Learn how to investigate macOS security incidents using Aftermath, an open-source Swift-based incident response tool, in this 40-minute conference talk from JNUC 2023. Discover how to efficiently collect forensic data from compromised macOS endpoints through seamless integration with Jamf Pro and Jamf Protect. Explore real-world attack scenarios demonstrating Aftermath's capabilities in gathering vital data and indicators of compromise, while understanding how its on-device analysis and chronological "storyline" features help uncover infection vectors and establish cause-and-effect relationships. Master the streamlined incident response workflow that minimizes risk and saves time, making security incident investigation accessible even for those new to security practices.