YoVDO

Incident Response on macOS

Offered By: YouTube

Tags

Conference Talks Courses Cybersecurity Courses Python Courses macOS Courses Incident Response Courses Browser Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore incident response techniques for macOS in this 52-minute conference talk from BSides Cleveland 2019. Learn about forensic and IR collection methods, investigating login items, kernel extensions, startup items, and processes. Discover how to analyze install history, browser data, quarantine information, bash configurations, and system logs. Gain insights into using Python's os.walk and os.stat for file system analysis, and explore additional tools for effective macOS incident response.

Syllabus

Intro
A Mac is infected! What do you do now?
Forensic collection
IR collection
Login itens
"Hidden" login items
Kernel extensions
Login hooks
Startup itens
Processes
Install history
Safari
Firefox
Quarantine
bash config
bash history
System config
Pre-Sierra logs
Unified logs
Python's os.walk and os.stat
Other tools
Questions?


Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network