Digital Forensic Researcher and Educator
APFS supports transparent file compression through the DECMPFS (Decompression File System) framework, shared with HFS+. Compressed files appear normal to applications but store their data...
Read more : Transparent Compression (DECMPFS)A 27-part deep dive into the Apple File System covering on-disk structures, B-Trees, encryption, and more.
View the series : APFS InternalsIn our post on Inode and Directory Records, we noted that a single inode may be referenced by more than...
APFS containers include an embedded EFI driver that allows UEFI firmware to boot from APFS partitions without requiring a built-in...
SpiceCrypt 3.0.0 is out. When I introduced SpiceCrypt in March, it decrypted PSpice and LTspice model files so engineers could...
In our post on Containers, we introduced the Reaper as the subsystem responsible for garbage collection in APFS. The Reaper...
In our earlier post on Containers, we introduced the Space Manager as the subsystem responsible for tracking which blocks are...
Back in 2022 I started the APFS Advent Challenge: a daily run of posts dissecting the on-disk internals of Apple’s...
When I started building ida-mcp, the goal was simple: give an LLM headless access to IDA Pro through MCP (Model...
ida-mcp 2.2.0 is out. This release removes the friction between what the LLM wants to do and what MCP lets...
ida-mcp 2.1.0 is out. This release focuses on making the LLM a more efficient analyst: fewer wasted tool calls, less...