Sealed Volumes
With the release of macOS 11, Apple added a security feature to APFS called sealed volumes. Sealed volumes can be...
Joe T. Sylve, Ph.D. – Blog
Posts (Page 2 of 3)
Data Streams
Data in APFS that is too large to store within records is stored elsewhere on disk and referenced by data...
Inode and Directory Records
Each APFS file system entry has both an inode and directory record. The inode record stores metadata such as the...
File System Trees
Each APFS volume has a logical file system stored on disk as a collection of File System Objects. Unlike other...
Volume Superblock Objects
The Volume Superblock is a data structure containing key information about an individual APFS volume. This post covers locating the...
Object Maps
Earlier in this series, we discussed APFS Containers and how they address physical objects via a fixed block size. This...
B-Trees (Part 2)
Mastering the skill of B-Tree traversal is essential in parsing information from APFS. Our last post gave an overview of...
B-Trees (Part 1)
In yesterday’s post, we discussed Checkpoint Maps, the simple linear-time data structures that APFS uses to manage persistent, ephemeral objects....
Checkpoint Maps and Ephemeral Objects
In our last post, we discussed NX Superblock Objects and how they can be used to locate the Checkpoint Descriptor...
NX Superblock Objects
The NX Superblock Object is a key component of APFS. It stores key information about the Container, such as the...