Getting Saucy with APFS! presented at BSidesNewOrleans 2018

by Sarah Edwards,

Summary : Do you know what happens when a new file system comes out? ABSOLUTE MAYHEM! All your forensic analysis tools are broken and you are thrown into the forensic dark ages - stuck with just a hex editor and cold sweat.Ok, I might be slightly over dramatic but seriously, new file systems don’t come around very often, how do forensic analysts deal with this? APFS was introduced on iOS devices with 10.3 and natively on macOS with 10.13, High Sierra. This talk will go through the current state of Apple’s new Apple File System (APFS). Topics discussed will include file system features, imaging, analysis methods, and current tool support.

Sarah Edwards: Sarah is an experienced digital forensic examiner who has worked with various federal law enforcement agencies. She has performed a variety of investigations including criminal, counter-intelligence, and counter-terrorism. Sarah has a BS in Information Technology from Rochester Institute of Technology (2004) and a MS in Information Assurance from Capitol College (2010). Sarah’s day job at Harris Corporation consists of working with federal law enforcement to investigate intrusion incidents.