Friday, October 27, 2017

Biskus APFS Capture

Thomas Tempelmann:

The first and only program to read APFS volumes for forensics analysis (DFIR).

While there are many programs available for capturing disk contents in general, Biskus APFS Capture is currently the only one that performs these operations on Apple’s new APFS file system format.

It does not yet support encrypted volumes (even if the password is known).

1 Comment RSS · Twitter

Yeah, if anyone is interested in "guessing" how the APFS code handles en/decryption, let me know. :)

Leave a Comment