Wrapped Keys
In our last post, we discussed both Volume and Container Keybags and how they protect wrapped Volume Encryption and Key...
Joe T. Sylve, Ph.D. – Blog
Posts (Page 2 of 3)
Keybags
APFS is designed with encryption in mind and removes the need for the Core Storage layer used to provide encryption...
Sealed Volumes
With the release of macOS 11, Apple added a security feature to APFS called sealed volumes. Sealed volumes can be...
Data Streams
Data in APFS that is too large to store within records is stored elsewhere on disk and referenced by data...
Inode and Directory Records
Each APFS file system entry has both an inode and directory record. The inode record stores metadata such as the...
File System Trees
Each APFS volume has a logical file system stored on disk as a collection of File System Objects. Unlike other...
Volume Superblock Objects
The Volume Superblock is a data structure containing key information about an individual APFS volume. This post covers locating the...
Object Maps
Earlier in this series, we discussed APFS Containers and how they address physical objects via a fixed block size. This...
B-Trees (Part 2)
Mastering the skill of B-Tree traversal is essential in parsing information from APFS. Our last post gave an overview of...
B-Trees (Part 1)
In yesterday’s post, we discussed Checkpoint Maps, the simple linear-time data structures that APFS uses to manage persistent, ephemeral objects....