- Mac and iOS File Systems, System Triage, User and Application Data Analysis
- Mac and iOS Incident Response, Malware, and Intrusion Analysis
- Mac and iOS Memory Forensics and Timeline Analysis
Who is GIME for?
- Experienced Digital Forensic Analysts
- Law Enforcement Officers, Federal Agents, and Detectives
- Media Exploitation Analysts
- Incident Response Team Members
- Information Security Professionals who want to become knowledgeable about MacOS and iOS system internals.
- SANS DFIR Alumni looking to round out their forensic skills.
- 1 proctored exam
- 75 questions
- 2 hours
- Minimum passing score of 67%
*No specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering computer information security. Another option is any relevant courses from training providers, including SANS.*
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
Exam Certification Objectives & Outcome Statements
- Apple Application Analysis The candidate will analyze configurations and data for contacts, notes, wallet, photos, maps, screen time and apple watch applications.
- Apple File System Artifacts The candidate will examine event artifacts created by file system operations, operating system use, Spotlight, and removable media devices.
- Apple Systems Triage The candidate will prepare system triage with fundamental system artifacts. Triage information includes system identifiers, OS installation and backup dates, management profiles, network information, and user accounts.
- Application Fundamentals The candidate will identify basic application data structures and construct SQL queries to examine the data.
- Document and iCloud analysis The candidate will distinguish changes across document versions and iCloud data.
- Incident Response The candidate will examine artifacts created by malicious code and analyze volatile system artifacts.
- Introduction to Apple Operating Systems The candidate will differentiate between system acquisition and data types available for analysis.
- Introduction to Disk and File Systems The candidate will identify key data types associated with Apple systems and mount system images for analysis.
- Log Analysis and Timeline Creation The candidate will correlate key log types and create an event timeline.
- Memory and Encrypted Container Analysis The candidate will analyze memory captures and use brute force techniques to access encrypted data for analysis.
- Pattern of Life The candidate will organize system based artifacts to track user behavior and habits.
- Productivity Application Analysis The candidate will analyze configurations and data for mail, safari, communication, calendar and reminder applications.
- User Data and System Configuration The candidate will identify artifacts created from system configuration and user data.
- Training is available in a variety of modalities including live conference training, online, and self-study.
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College-level courses or study through another program may meet the needs for mastery.
- The procedure to contest exam results can be found at https://www.giac.org/policies/feedback.