macOS – Cerbero Blog

APFS Format Package

We are happy to announce support for the Apple File System (APFS). The new APFS Format package lets you browse and extract files from APFS containers and volumes directly within the application.

APFS is Apple’s proprietary file system, introduced in 2017 as the default for macOS, iOS, watchOS, and tvOS. It replaced HFS+ with a modern design featuring copy-on-write metadata, space sharing across volumes, snapshots, clones, and transparent file compression. An APFS container holds one or more volumes that share the same underlying storage pool. Having native support in Cerbero Suite means analysts can inspect macOS and iOS disk images encountered during forensic investigations, malware analysis, or security research without needing external tools or a Mac.

Cerbero Suite 7.5 Release

We’re excited to unveil Cerbero Suite 7.5 and Cerbero Engine 4.5!

This release brings many improvements and UI polish, but most importantly, it introduces the Cerbero Suite User Manual.

The manual is designed to help both new users and seasoned analysts understand and leverage the suite’s extensive features, from rapid triage of threats to detailed dissections of suspect files.

In the rest of this post, we’ll explore other important improvements of this release.

Continue reading “Cerbero Suite 7.5 Release”

DSStore Format Package

We have released the DSStore Format package for all licenses of Cerbero Suite.

In Apple macOS, .DS_Store is a file that stores custom attributes of its containing folder, such as folder view options, icon positions, and other visual information. It is created and maintained by the Finder application in every folder and contains information that can be valuable for forensics purposes, such as file names and timestamps.

Continue reading “DSStore Format Package”