Joe T. Sylve, Ph.D. – Digital Forensic Researcher and Educator

PSpice is a SPICE circuit simulator from Cadence Design Systems that encrypts proprietary semiconductor model files to protect vendor IP...

Security research

Mar 18, 2026

As 2022 ends, so does my APFS Advent Challenge. Deciding at the last minute to write this series of blogs...

As we discussed in an earlier post, Apple’s Fusion Drives combine the storage capacity of a hard disk drive (HDD)...

APFS Internals · Part 26

Dec 29, 2022

Earlier in this series, we covered how Object Maps facilitate the implementation of point-in-time Snapshots of APFS file systems by...

APFS Internals · Part 24

Dec 28, 2022

Now that we know how to parse the File System Tree, analyze keybags, and unwrap decryption keys, it’s time to...

APFS Internals · Part 22

Dec 26, 2022

This is a quick update to yesterday’s post on using std::experimental::simd to speed up APFS Fletcher-64 calculations. It turns out...

High performance computing

Dec 24, 2022

Today’s post will take on a bit of a different style than the previous posts in this series. Among other...

File systems

Dec 23, 2022

In our last post, we discussed both Volume and Container Keybags and how they protect wrapped Volume Encryption and Key...

APFS Internals · Part 21

Dec 22, 2022

APFS is designed with encryption in mind and removes the need for the Core Storage layer used to provide encryption...

APFS Internals · Part 20

Dec 21, 2022

With the release of macOS 11, Apple added a security feature to APFS called sealed volumes. Sealed volumes can be...

APFS Internals · Part 19

Dec 20, 2022

Joe T. Sylve, Ph.D. – Blog