Kshitij Kumar and Jai Musunuri
AutoMacTC: Automating Mac Forensic Triage
Performing macOS incident response (IR) investigations can be challenging, considering the difficulties in quickly capturing, parsing and analyzing forensic data across disparate affected systems. Rec[…]
Hypervisor Jackpotting, Part 3: Lack of Antivirus Support Opens the Door to Adversary Attacks
Introduction Analysts that perform macOS forensics have had few, if any, artifacts of program execution to rely on during investigations — until now. In macOS 10.13 (High Sierra), Apple introduced Cor[…]