Authors: Bhargav Rathod

DFRWS APAC 2025

Abstract

macOS’s growing popularity has led to its rapid adoption across both enterprise and personal environments. In response, DFIR analysts and researchers must be well-equipped to navigate the unique characteristics of the macOS ecosystem. This practical workshop explores lesser known yet critical aspects of macOS, including an understanding of its core components, forensic artifacts, and real-world scenarios encountered during DFIR and malware investigations. The workshop emphasizes the use of free and open-source software (FOSS) for the extraction and analysis of macOS artifacts. Attendees will gain a distinctive perspective and hands-on experience with macOS forensics—an essential skillset in a landscape traditionally dominated by Windows.

Learning Objectives

  • macOS Built-in Security: Exploring the built-in security features of macOS and how they contribute to system protection.
  • Understanding macOS Forensic Artifacts: Identifying and interpreting key forensic artifacts, including PLISTs, SQLite databases, and system logs. macOS DFIR with FOSS Collecting and analyzing forensic data from macOS systems using free and open-source tools.
  • Investigating macOS for Malicious Activity: Detecting signs of compromise by examining LaunchAgents, LaunchDaemons, login items, and system configuration databases — supported by case studies and hands-on artifact analysis.

Experience Level

Beginner to Intermediate.
Basic understanding of UNIX/Linux CLI

Description

This workshop invites you to dive deep into the macOS ecosystem and uncover its forensic secrets using free and open-source tools.

Preparation Details

All the participants are required to bring their own Mac device for the workshop.

Requirements:

macOS 15+ (Intel or M series)

Tools:

DB Browser for SQLite
Exiftool
Apparancy
Aftermath

 

Biography

Bhargav Rathod
Bhargav Rathod

Bhargav works at Unit 42, Palo Alto Networks as a Staff MDR Analyst and is ignited by the thrill of uncovering hidden digital trails and solving complex cybersecurity puzzles. With an insatiable curiosity and a relentless pursuit of knowledge in Digital Forensics and Incident Response (DFIR) and Malware Analysis, he brings a unique perspective to the field, transforming challenges into opportunities for innovation.

He has a passion for mentoring young and aspiring cybersecurity professionals and fostering a culture of continuous and innovative learning. His interest areas are DFIR & Malware Analysis (iOS and macOS).

 

Downloads