تفاصيل الدورة

Class Overview

This is the official RECON training and certification by Sumuri focused on providing students detailed instruction on the features of the tool as well as OS X forensics. RECON will change your life as a Mac examiner and have you up and running locating, analyzing and reporting on your evidence in minutes or hours instead on days or weeks. With over 40 forensic modules, custom timeline features, file search options, and more, RECON reduces the complex process of identifying forensic artifacts, extracting and decoding the data and presenting it in a workable format to a few key strokes. The training also includes learning how to interpret your findings, so you will be learning OS X forensics along the way and be able to explain your findings to those that will be relying on your results. This is hands-on training with dozens of skill building practicals to re-enforce learning.

Goals

Students will learn RECON basics such as how to set up cases and become familiar with the features RECON has to offer. RECON’s forensic modules are covered and students will learn how to apply them to locate, analyze, interpret and report on findings. The Global Timeline feature, one of the best features you can use to advance an investigation, is covered in-depth and students will learn how to create custom timelines and interpret the findings. Students learn how to effectively use the other features RECON has to offer such as Advanced File Search options and RAM extractions. Completion of the course ultimately leads to being certified by Sumuri in RECON.

Audience

RECON for Mac OS X is designed for both the novice and advanced forensic examiners and investigators. It was designed from the ground up for those that need a Mac forensic tool that can quickly parse and present in-depth findings. It was also built to be versatile and have the ability to be brought out for field work. It’s easy to use interface makes it perfect for newer users yet experienced forensic analysts will find many advanced options available as well as detailed information about recovered artifacts.

COURSE TOPICS

1. Introduction

This section introduces you to the class and helps you understand how the class is structured. Topics address :

  • How to obtain RECON for the class
  • How the training is structured
  • How to get the most out of the training
  • Materials to download
  • RECON certification process

2. RECON Basics

These modules give students a general overview of the capabilities of RECON and its basic features. Topics include:

  • Overview of RECON
  • Customizing RECON
  • Mounting image files
  • Creating a new case
  • Loading a case
  • Getting setup for the class practicals

3. Mac Forensic Basics

It is important to understand some basic Mac forensic fundamentals before using RECON. This section includes topics that will help students understand where their OS X evidence is coming from as well as the different types of OS X timestamps.

  • OS X layout from a forensic point-of-view
  • Understanding OS X file system dates & times
  • Understanding OS X Metadata dates & times

4. RECON Forensic modules

This section includes dozens on individual modules, each addressing a specific OS X artifact. Student will learn how to use RECON to recover those artifacts, identify the evidence source, how to interpret the findings and how to report on the results. Forensic Modules include:

Apple Applications & Artifacts

  • Finder Sidebar
  • Calendar
  • Contacts
  • Notes
  • iOS Backups
  • Connected iOS devices
  • iCloud
  • Apple Maps
  • iPhoto

Communication Applications

  • Apple Mail
  • Messages
  • Skype

Network Artifacts

  • Airport
  • Bluetooth
  • Network Interfaces
  • Network Preferences

User & System Artifacts

  • User Recent items
  • Attached USB Devices
  • User .Trash
  • Installed Applications
  • Installed Hardware
  • User Bash History
  • Disk Utility artifacts
  • Deleted User Accounts

Virtual Machines

  • Parallels
  • Virtual Box

Web Browsing Artifacts

  • Safari
  • Firefox
  • Chrome

Advanced Analysis

  • Data Destruction/ Spoliation Artifcats
  • Geographical Location (GEO) Tags
  • Online User Accounts
  • File Source artifacts

Online Storage

  • Dropbox

Recovering Files by Category

  • Documents
  • Images
  • Video
  • Audio

P2P Applications

  • Torrent Files
  • BitTorrent
  • uTorrent
  • Vuze

RECON Timelines

  • Creating & customizing a timeline
  • File timeline interpretation
  • Global timeline interpretation

Volatile Data Collection Plugins

  • Setup
  • System uptime
  • Mounted volumes
  • Opened files
  • Running processes
  • System profile data
  • Logged users
  • Active networks

5. Working with Time Machine Backups

This section teaches students how use RECON to extract evidence from Time Machine backups.

6. RECON Features

RECON has many features above and beyond the Forensic Modules. This section shows students how to use RECON's search features, additional volatile data extractions, advanced search features and reporting features.

  • Global Search
  • Module Search
  • RAM extraction
  • Password feature
  • File Signature database customization
  • File Extension database customization
  • Keyword database customization
  • Module reports
  • Global reports

7. Updating Recon

Of course we are always working to keep RECON up to date and adding new features and Forensic Modules. Therefore it is important to know how to update your forensic tool.

8. Conclusion

تحديث بتاريخ 08 November, 2015
دورات يمكنك الالتحاق بها على الفور... خذ دورة عبر الإنترنت على Mac OS ابتداءً من الآن. See all courses