MacOS has created roadblocks for examiners for years. Investigators must contend with not only hardware-based encryption like the T-2 chip, to System Integrity Protection (SIP), which prevented disk and write access to specific directories across the Mac. Now with macOS Catalina (10.15) we find even more complications with the addition of a new read-only volume found on macOS endpoints. In this webinar we will review some of the challenge’s examiners have faced when investigating mac’s in recent years as well as demonstrate how AXIOM Cyber can quickly and covertly connect to and acquire from the latest Mac endpoints. We’ll also discuss future enhancements to AXIOM Cyber and solicit feedback from attendees on what they would like to see added to the tool.
Join Trey Amick and Drew Roberts from Magnet Forensics and learn how AXIOM Cyber can acquire from macOS endpoints without disabling SIP or having to work around T-2 based Macs.
Date: Wednesday, June 17, 2020Time: 11AM EST
Presenters: Trey Amick and Drew Roberts