Here is a nice presentation by Safaa Hraiz on BTRFS forensic analysis:

Here is Vladimir Katalov’s, Elcomsoft CEO, presentation from HITB Security Conference 2017 about iCloud syncing and two-factor authentication: