top of page
Please access this website using a laptop / desktop or tablet for the best experience
Understanding macOS Document Versions and iCloud Storage, Syncing
macOS introduced the Versions feature in macOS 10.7 as an automatic backup system for certain document types. This allows users to...
-
Apr 17, 20254 min read
Using Pattern of Life (APOLLO) for macOS investigation
When investigating macOS, one of the most valuable sources of forensic data is the knowledgeC.db database . This database logs a wide...
-
Apr 16, 20254 min read
Analyzing Safari Browser, Apple Mail Data and Recents Database Artifacts on macOS
Safari, the default web browser for Apple devices, leaves behind various artifacts that can be useful for forensic analysis. These...
-
Apr 15, 20255 min read
Understanding macOS App Preference Files, (MRU) Files Shared File Lists and Account Artifacts for Digital Forensics
When analyzing applications on macOS, understanding where configuration files, databases, and caches are stored is crucial. These files...
-
Apr 14, 20254 min read
macOS Tracking Users Activity ,Autoruns Application-Level Firewall and Forensic Insights
When investigating a macOS system, understanding user accounts, logins, privilege escalations, and screen activity is crucial. Whether...
-
Apr 11, 20255 min read
macOS System Artifacts: macOS Finder, GUI Configurations, Time Changes, Bluetooth, Printing, and Sharing
macOS Finder Preferences Location: ~/Library/Preferences/com.apple.finder.plist Finder is the macOS equivalent of Windows Explorer,...
-
Apr 10, 20255 min read
Log Analysis on macOS(Part 2) : A Creative Approach
Logs are like digital breadcrumbs—traces of system activities that tell a story. But with millions of log entries, scrolling aimlessly...
-
Apr 9, 20257 min read
A Curious Case with SentinelOne: Same Rule, Different Behavior?
#### April, 2025, if this get resolved in future will update the same#### Hey folks! First off, a big thanks to everyone who’s been...
-
Apr 8, 20254 min read
Making Sense of macOS Logs(Part1): A User-Friendly Guide
If you've ever had to analyze logs from different systems, you know how frustrating it can be to correlate events across multiple time...
-
Apr 7, 20259 min read
macOS File System Events: The Power of Spotlight
Ever wondered how macOS allows users to instantly find files, emails, photos, and even downloaded apps? The magic behind this lies in...
-
Apr 5, 20253 min read
Investigating macOS File System Events: The Hidden Forensic Trail
Ever wondered how macOS keeps track of file system changes? Deep within the system lies a powerful yet often overlooked artifact—the...
-
Apr 2, 20254 min read
Exploring macOS Extended Attributes: The Hidden Metadata You Didn’t Know Existed
If you've ever wondered how macOS knows where a downloaded file came from or why certain files prompt security warnings, the answer lies...
-
Apr 1, 20254 min read
Understanding Partitioning Schemes, FileVault 2 and macOS Encryption: A User-Friendly Guide
When it comes to Mac systems, partitioning schemes play a crucial role in organizing data, managing storage, and ensuring smooth system...
-
Mar 31, 20256 min read
Identifying Malicious Software: A Guide for Incident Responders
One of the most critical challenges faced by incident responders is the rapid identification of suspicious and malicious software on a...
-
Mar 28, 20256 min read
Equifax to WazirX: Lessons in Cybersecurity Failures
Case Study I : Equifa Data Breach The 2017 Equifax data breach is one of the most significant cybersecurity incidents in recent history....
-
Mar 27, 20256 min read
Part 3 Code Injection : How to detect it and Finding Evil in Memory with MemProcFS FindEvil Plugin
When it comes to modern cyber threats, attackers are getting craftier with their code injection techniques. The old-school methods are...
-
Mar 26, 20255 min read
Part 2 Code Injection: How to Detect It
Lets continue where we left off The simplest form of this attack involves forcing a process to load a new DLL (Dynamic Link Library)....
-
Mar 25, 20253 min read
Why Code Injection is a Hacker's Favorite Trick and How to Detect It through Memory forensic
A common question that comes up a lot is: "If code injection is so easy to detect, why do attackers keep using it?" The simple answer?...
-
Mar 24, 20256 min read
Electron Application Forensics and Analyzing LevelDB in Digital Forensics: A Simple Guide
Electron is a game-changer in the world of app development. It allows developers to create desktop applications using web technologies...
-
Mar 22, 20254 min read
Private Browsing: What Really Gets Left Behind? and Recovering Deleted Browser Artifacts.
Private Browsing Private browsing modes in popular browsers like Chrome, Edge, and Firefox promise to leave no trace behind. They prevent...
-
Mar 21, 20254 min read
bottom of page