Tag: macOS

DMG Format Package

We are happy to announce support for Apple Disk Image (DMG) files. The new DMG Format package lets you inspect and extract the contents of DMG images directly within the application.

DMG is Apple’s native disk image format, widely used for distributing macOS software. A DMG file packages one or more partitions, each typically containing a file system such as APFS or HFS+. The data within these partitions is often compressed using algorithms like zlib, bzip2, LZFSE, LZMA, or ADC to reduce file size. Some DMG files are also encrypted with AES-128 or AES-256, requiring a password to access.

Having native DMG support in Cerbero Suite means analysts can examine macOS disk images encountered during forensic investigations, malware analysis, or software distribution review. Combined with our existing APFS and HFS+ support, this provides a complete pipeline for going from a DMG file all the way down to individual files within an APFS and HFS+ volumes.

APFS Format Package

We are happy to announce support for the Apple File System (APFS). The new APFS Format package lets you browse and extract files from APFS containers and volumes directly within the application.

APFS is Apple’s proprietary file system, introduced in 2017 as the default for macOS, iOS, watchOS, and tvOS. It replaced HFS+ with a modern design featuring copy-on-write metadata, space sharing across volumes, snapshots, clones, and transparent file compression. An APFS container holds one or more volumes that share the same underlying storage pool. Having native support in Cerbero Suite means analysts can inspect macOS and iOS disk images encountered during forensic investigations, malware analysis, or security research without needing external tools or a Mac.

Cerbero Suite 7.5 Release

We’re excited to unveil Cerbero Suite 7.5 and Cerbero Engine 4.5!

This release brings many improvements and UI polish, but most importantly, it introduces the Cerbero Suite User Manual.

The manual is designed to help both new users and seasoned analysts understand and leverage the suite’s extensive features, from rapid triage of threats to detailed dissections of suspect files.

In the rest of this post, we’ll explore other important improvements of this release.

Continue reading “Cerbero Suite 7.5 Release”

DSStore Format Package

We have released the DSStore Format package for all licenses of Cerbero Suite.

In Apple macOS, .DS_Store is a file that stores custom attributes of its containing folder, such as folder view options, icon positions, and other visual information. It is created and maintained by the Finder application in every folder and contains information that can be valuable for forensics purposes, such as file names and timestamps.

Continue reading “DSStore Format Package”