Only 2 days
Classroom
03/02/2025 (Monday)
Overview
This accelerated GIAC iOS and macOS Examiner (GIME) certification validates a practitioner's knowledge of Mac and iOS computer forensic analysis and incident response skills. GIME-certified professionals are well-versed in traditional investigations as well as intrusion analysis scenarios for compromised Apple devices.
Forensic professionals need tool independent training and certification to show they can tackle any Mac or iOS investigation whether it is traditional forensics or incident response. The GIME certification provides students the confidence they need to analyse data from any Apple device.
In just 2 days, you’ll also learn:
- Mac and iOS File Systems, System Triage, User and Application Data Analysis
- Mac and iOS Incident Response, Malware, and Intrusion Analysis
- Mac and iOS Memory Forensics and Timeline Analysis
At the end of this course, you’ll sit the GIAC exam, and achieve your GIAC iOS and macOS Examiner (GIME) certification. Through Firebrand’s Lecture | Lab | Review methodology, you’ll get certified at twice the speed of the traditional training and get access to courseware, learn from certified instructors, and train in a distraction-free environment.
Audience
This course is ideal for:
- Experienced Digital Forensic Analysts
- Law Enforcement Officers, Federal Agents, and Detectives
- Media Exploitation Analysts
- Incident Response Team Members
- Information Security Professionals who want to become knowledgeable about macOS and iOS system internals.
- SANS DFIR Alumni looking to round out their forensic skills.
Curriculum
- Module 1: Apple Application Analysis
- The candidate will analyze configurations and data for contacts, notes, wallet, photos, maps, screen time and apple watch applications.
- Module 2: Apple File System Artifacts
- The candidate will examine event artifacts created by file system operations, operating system use, Spotlight, and removable media devices.
- Module 3: Apple Systems Triage
- The candidate will prepare system triage with fundamental system artifacts. Triage information includes system identifiers, OS installation and backup dates, management profiles, network information, and user accounts.
- Module 4: Application Fundamentals
- The candidate will identify basic application data structures and construct SQL queries to examine the data. Document and iCloud analysis
- The candidate will distinguish changes across document versions and iCloud data.
- Module 5: Incident Response
- The candidate will examine artifacts created by malicious code and analyse volatile system artifacts. Introduction to Apple Operating Systems
- The candidate will differentiate between system acquisition and data types available for analysis.
- Module 6: Introduction to Disk and File Systems
- The candidate will identify key data types associated with Apple systems and mount system images for analysis.
- Module 7: Log Analysis and Timeline Creation
- The candidate will correlate key log types and create an event timeline.
- Module 8: Memory and Encrypted Container Analysis
- The candidate will analyse memory captures and use brute force techniques to access encrypted data for analysis.
- Module 9: Pattern of Life
- The candidate will organize system based artifacts to track user behaviour and habits.
- Module 10: Productivity Application Analysis
- The candidate will analyse configurations and data for mail, safari, communication, calendar and reminder applications.
- Module 11: User Data and System Configuration
- The candidate will identify artifacts created from system configuration and user data.
Exam Track
At the end of this accelerated course, you’ll sit the following exam at the Firebrand Training centre, covered Certification Guarantee:
GIAC iOS and macOS Examiner (GIME) exam
- Duration: 2 hours
- Format: 1 proctored exam
- Number of questions: 75 questions
- Passing score: Minimum passing score of 67%
Prerequisites
There are no prerequisites for this accelerated course.
What's Included
Your accelerated course includes:
- Accommodation *
- Meals, unlimited snacks, beverages, tea and coffee *
- On-site exams **
- Exam vouchers **
- Practice tests **
- Certification Guarantee ***
- Courseware
- Up-to 12 hours of instructor-led training each day
- 24-hour lab access
- Digital courseware **
* For residential training only. Accommodation is included from the night before the course starts. This doesn't apply for online courses.
** Some exceptions apply. Please refer to the Exam Track or speak with our experts.
*** Pass first time or train again free as many times as it takes, unlimited for 1 year. Just pay for accommodation, exams, and incidental costs.
Benefits
Seven reasons why you should sit your course with Firebrand Training
- Two options of training. Choose between residential classroom-based, or online courses
- You'll be certified fast. With us, you’ll be trained in record time
- Our course is all-inclusive. A one-off fee covers all course materials, exams**, accommodation* and meals*. No hidden extras.
- Pass the first time or train again for free. This is our guarantee. We’re confident you’ll pass your course the first time. But if not, come back within a year and only pay for accommodation, exams and incidental costs
- You’ll learn more. A day with a traditional training provider generally runs from 9 am – 5 pm, with a nice long break for lunch. With Firebrand Training you’ll get at least 12 hours/day of quality learning time, with your instructor
- You’ll learn faster. Chances are, you’ll have a different learning style to those around you. We combine visual, auditory and tactile styles to deliver the material in a way that ensures you will learn faster and more easily
- You’ll be studying with the best. We’ve been named in the Training Industry’s “Top 20 IT Training Companies of the Year” every year since 2010. As well as winning many more awards, we’ve trained and certified over 135,000 professionals
*For residential training only. Doesn't apply for online courses
**Some exceptions apply. Please refer to the Exam Track or speak with our experts
Think you are ready for the course? Take a FREE practice test to assess your knowledge! Free Practice Test