Speakers‎ > ‎

Getting Saucy with APFS! - The State of Apple’s New File System

Getting Saucy with APFS! - The State of Apple’s New File System
Do you know what happens when a new file system comes out? ABSOLUTE MAYHEM! All your forensic analysis tools are broken and you are thrown into the forensic dark ages - stuck with just a hex editor and cold sweat.

Ok, I might be slightly over dramatic but seriously, new file systems don’t come around very often, how do forensic analysts deal with this? APFS was introduced on iOS devices with 10.3 and natively on macOS with 10.13, High Sierra. This talk will go through the current state of Apple’s new Apple File System (APFS). Topics discussed will include file system features, imaging, analysis methods, and current tool support.

Presenter: Sarah Edwards (@iamevltwin)
Sarah is an senior digital forensic analyst who has worked with various federal law enforcement agencies. She has performed a variety of investigations including computer intrusions, criminal, counter-intelligence, counter-narcotic, and counter-terrorism. Sarah's research and analytical interests include Mac forensics, mobile device forensics, digital profiling and malware reverse engineering. Sarah has presented at many industry conferences including; Shmoocon, Bsides*, DEF CON and the SANS DFIR Summit. Sarah is the author of the SANS Mac Forensic Analysis Course - FOR518. She has a Bachelor of Science in Information Technology from Rochester Institute of Technology and a Masters in Information Assurance from Capitol College.