Tag: File System

DMG Format Package

We are happy to announce support for Apple Disk Image (DMG) files. The new DMG Format package lets you inspect and extract the contents of DMG images directly within the application.

DMG is Apple’s native disk image format, widely used for distributing macOS software. A DMG file packages one or more partitions, each typically containing a file system such as APFS or HFS+. The data within these partitions is often compressed using algorithms like zlib, bzip2, LZFSE, LZMA, or ADC to reduce file size. Some DMG files are also encrypted with AES-128 or AES-256, requiring a password to access.

Having native DMG support in Cerbero Suite means analysts can examine macOS disk images encountered during forensic investigations, malware analysis, or software distribution review. Combined with our existing APFS and HFS+ support, this provides a complete pipeline for going from a DMG file all the way down to individual files within an APFS and HFS+ volumes.

APFS Format Package

We are happy to announce support for the Apple File System (APFS). The new APFS Format package lets you browse and extract files from APFS containers and volumes directly within the application.

APFS is Apple’s proprietary file system, introduced in 2017 as the default for macOS, iOS, watchOS, and tvOS. It replaced HFS+ with a modern design featuring copy-on-write metadata, space sharing across volumes, snapshots, clones, and transparent file compression. An APFS container holds one or more volumes that share the same underlying storage pool. Having native support in Cerbero Suite means analysts can inspect macOS and iOS disk images encountered during forensic investigations, malware analysis, or security research without needing external tools or a Mac.

UBI Format Package

We are happy to announce support for UBI images and the UBIFS file system. The new UBI Format package lets you inspect UBI volumes and browse UBIFS file systems directly within the application.

UBI (Unsorted Block Image) is a volume management layer for raw NAND flash memory, widely used in embedded Linux devices such as routers, IoT hardware, industrial controllers, and consumer electronics. A UBI image contains one or more logical volumes that may hold kernel images, SquashFS partitions, or UBIFS file systems. UBIFS is a log-structured file system designed specifically for UBI volumes, featuring a B-tree index and transparent data compression. Having native support in Cerbero Suite means analysts can inspect firmware dumps and flash images encountered during security research, vulnerability assessment, or forensic investigations without needing external tools.

SquashFS Format Package

We are happy to announce support for the SquashFS file system format. The new SquashFS Format package lets you browse and extract files from SquashFS images directly within the application.

SquashFS is a compressed, read-only file system widely used in Linux distributions, embedded devices, firmware images, container technologies, and snap/AppImage application packages. It supports multiple compression algorithms and is designed for high compression ratios with fast random access. Having native support in Cerbero Suite means analysts can inspect SquashFS images encountered during firmware analysis, malware triage, or forensic investigations without needing external tools.

Disk Format Package

We’re excited to announce the release of our Disk Format package, which adds support for parsing and analyzing disk layouts including MBR and GPT partition tables.

If a partition contains a supported file system, it will be automatically added as a child object. The package also enables exploration of the MBR boot code using the Carbon disassembler.