00a0 April 28 May 2, 2025<\/strong><\/p>\n<p style=\"font-weight: 400;\"><strong>COST: $2,695.00 US Dollars <\/strong><\/p>\n<p style=\"font-weight: 400;\"><strong><span style=\"text-decoration: underline;\">REGISTRATION<\/span>: <span style=\"color: #ff0000;\">NOW OPEN<\/span><\/strong><\/p>\n<p style=\"font-weight: 400;\">Existing IACIS members, simply log in with your credentials and go to the <span class=\"s2\"><a href=\"https:\/\/members.iacis.com\/training\"><span class=\"s3\">Products<\/span><\/a> page<\/span> to purchase and register for the course.<\/p>\n<p style=\"font-weight: 400;\">For non-IACIS members, the membership fee is waived with the purchase of the training course; however, to register for the course you must complete a membership application at the time of purchase. Purchase training course <a href=\"https:\/\/members.iacis.com\/training\"><span class=\"s3\">HERE<\/span><\/a>.<\/p>\n<p><!--\n\n\n<p style=\"font-weight: 400;\">***IMPORTANT*** Regarding IACIS\u2019s upcoming 2025 AADF Training, please note that payment must be received NO LATER than 45 days prior the first day of class, by March 12th, 2025. Failure to meet this deadline will result in the forfeiture of your reserved seat, which will be made available to other interested registrants. This policy is strictly enforced, with NO EXCEPTIONS.<\/p>\n\n\n\n\n\n<p style=\"font-weight: 400;\">While we do accept purchase orders, full payment is expected by the March 12th deadline. As IACIS makes advance purchases of all necessary equipment and materials, ensuring that all seats are confirmed is essential to our training courses.<\/p>\n\n\n\n\n\n<p style=\"font-weight: 400;\">To assist in this process, we kindly request that you inform your finance department of the March 12th payment deadline to prevent any issues that could jeopardize your participation in IACIS\u2019s training. \u00a0Please make sure you have all the appropriate paperwork turned in and in a timely manner to facilitate a smooth and prompt transfer of the payment for your training.\u00a0 If you have any questions or concerns, please contact our Treasurer at <a href=\"mailto:treasurer@iacis.com\" data-outlook-id=\"67c3f814-700e-4d54-beba-325e32b02660\">treasurer@iacis.com<\/a>.<\/p>\n\n\n--><\/p>\n<p style=\"font-weight: 400;\"><strong>Registration is still open, however, payment is expected at the time you register.  If you need to make other arrangements, please contact <a href=\"mailto:Debbie.plamondon@iacis.com\">Debbie.plamondon@iacis.com<\/a>.  Thank you for your cooperation.  We appreciate it.<\/strong><\/p>\n<p style=\"font-weight: 400;\">Cancellations within 45 days from the start of class to 31 days from the start of class will be subject to a $150 cancellation fee. There will be no refunds within 30 days from the start of class.****<\/p>\n<p style=\"font-weight: 400;\"><strong>* On-Site Check-in Times (student pickup of equipment, ID card, IACIS info) are:<\/strong><\/p>\n<p style=\"font-weight: 400;\"><strong>&nbsp;&nbsp;&nbsp;&nbsp;Sunday, April 27, 2025: 1800 \u2013 2000<\/strong><\/p>\n<p style=\"font-weight: 400;\"><strong>&nbsp;&nbsp;&nbsp;&nbsp;Monday, April 28, 2025: 0700 \u2013 0800<\/strong><\/p>\n<p style=\"font-weight: 400;\"><strong>* Please make arrangements to arrive in time to check-in so that you may be in class promptly on the first day.<\/strong><\/p>\n<p style=\"font-weight: 400;\"><strong><u>COURSE NOTES:<\/u><\/strong><\/p>\n<p style=\"font-weight: 400;\">Please read the following notes regarding this class:<\/p>\n<ol style=\"font-weight: 400;\">\n<li>Each student is required to supply their own Mac computer for the class. The Mac should be able to run the current release of MacOS.<\/li>\n<li><strong>The dress code for the conference is business casual (collared shirts and slacks). <\/strong>The wearing of shorts, flip flops, tank tops, etc. is not allowed in the classroom. Students are required to attend all classes to successfully complete the program. Students who fail to meet the attendance requirements will not be issued a certificate at the conclusion of the program.<\/li>\n<li>Classes begin at 8:00 AM ET and conclude at 5:00 PM ET, each day, with a one-hour lunch break. <strong>Classes will end at 4:00 PM ET on the last day of class. Please do not arrange for departing flights prior to 7:00 PM ET to allow time for travel to the airport and any security clearances.<\/strong><\/li>\n<\/ol>\n<p style=\"font-weight: 400;\"><strong><u>HOTEL BOOKING:<\/u> <span style=\"color: #FF0000;\">Hotel booking will open once classes have been opened for registration.<\/span><\/p>\n<p style=\"font-weight: 400;\">The course will be taught at the <a href=\"https:\/\/allprowebworks.dev\/_iacis\/training\/caribe-royale-orlando\/\">Caribe Royale Orlando<\/a>, 8101 World Center Drive, Orlando, Florida 32821 (USA).  This hotel is 16 miles from the Orlando International Airport. It has a large pool, spacious workout facility and is close to Disney World and Universal Studios.<\/p>\n<p style=\"font-weight: 400;\">Book via the Caribe Royale Orlando site <a href=\"https:\/\/allprowebworks.dev\/_iacis\/training\/hotel-booking\/\">here<\/a>. <strong><span style=\"color: #FF0000;\">Hotel booking will open once classes have been opened for registration.<\/span><\/strong> If you choose to stay at a different hotel and commute to the conference, you may be subject to parking fees per conference center policy.<\/p>\n<p style=\"font-weight: 400;\">Or book via phone by calling the following numbers:<br \/>\n<strong>Reservations Toll Free: 1-800-823-8300\/1-888-258-7501 or our local number 407-238-8000.<\/strong><\/p>\n<p style=\"font-weight: 400;\"><strong><u>CANCELLATION INFO:<\/u><\/strong><\/p>\n<p style=\"font-weight: 400;\">If IACIS is unable to hold their 2025 Orlando training event, then all students who have registered and paid, will have the option of a full refund or a reserved seat at the 2026 training event.\u00a0 IACIS is not responsible for any outside expenses (e.g. travel and accommodation) in the event of the training event being cancelled.\u00a0 Anyone who paid for training will receive complimentary membership through the year that his\/her training takes place.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This course is given by SUMURI.\u00a0The Best Practices in Mac Forensics (MFSC-101) course shows you how and why you are missing evidence using non-native forensic solutions and how to find what is missed by using a Mac to process a Mac. Steve Whalen developed this course to provide vendor-neutral and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":61,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"page-right-sidebar.php","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-1221","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/allprowebworks.dev\/_iacis\/wp-json\/wp\/v2\/pages\/1221","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/allprowebworks.dev\/_iacis\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/allprowebworks.dev\/_iacis\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/allprowebworks.dev\/_iacis\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/allprowebworks.dev\/_iacis\/wp-json\/wp\/v2\/comments?post=1221"}],"version-history":[{"count":68,"href":"https:\/\/allprowebworks.dev\/_iacis\/wp-json\/wp\/v2\/pages\/1221\/revisions"}],"predecessor-version":[{"id":4641,"href":"https:\/\/allprowebworks.dev\/_iacis\/wp-json\/wp\/v2\/pages\/1221\/revisions\/4641"}],"up":[{"embeddable":true,"href":"https:\/\/allprowebworks.dev\/_iacis\/wp-json\/wp\/v2\/pages\/61"}],"wp:attachment":[{"href":"https:\/\/allprowebworks.dev\/_iacis\/wp-json\/wp\/v2\/media?parent=1221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}