Digital Forensic Researcher and Educator
The Model Context Protocol (MCP) lets LLMs call external tools, and for reverse engineers the obvious application is connecting an LLM to IDA Pro —...
Read more : Announcing ida-mcp 2.0: A Headless MCP Server for IDA ProAn 18-part deep dive into the Apple File System covering on-disk structures, B-Trees, encryption, and more.
View the series : APFS InternalsPSpice is a SPICE circuit simulator from Cadence Design Systems that encrypts proprietary semiconductor model files to protect vendor IP...
As 2022 ends, so does my APFS Advent Challenge. Deciding at the last minute to write this series of blogs...
As we discussed in an earlier post, Apple’s Fusion Drives combine the storage capacity of a hard disk drive (HDD)...
Our previous post covered how Object Maps facilitate the implementation of point-in-time Snapshots of APFS file systems by preserving File...
Now that we know how to parse the File System Tree, analyze keybags, and unwrap decryption keys, it’s time to...
This is a quick update to yesterday’s post on using std::experimental::simd to speed up APFS Fletcher-64 calculations. It turns out...
Today’s post will take on a bit of a different style than the previous posts in this series. Among other...
In our last post, we discussed both Volume and Container Keybags and how they protect wrapped Volume Encryption and Key...
APFS is designed with encryption in mind and removes the need for the Core Storage layer used to provide encryption...