So, you wanna do mac forensics, but your department won't buy the mac forensics tools? You have a mac with the T2 chip and can't image with conventional imagers? Or T2 + FileVault/Encrypted APFS? Not to worry! Contrary to popular belief, you don't need expensive specialist tools to perform mac forensics. We explain the internals and show you how it's done with open source tools. From creating your own forensic boot disk to imaging and analysis of APFS on T2 macs, empower yourself with open source, and complement your existing forensic toolset! We'll showcase some new artifacts too.