The goal of this workshop is to equip participants with the essential knowledge and practical skills needed to perform forensic analysis of macOS systems in the context of modern threats.
Although macOS devices still represent a smaller share of enterprise environments compared to Windows, they are increasingly targeted by threat actors. As a result, macOS security and forensic analysis remain less mature and underrepresented in many organizations’ defensive strategies. Recent industry reports — including findings from Red Canary showing a 400% increase in macOS-related threats between 2023 and 2024 — highlight the urgent need for improved visibility and expertise in this area.

This workshop will guide participants through the fundamental steps of conducting macOS forensic investigations, including:

- Creating logical and triage images of macOS devices
- Identifying and interpreting key system artifacts
- Investigating artifacts for evidence of threat actor activity
- Utilizing common forensic tools to support analysis
- Understanding the evolving macOS threat landscape

By the end of this workshop, participants will be able to independently conduct forensic investigations on macOS systems and will receive additional resources to support continued learning and future casework.