Surviving Digital Forensics: Understanding OS X Time Stamps

Why take this course?
🔍 Surviving Digital Forensics: Understanding OS X Time Stamps
🚀 Headline: Dive into the world of digital forensics with our expert-led course, "Surviving Digital Forensics: Understanding OS X Time Stamps." This comprehensive class is designed to equip you with the core computer forensic skills necessary to interpret and validate Mac OS X dates & times. Whether you're a seasoned pro or just starting out, this course will provide you with hands-on experience and a robust methodology applicable to all versions of OS X.
📚 Course Description:
Welcome to the Surviving Digital Forensics series! This class is specifically tailored to help you understand the intricacies of OS X Time Stamps and elevate your skills as a Mac examiner.
-
Overview of OS X Time: We'll kick off with a brief but comprehensive overview of how Apple handles time within its operating systems, setting the stage for your forensic investigations.
-
Validation Exercises: The real learning happens through doing. You'll engage in practical exercises designed to help you understand how user activity can influence Apple time stamps. These hands-on activities will be performed using applications that are already a part of your Mac, ensuring you get the most out of your device.
-
Real Skills for Real Scenarios: Both novice and expert Mac examiners will benefit from this course. We're committed to teaching you real computer forensic skills that go beyond just understanding OS X timestamps. The methodologies you'll learn are adaptable and can be applied to answer a variety of date and time-related questions you might encounter in your future investigations.
🧐 Class Outline:
-
📈 Introduction and Welcome to the SDF Series
- Getting acquainted with the course and what it entails.
-
🎬 What this class is all about
- Understanding the objectives and what you can expect to learn.
-
✨ How to get the most of this class
- Tips and best practices for an effective learning experience.
-
⏰ The finer points of OS X dates and times
- A deep dive into the specifics of time handling in macOS.
-
👥 Time from a User's point-of-view
- Exploring how user actions can affect system timestamps.
-
📊 Apple metadata timestamps & the MDLS command
- Learning about and how to use the MDLS command for metadata analysis.
-
⏳ Latency issues
- Addressing potential latency issues that can impact time stamps.
-
✅ Validation Exercise: New file
- Understanding the implications of creating a new file on the system clock.
-
🔁 Validation Exercise: Modified file
- Learning how to validate changes made to an existing file's metadata.
-
📁 Validation Exercise: Moving file within same volume
- Investigating the impact of moving a file within the same volume on its timestamps.
-
🚫 Validation Exercise: Moving file to a different volume
- Analyzing changes in metadata when transferring a file to a different volume.
-
👀 Validation Exercise: Accessing a file
- Observing and documenting time changes when accessing files.
-
📫 Validation Exercise: Downloading a file
- Understanding the timing of downloading files and how it affects timestamps.
-
✂️ Validation Exercise: Deleting a file
- Investigating the time stamp behavior when a file is deleted.
-
🔄 Summary of findings
- Reviewing and summarizing the insights gained from the validation exercises.
-
🤔 Thoughts on time attribute artifacts
- Discussing potential artifacts that can arise from time-related investigations.
-
🏁 Conclusion & final thoughts
- Wrapping up with key takeaways and a recap of the methodology you've learned.
By the end of this course, you'll have a solid understanding of how to validate and interpret OS X time stamps in digital forensic investigations, setting you on the path to becoming an expert Mac examiner. Enroll now and start your journey into the fascinating field of computer forensics! 💻🔍
Course Gallery




Loading charts...