Part 3: Advanced macOS artifacts – Understand and Analyze Unified Logs and KnowledgeC with Inspector
Your webinar is now available.
Aired: June 16, 2021
Duration: 1 Hour
In part three, Bruce Hunter, Senior Trainer Developer at Cellebrite, will dive deep into Apple’s® Unified Logs and Inspector’s APOLLO plugin. First, we will learn how to construct filters in Inspector to maximize your analysis and get the most out of this power forensic artifact. Then, we’ll wrap up with a deep dive on how to analyze macOS using Cellebrite Inspector’s APOLLO plugin. On macOS, many of these same databases exist, but there is a whole new opportunity to look into Mac-specific artifacts.
At the end of Part 3, you’ll be able to:
- Recognize the value of unified logs in macOS investigations
- Construct filters in Cellebrite Inspector to maximize unified log analysis
- Realize the value of the APOLLO plugin in macOS investigations
- Effectively use Cellebrite Inspector together with the APOLLO plugin to gain insight into the computer usage
Bruce Hunter Senior Trainer Developer at Cellebrite