A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Getting Saucy with APFS! - The State of Apple’s New File System - Sarah Edwards (BSidesCharm 2018) (Hacking Illustrated Series InfoSec Tutorial Videos)

Getting Saucy with APFS! - The State of Apple’s New File System

Sarah Edwards
@iamevltwin

BSidesCharm 2018
http://www.bsidescharm.com

Do you know what happens when a new file system comes out? ABSOLUTE MAYHEM! All your forensic analysis tools are broken and you are thrown into the forensic dark ages - stuck with just a hex editor and cold sweat. Ok, I might be slightly over dramatic but seriously, new file systems don’t come around very often, how do forensic analysts deal with this? APFS was introduced on iOS devices with 10.3 and natively on macOS with 10.13, High Sierra. This talk will go through the current state of Apple’s new Apple File System (APFS). Topics discussed will include file system features, imaging, analysis methods, and current tool support.

Sarah is an senior digital forensic analyst who has worked with various federal law enforcement agencies. She has performed a variety of investigations including computer intrusions, criminal, counter‐intelligence, counter-narcotic, and counter‐terrorism. Sarah's research and analytical interests include Mac forensics, mobile device forensics, digital profiling and malware reverse engineering. Sarah has presented at many industry conferences including; Shmoocon, Bsides*, DEF CON and the SANS DFIR Summit. Sarah is the author of the SANS Mac Forensic Analysis Course - FOR518. She has a Bachelor of Science in Information Technology from Rochester Institute of Technology and a Masters in Information Assurance from Capitol College.

Back to BSidesCharm 2018 list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast