🤨
Has $8
| Blog | https://jtsylve.blog |
| https://www.linkedin.com/in/jtsylve/ |
Joe Sylve 
- 143 Followers
- 32 Following
- 86 Posts
Independent Digital Forensics and Cyber Security Researcher
Has $8
Has $8
Volexity 
This is a great synopsis from Objective-See of The Mac Malware of 2022. It was certainly a productive year for #macOS #malware analysts & researchers. Thank you for including our #GIMMICK malware analysis + IOCs! #dfir #threatintel
My 2022 #DFIR APFS Advent Challenge has ended.
Throughout the month, I wrote around 20 APFS-related posts and donated $500 to humanitarian aid for Ukraine.
It was a challenging and rewarding process.
https://jtsylve.blog/post/2022/12/30/Challenge-Retrospective
2022 APFS Advent Challenge Day 22 - Retrospective
As 2022 ends, so does my APFS Advent Challenge. Deciding at the last minute to write this series of blogs turned out to be even more challenging than expected. Life tends to find a way to complicate things, and December was no exception for me this year. I am glad I stuck with the challenge and hope that the information provided in the series was of some value to you.
My 2022 #DFIR APFS Advent Challenge has ended.
Throughout the month, I wrote around 20 APFS-related posts and donated $500 to humanitarian aid for Ukraine.
It was a challenging and rewarding process.
https://jtsylve.blog/post/2022/12/30/Challenge-Retrospective
2022 APFS Advent Challenge Day 22 - Retrospective
As 2022 ends, so does my APFS Advent Challenge. Deciding at the last minute to write this series of blogs turned out to be even more challenging than expected. Life tends to find a way to complicate things, and December was no exception for me this year. I am glad I stuck with the challenge and hope that the information provided in the series was of some value to you.
1password is encouraging me to store my one-time password seeds in their vault. It seems to me that storing this information along with the credentials defeats the entire purpose of the second factor.
You can learn more about APFS Fusion Containers in the day 21 post of my #DFIR APFS Advent Challenge.
Only one more post to go!
2022 APFS Advent Challenge Day 21 - Fusion Containers
As we discussed in an earlier post, Apple’s Fusion Drives combine the storage capacity of a hard disk drive (HDD) with the faster access speed of a solid state drive (SSD). The HDD is the primary storage device, and the SSD acts as a cache for recently accessed data. However, the Fusion Drive does not have built-in caching logic, and the operating system treats the two drives as separate storage devices. Apple created Core Storage to support the desired caching capabilities and the ability to pool the storage of each device into a single logical volume. APFS removes the need for Core Storage by having first-class support for this tiered storage model. This post will go into more detail about APFS Fusion Containers.
You can learn more about APFS Fusion Containers in the day 21 post of my #DFIR APFS Advent Challenge.
Only one more post to go!
2022 APFS Advent Challenge Day 21 - Fusion Containers
As we discussed in an earlier post, Apple’s Fusion Drives combine the storage capacity of a hard disk drive (HDD) with the faster access speed of a solid state drive (SSD). The HDD is the primary storage device, and the SSD acts as a cache for recently accessed data. However, the Fusion Drive does not have built-in caching logic, and the operating system treats the two drives as separate storage devices. Apple created Core Storage to support the desired caching capabilities and the ability to pool the storage of each device into a single logical volume. APFS removes the need for Core Storage by having first-class support for this tiered storage model. This post will go into more detail about APFS Fusion Containers.
Taking some time to catch up on reading the books that I've collected this year but haven't gotten a chance to open. I've found that Packt #books can be hit or miss quality wise, but "The Art of Writing Efficient Programs" by Fedor Pikus stands apart. Highly recommend, especially if C++ is your language of choice.
Day 20 of the #DFIR APFS Advent Challenge blog series discusses additional sources of Snapshot metadata.
2022 APFS Advent Challenge Day 20 - Snapshot Metadata
Our previous discussion discussed how Object Maps facilitate the implementation of point-in-time Snapshots of APFS file systems by preserving File System Tree Nodes from earlier transactions. In that discussion, I outlined the on-disk structure of the Object Map Snapshot Tree and how it can be used to enumerate the transaction identifiers of each Volume Snapshot. Today, we will briefly discuss two other sources of information that store additional metadata about each Snapshot.
Watching "A Bridge Too Far" and this is still my favorite scene.
