1. InfoconDB
  2. Objective by the Sea
  3. Objective by the Sea version 3.0 (2020)
  4. Exploring MacOS with APOLLO

Exploring MacOS with APOLLO

Presented at Objective by the Sea version 3.0 (2020), March 12, 2020, 11:50 a.m. (25 minutes)

At v1.0 of OBTS I introduced a proof-of-concept tool called APOLLO correlate and analyze the pattern-of-life data provided by iOS devices. Since its introduction, it has been heavily used in many forensic investigations across the world and integrated into commercial forensic products. I have spent hours of my life continuously updating with each iOS update. There are always more databases to add, changed database schemas, and new features to be investigated. This presentation will show updates to the tool that will include macOS specific data. macOS devices may not seem as in tune to the intimacies of our lives, but you would be surprised that much of that data is synced across devices. Users will likely be doing more productive work on macOS devices versus iOS therefore I will also discuss the security specific tracking data. This talk will discuss some of the differences, similarities, and difficulties that macOS presents over iOS.


Presenters:

  • Sarah Edwards - Senior Digital Forensics Researcher at BlackBag Technologies
    Sarah is a Senior Digital Forensics Researcher at BlackBag Technologies working in DC metro area specializing in Mac and Mobile Forensics. She has worked with various federal law enforcement agencies and has performed a variety of investigations including computer intrusions, criminal, and counter­ intelligence/terrorism/narcotics. Sarah's research interests include anything and everything Apple­ related, mobile devices, digital profiling, and Mac and mobile device security. Sarah has presented at many industry security and forensic conferences and is an author & instructor for the SANS Institute (teaching classes such as SANS FOR518 ­Mac Forensic Analysis and Incident Response).

Links:

Similar Presentations: