Go for Launch: Getting Started with Practical APOLLO Analysis
Sarah Edwards
BlackBag Technologies and SANS
The Apple Pattern of Life Lazy Output’er (APOLLO) Python script extracts an enormous amount of data from macOS and iOS devices. APOLLO automates hundreds of SQL queries on many databases and helps the analyst correlate the data via timestamps and activities. The hardest part is where to start your analysis, there can be millions of entries to filter through. This talk will go through some practical case examples to get you started with user activity, device status, application usage, and suspicious events.
About Sarah EdwardsSarah is a Senior Digital Forensics Researcher at BlackBag Technologies working in DC metro area specializing in Mac and Mobile Forensics. She has worked with various federal law enforcement agencies and has performed a variety of investigations including computer intrusions, criminal, and counter intelligence/terrorism/narcotics. Sarah’s research interests include anything and everything Apple related, mobile devices, digital profiling, and Mac and mobile device security. Sarah has presented at many industry security and forensic conferences and is the author/instructor of SANS FOR518 Mac Forensic Analysis and Incident Response.