Blogs

• [LINK] Another Forensics Blog - How to image a Mac using Single User Mode
• [LINK] Another Forensics Blog - Mounting and Reimaging an Encrypted FileVault2 Mac Image in Linux
  • More great Mac imaging articles from Mari!
• [LINK] The Eclectic Light Company - Tools to calm your panic, and to protect
  • Great overview of Objective-See's tools
• [LINK] Pike's Universum - Say hello to new logging in Sierra
  • New and different logging stuff in macOS Sierra, this is BIG for DFIR folks!
  • [LINK] Additional information in the Apple Developer Docs
  • [VIDEO] Video from WWDC
  • [PDF] Slides from WWDC
• [LINK] BlackBag Technologies - Acquiring iOS 10 Devices with Blacklight
  • Yep, iTunes backups change too!
• [LINK] Sysforensics.org - Mac DFIR - HFS+ Date Added Timestamp

Papers

• [LINK/PDF] Detecting Malicious Behaviour Using system Calls by Vincent Van Mieghem

Presentations

• [VIDEO/Keynote] OS X Security - Defense in Depth by Rich Trouton 
• [VIDEO/PDF] Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao, Slides here.
• [VIDEO/SLIDESHARE] Let's Play Doctor: Practicle OS X Malware Detection & Analysis by Patrick Wardle, Slides here
• [PDF] Apple's BlackHat Slides - Behind the Scenes with iOS Security by Ivan Krstic
• [SPEAKERDECK] I Got 99 Problems, but Little Snitch ain't one! by Patrick Wardle

Tools

• [LINK] MacMRU Parser - Python script to rip thru Mac MRU plist files, old and new ones!
  • [LINK] Blog article here. What, I can't link to my own stuff? ;)
• [LINK] Pangu Jailbreak is out for 9.2 - 9.3.3 (64-bit) devices

Malware

• [LINK] OS X & IOS RE 101 - Reverse Engineering OS X/iOS Resources
• [LINK] OS X Adwind Malware Analysis by Malwarebytes
• [LINK] Objective-See - Persisting via a Finder Sync
• [LINK] Open Source OS X Keylogger - keylogger-osx
• OSX/Keydnap - Keychain/Credential Stealer/Backdoor
  • [MALWARE!] Sample (via Objective-See, passwd: infect3d)
  • [LINK] ESET Analysis

My Upcoming Classes & Presentations:

I’ll be teaching my SANS FOR518 – Mac Forensic Analysis class at the following conferences, there are some bonus @Night presentations as well! I hope to see many of you at one of these conference some day!

[LINK] SANS Virginia Beach (Aug 28 – Sept 2) - This one is coming up soon! This conference is super chill and relaxed, and you get to watch fighter jets from the beach!

• @Night – The iOS of Sauron- How iOS Tracks Everything You Do

[LINK] SANS Network Security (Sept 12 – 17 in Las Vegas, NV) - Missed Vegas for Blackhat or DEF CON? Didn't get enough of it? Join me...if you're feelin' lucky! :)

• @Night – The iOS of Sauron- How iOS Tracks Everything You Do

[LINK] SANS DFIR Prague (Oct 3 –  8 in the Czech Republic), Stay for the Summit on the 9th!

[LINK] SANS San Francisco (Nov 27 – Dec 2) 

• @Night – iOS Location Forensics

[LINK] SANS Cyber Defense Initiative (Dec 12 – 17 in Washington, DC)

• @Night – The iOS of Sauron- How iOS Tracks Everything You Do

[LINK] SANS Cyber Threat Intelligence Summit (Jan 25 – 30 in Arlington, VA)

• @Night – The iOS of Sauron- How iOS Tracks Everything You Do