Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn macOS forensic analysis fundamentals through advanced techniques in this 40-minute conference talk that transforms beginners into moderately skilled analysts. Discover the critical role of Property List (plist) files in macOS systems, exploring both binary and XML formats while mastering native and third-party analysis tools through practical examples. Explore essential logging systems including Apple System Logger (ASL) and Unified Audit Logs, understanding their forensic value and available analysis tools. Uncover the forensic goldmine of metadata, including extended attributes, Finder tags, Spotlight comments, and quarantine metadata that reveals download origins and file history. Set up your own macOS forensics laboratory with guidance on hardware considerations, virtualized environments, and both open-source and commercial analysis tools. Examine common infection vectors targeting macOS-specific features like AppleScript and launchd, supported by real-world campaign examples. Identify persistence mechanisms attackers employ, including launch agents, daemons, login items, kernel extensions, and scheduled jobs, while learning to use detection tools like KnockKnock and Autoruns. Analyze malicious code including AppleScript attacks and Mach-O binaries using tools like otool and MachOView for runtime behavior analysis. Master disassembly, decompilation, and debugging techniques using Hopper, Ghidra, IDA Pro, and LLDB for comprehensive malware analysis. Understand and counteract anti-analysis tricks including obfuscation techniques used by macOS malware to evade detection and analysis.
