FindUSBMSC has been updated
EasyMetaData has updated FindUSBMSC. It’s a script to parse the system logs on macOS. It looks for USBMSC storage…
SUMURI’s Free Mac Forensics Guide
SUMURI presented a free step by step Mac forensics guide. You will learn how to obtain system date and time, image a data so…
APFS Timestamps
Yogesh Khatri has started his journey in Apple File System reverse engineering. He has checked APFS documentation and f…
SANS SQLite Pocket Reference Guide
This guide is a supplement to SANS FOR518: Mac Forensic Analysis and SANS FOR585: Advanced Smartphone Forensics, and enhance…
Steve Whalen on APFS Forensics
APFS is here! Macintosh forensics expert and SUMURI CEO Steve Whalen gives you the critical information you need to stay ahe…
Mac Admins Podcast, Episode 52: Digital Forensics on the Mac with Sarah Edwards
In the 52 episode of Mac Admins Podcast Sarah Edwards talks about Digital Forensics on the Mac, and using system tools,…
Decision-Theoretic File Carving
This article explores a novel approach to file carving by viewing it as a decision problem. This allows us to design algorit…
The Sleuth Kit 4.4.2 and Autopsy 4.4.1 have been released
New versions of your favourite open source DFIR tools – the Sleuth Kit and Autopsy, – have been released. The Sl…
Finding the Serial Number of a Mac from Disk Image
Yogesh Khatri has published a very useful post – he shows how to find the serial number of a Mac computer or laptop. T…
Mac MRU Parser – Spotlight Shortcuts & BLOB Parsing
Sarah Edwards has updated her Mac MRU Parser. Now it parses the Spotlight Shortcuts plist and also the Bookmark an…
