Top Ad unit 728 × 90

Latest News

random

Daily Blog #574: Forensic Lunch 12/21/18 Alissa Torres, Dr. Joe Sylve

Hello Reader,
        Today we had another Forensic Lunch! This week we had:


What a great show! You can watch the video here:

Daily Blog #574: Forensic Lunch 12/21/18 Alissa Torres, Dr. Joe Sylve Reviewed by David Cowen on December 21, 2018 Rating: 5

1 comment:

  1. David a couple of corrections:

    * libfsapfs (and therefore pyfsapfs, dfVFS and plaso) does support encryption also see readme: https://github.com/libyal/libfsapfs/blob/master/README and the plaso release notes: http://blog.kiddaland.net/2018/12/plaso-20181219-released.html
    * the testing I did with sleuthkit-APFS was on the first test images I could find (https://github.com/dfirlabs/apfs-specimens), no particular thorough testing (on the contrary) as Matthew might be implying (not sure from his comment)
    * In contrast what Joe says, an APFS container does not contain an unlimited amount of volumes, the current format maximum is 100 and there are restrictions to what size the container must be. This was also highlighted by the paper "Decoding the APFS file system" https://www.sciencedirect.com/science/article/pii/S1742287617301408?via%3Dihub

    Regarding APFS having no journal, (as Joe explained in technical terms) the file system is the journal. A thing Joe did not highlight in the conversation about recovery and snapshots, APFS decouples low-level block storage and file-system level storage, this can make recovery more challenging.


    ReplyDelete

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form

Name

Email *

Message *

Powered by Blogger.