Incident Response on macOS - Thomas Reed

Overview

Explore incident response techniques for macOS in this 51-minute conference talk from Derbycon 2019. Delve into data collection methods, including PICT data collection and basic_info.txt. Learn about analyzing persistence mechanisms, browser histories, install history, and process information. Examine suspicious behavior through detailed walkthroughs and timelines of real-world malware examples such as Wirenet, Mokes, BirdMiner, and FruitFly. Gain valuable insights into detecting and responding to security incidents on Apple's operating system.

Syllabus

Intro
What are we talking about?
How do we collect IR data?
PICT data collection
basic_info.txt
Persistence
Browser histories
Install history
Process info
Suspicious behavior
Wirenet walkthrough
Wirenet timeline
Mokes walkthrough
Mokes timeline
BirdMiner walkthrough
BirdMiner timeline
FruitFly walkthrough
FruitFly timeline

Reviews

Start your review of Incident Response on macOS - Thomas Reed

Incident Response on macOS

Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery

Leveraging Apple's Game Engine to Detect Threats

Digital Forensics and Incident Response in G Suite

From Data to Insights: 10 Best Data Analysis Courses for 2024

Never Stop Learning.