Explore incident response techniques for macOS in this 52-minute conference talk from BSides Cleveland 2019. Learn about forensic and IR collection methods, investigating login items, kernel extensions, startup items, and processes. Discover how to analyze install history, browser data, quarantine information, bash configurations, and system logs. Gain insights into using Python's os.walk and os.stat for file system analysis, and explore additional tools for effective macOS incident response.