RECON: Mac OS X Forensic Training & Certification
RECON: Mac OS X Forensic Training & Certification
MP4 | Video: 1280x720 | 64 kbps | 44 KHz | Duration: 9 Hours | 2.07 GB
Genre: eLearning | Language: English
MP4 | Video: 1280x720 | 64 kbps | 44 KHz | Duration: 9 Hours | 2.07 GB
Genre: eLearning | Language: English
The official RECON training - learn how to use it to locate, analyze, interpret & report on OS X evidence
Class Overview
This is the official RECON training and certification by Sumuri focused on providing students detailed instruction on the features of the tool as well as OS X forensics. RECON will change your life as a Mac examiner and have you up and running locating, analyzing and reporting on your evidence in minutes or hours instead on days or weeks. With over 40 forensic modules, custom timeline features, file search options, and more, RECON reduces the complex process of identifying forensic artifacts, extracting and decoding the data and presenting it in a workable format to a few key strokes. The training also includes learning how to interpret your findings, so you will be learning OS X forensics along the way and be able to explain your findings to those that will be relying on your results. This is hands-on training with dozens of skill building practicals to re-enforce learning.
Goals
Students will learn RECON basics such as how to set up cases and become familiar with the features RECON has to offer. RECON’s forensic modules are covered and students will learn how to apply them to locate, analyze, interpret and report on findings. The Global Timeline feature, one of the best features you can use to advance an investigation, is covered in-depth and students will learn how to create custom timelines and interpret the findings. Students learn how to effectively use the other features RECON has to offer such as Advanced File Search options and RAM extractions. Completion of the course ultimately leads to being certified by Sumuri in RECON.
Audience
RECON for Mac OS X is designed for both the novice and advanced forensic examiners and investigators. It was designed from the ground up for those that need a Mac forensic tool that can quickly parse and present in-depth findings. It was also built to be versatile and have the ability to be brought out for field work. It’s easy to use interface makes it perfect for newer users yet experienced forensic analysts will find many advanced options available as well as detailed information about recovered artifacts.
COURSE TOPICS
1. Introduction
This section introduces you to the class and helps you understand how the class is structured. Topics address :
How to obtain RECON for the class
How the training is structured
How to get the most out of the training
Materials to download
RECON certification process
2. RECON Basics
These modules give students a general overview of the capabilities of RECON and its basic features. Topics include:
Overview of RECON
Customizing RECON
Mounting image files
Creating a new case
Loading a case
Getting setup for the class practicals
3. Mac Forensic Basics
It is important to understand some basic Mac forensic fundamentals before using RECON. This section includes topics that will help students understand where their OS X evidence is coming from as well as the different types of OS X timestamps.
OS X layout from a forensic point-of-view
Understanding OS X file system dates & times
Understanding OS X Metadata dates & times
4. RECON Forensic modules
This section includes dozens on individual modules, each addressing a specific OS X artifact. Student will learn how to use RECON to recover those artifacts, identify the evidence source, how to interpret the findings and how to report on the results. Forensic Modules include:
Apple Applications & Artifacts
Finder Sidebar
Calendar
Contacts
Notes
iOS Backups
Connected iOS devices
iCloud
Apple Maps
iPhoto
Communication Applications
Apple Mail
Messages
Skype
Network Artifacts
Airport
Bluetooth
Network Interfaces
Network Preferences
User & System Artifacts
User Recent items
Attached USB Devices
User .Trash
Installed Applications
Installed Hardware
User Bash History
Disk Utility artifacts
Deleted User Accounts
Virtual Machines
Parallels
Virtual Box
Web Browsing Artifacts
Safari
Firefox
Chrome
Advanced Analysis
Data Destruction/ Spoliation Artifcats
Geographical Location (GEO) Tags
Online User Accounts
File Source artifacts
Online Storage
Dropbox
Recovering Files by Category
Documents
Images
Video
Audio
P2P Applications
Torrent Files
BitTorrent
uTorrent
Vuze
RECON Timelines
Creating & customizing a timeline
File timeline interpretation
Global timeline interpretation
Volatile Data Collection Plugins
Setup
System uptime
Mounted volumes
Opened files
Running processes
System profile data
Logged users
Active networks
5. Working with Time Machine Backups
This section teaches students how use RECON to extract evidence from Time Machine backups.
6. RECON Features
RECON has many features above and beyond the Forensic Modules. This section shows students how to use RECON's search features, additional volatile data extractions, advanced search features and reporting features.
Global Search
Module Search
RAM extraction
Password feature
File Signature database customization
File Extension database customization
Keyword database customization
Module reports
Global reports
7. Updating Recon
Of course we are always working to keep RECON up to date and adding new features and Forensic Modules. Therefore it is important to know how to update your forensic tool.
8. Conclusion
Students will learn RECON basics such as how to set up cases and become familiar with the features RECON has to offer. RECON’s forensic modules are covered and students will learn how to apply them to locate, analyze, interpret and report on findings. The Global Timeline feature, one of the best features you can use to advance an investigation, is covered in-depth and students will learn how to create custom timelines and interpret the findings. Students learn how to effectively use the other features RECON has to offer such as Advanced File Search options and RAM extractions. Completion of the course ultimately leads to being certified by Sumuri in RECON.
Audience
RECON for Mac OS X is designed for both the novice and advanced forensic examiners and investigators. It was designed from the ground up for those that need a Mac forensic tool that can quickly parse and present in-depth findings. It was also built to be versatile and have the ability to be brought out for field work. It’s easy to use interface makes it perfect for newer users yet experienced forensic analysts will find many advanced options available as well as detailed information about recovered artifacts.
COURSE TOPICS
1. Introduction
This section introduces you to the class and helps you understand how the class is structured. Topics address :
How to obtain RECON for the class
How the training is structured
How to get the most out of the training
Materials to download
RECON certification process
2. RECON Basics
These modules give students a general overview of the capabilities of RECON and its basic features. Topics include:
Overview of RECON
Customizing RECON
Mounting image files
Creating a new case
Loading a case
Getting setup for the class practicals
3. Mac Forensic Basics
It is important to understand some basic Mac forensic fundamentals before using RECON. This section includes topics that will help students understand where their OS X evidence is coming from as well as the different types of OS X timestamps.
OS X layout from a forensic point-of-view
Understanding OS X file system dates & times
Understanding OS X Metadata dates & times
4. RECON Forensic modules
This section includes dozens on individual modules, each addressing a specific OS X artifact. Student will learn how to use RECON to recover those artifacts, identify the evidence source, how to interpret the findings and how to report on the results. Forensic Modules include:
Apple Applications & Artifacts
Finder Sidebar
Calendar
Contacts
Notes
iOS Backups
Connected iOS devices
iCloud
Apple Maps
iPhoto
Communication Applications
Apple Mail
Messages
Skype
Network Artifacts
Airport
Bluetooth
Network Interfaces
Network Preferences
User & System Artifacts
User Recent items
Attached USB Devices
User .Trash
Installed Applications
Installed Hardware
User Bash History
Disk Utility artifacts
Deleted User Accounts
Virtual Machines
Parallels
Virtual Box
Web Browsing Artifacts
Safari
Firefox
Chrome
Advanced Analysis
Data Destruction/ Spoliation Artifcats
Geographical Location (GEO) Tags
Online User Accounts
File Source artifacts
Online Storage
Dropbox
Recovering Files by Category
Documents
Images
Video
Audio
P2P Applications
Torrent Files
BitTorrent
uTorrent
Vuze
RECON Timelines
Creating & customizing a timeline
File timeline interpretation
Global timeline interpretation
Volatile Data Collection Plugins
Setup
System uptime
Mounted volumes
Opened files
Running processes
System profile data
Logged users
Active networks
5. Working with Time Machine Backups
This section teaches students how use RECON to extract evidence from Time Machine backups.
6. RECON Features
RECON has many features above and beyond the Forensic Modules. This section shows students how to use RECON's search features, additional volatile data extractions, advanced search features and reporting features.
Global Search
Module Search
RAM extraction
Password feature
File Signature database customization
File Extension database customization
Keyword database customization
Module reports
Global reports
7. Updating Recon
Of course we are always working to keep RECON up to date and adding new features and Forensic Modules. Therefore it is important to know how to update your forensic tool.
8. Conclusion
RECON: Mac OS X Forensic Training & Certification
