macOS Forensically Sound* Workstation Lockout with CrowdStrike Falcon and Jamf Pro

dan-snelson
Valued Contributor II
Designed as a possible last step before a MDM “Lock Computer” command, FSWL.bash *may aid in keeping a Mac computer online for investigation, while discouraging end-user tampering

FSWL Hero.png

Background

When a macOS computer is lost, stolen or involved in a security breach, the Mobile Device Management (MDM) Lock Computer command can be used as an “atomic” option to quickly bring some peace of mind to what are typically stressful situations, while the MDM Wipe Computer command can be used as the “nuclear” option.

For occasions where first forensically securing a macOS computer are preferred, the following approach may aid in keeping a device online for investigation, while discouraging end-user tampering.

Continue reading …

0 REPLIES 0