Cellebrite Apple Forensics Fundamentals (CAFF)

This four-day Apple Mac training is intended for digital investigators already familiar with forensics based on the Windows platform. During the Cellebrite Apple Forensic Fundamentals (CAFF) training, participants will learn, among other things, how to use Cellebrite Digital Collector and Inspector to analyse specific data points within operating systems and file system artefacts. This is a practical training that works based on a case.

Who is this training for?
This training is intended for digital investigators who already have experience with digital investigations in general and want to expand their knowledge to include investigating Apple devices. This is the basic course for all other Cellebrite Apple Forensics training courses.

What do you learn during the training?

• Different start-up procedures of Apple devices.
• Establishing a plan for successful triage and imaging.
• MacOS structures and their limitations.
• Key HFS+ and APFS file system artefacts.
• Impact of changes in APFS and macOS structure on forensic analysis.
• Handling macOS with property-list (PLIST) data.
• Identifying user preferences and system preferences.
• Influence of date/time and time zone on data analysis.
• Recognising the different disk images encountered on a macOS.
• Saving, viewing and sharing encountered media files on macOS and iOS.
• Analysing Apple metadata attributes.
• Analysing mounted volumes, device connections and network connections in macOS.
• Investigating artefacts from web browsers such as Safari.
• Interpreting encountered log files on macOS and iOS devices.