Using Apple Sysdiagnose for Forensics and Integrity Check
Вставка
- Опубліковано 11 лют 2025
- David Durvaux (European Commission, BE), Aaron Kaplan (European Commission, AT), Emilien Le Jamtel (CERT-EU, FR)
David is leading EC DIGIT CSIRC and is active in the incident response field for more than a decade. He has work on many IT security incidents and especially on computer forensics aspects. David presented twice at the FIRST conference and in other conferences.
Aaron has been working at the national CERT of Austria between 2008 and 2020, he has a background in maths and computer science. Since 2020 he works for EC-DIGIT-CSIRC, the IT security team of the European Commission. He is the co-founder of intelmq.org, a tool for automating the typical tasks of IT security teams. Aaron is a regular speaker at IT security conferences such as FIRST, hack.lu, Blackhat, CCC. He also had the honor to serve as a FIRST board of director between 2014 and 2018 where he initialized multiple infrastructure projects such as misp.first.org. He believes in using automation, open source and machine learning for improving the lives of DFIR folks. In fact, he believes that without those tools, we won't be fast enough to keep up with attackers.
Emilien Le Jamtel is a cyber security expert since 15 years. After building its technical skill in offensive security, he joined CERT-EU in 2014 as a Threat Intelligence Analyst before quickly moving to the Digital Forensics and Incident Response team. Since 2021, Emilien is now leading the DevSecOps team responsible for the infrastructure and tooling used by CERT-EU staff. Emilien is a regular speaker at IT Security conferences such as FIRST, hack.lu, Botconf or NorthSec.
---
The talk will demonstrate how to use Sysdiagnose for forensics purposes of Apple devices. Sysdiagnose is a tool which was originally intended for other purposesThis approach was used successfully to detect the infamous Pegasus spyware on iOS devices.The presenters will share with the audience hands-on experiences and share what works and what does not work with this approach.
Thanks !