Cesar Quezada
@mcquezada.bsky.social
Digital forensics, incident response, and systems that tell stories. Also into fitness and tech. https://www.linkedin.com/in/mcquezada/
🧭 Three new Spotlight attributes… so far!
macOS Tahoe is quietly expanding Spotlight’s metadata attributes.
With Beta 2 just released, I’ll be digging deeper. For now, here’s what I’ve found so far.
👉 dfiros.com/2025/06/23/%...
#macOS #Tahoe #Spotlight #DigitalForensics #Apple #Forensics
macOS Tahoe is quietly expanding Spotlight’s metadata attributes.
With Beta 2 just released, I’ll be digging deeper. For now, here’s what I’ve found so far.
👉 dfiros.com/2025/06/23/%...
#macOS #Tahoe #Spotlight #DigitalForensics #Apple #Forensics
🕵️♂️ Inside macOS Tahoe: A Peek at Apple’s New Spotlight Attributes
What are Spotlight Attributes? Spotlight was first introduced in June 2004 at the Worldwide Developers Conference [1]. It was billed as a tool that “lets users instantly find anything stored on the…
dfiros.com
June 23, 2025 at 9:05 PM
🧭 Three new Spotlight attributes… so far!
macOS Tahoe is quietly expanding Spotlight’s metadata attributes.
With Beta 2 just released, I’ll be digging deeper. For now, here’s what I’ve found so far.
👉 dfiros.com/2025/06/23/%...
#macOS #Tahoe #Spotlight #DigitalForensics #Apple #Forensics
macOS Tahoe is quietly expanding Spotlight’s metadata attributes.
With Beta 2 just released, I’ll be digging deeper. For now, here’s what I’ve found so far.
👉 dfiros.com/2025/06/23/%...
#macOS #Tahoe #Spotlight #DigitalForensics #Apple #Forensics
New disk image format in macOS Tahoe x.com/howardnoakle...
Howard Oakley, Eclectic Light Co on X: "macOS Tahoe brings a new disk image format https://t.co/A7QKS8D7Fa via @howardnoakley" / X
macOS Tahoe brings a new disk image format https://t.co/A7QKS8D7Fa via @howardnoakley
x.com
June 12, 2025 at 1:10 PM
New disk image format in macOS Tahoe x.com/howardnoakle...
📘 Disarming Code by Jonathan Levin is finally available 📖
If you work in reverse engineering, digital forensics, or low level system internals across Linux, Android, or Darwin (macOS and iOS), this book is sure to be for you!
🔗 www.amazon.com/dp/099105550...
#DFIR #macOS #iOS #Android #Linux
If you work in reverse engineering, digital forensics, or low level system internals across Linux, Android, or Darwin (macOS and iOS), this book is sure to be for you!
🔗 www.amazon.com/dp/099105550...
#DFIR #macOS #iOS #Android #Linux
Disarming Code: System Programming, Debugging & Reverse Engineering in Linux, Android, Darwin
Disarming Code: System Programming, Debugging & Reverse Engineering in Linux, Android, Darwin [Jonathan Levin] on Amazon.com. *FREE* shipping on qualifying offers. Disarming Code: System Programming, Debugging & Reverse Engineering in Linux, Android, Darwin
www.amazon.com
June 11, 2025 at 8:21 AM
Living life on the edge of frustrations with the #AppleDeveloper Beta's. 😅 My thoughts on the visual aspect of #Apple's OS 26 family:
📱 iOS: meh
💻 macOS: love it
📺 tvOS: subtle
⌚ watchOS: plain
🕶️ visionOS: TBD
📱 iOS: meh
💻 macOS: love it
📺 tvOS: subtle
⌚ watchOS: plain
🕶️ visionOS: TBD
June 10, 2025 at 2:57 PM
Living life on the edge of frustrations with the #AppleDeveloper Beta's. 😅 My thoughts on the visual aspect of #Apple's OS 26 family:
📱 iOS: meh
💻 macOS: love it
📺 tvOS: subtle
⌚ watchOS: plain
🕶️ visionOS: TBD
📱 iOS: meh
💻 macOS: love it
📺 tvOS: subtle
⌚ watchOS: plain
🕶️ visionOS: TBD
📲 It’s that time again! iOS 26 Beta just dropped—and for forensic examiners, that means new logs, artifacts, and security changes are coming. Time to dig in! 🔍 #iOS26 #DFIR #AppleForensics #DigitalForensics #WWDC25
June 9, 2025 at 7:14 PM
📲 It’s that time again! iOS 26 Beta just dropped—and for forensic examiners, that means new logs, artifacts, and security changes are coming. Time to dig in! 🔍 #iOS26 #DFIR #AppleForensics #DigitalForensics #WWDC25
🔐 Most iPhones already run iOS 18. That’s a challenge for #DFIR.
📱 82% of all iPhones
📊 88% of devices from last 4 years
Source: developer.apple.com/support/app-...
Forensic hurdles:
• Users enabling Lockdown Mode
• Stolen Device Protection
• USB Restricted Mode
• Auto reboot = AFU → BFU
#iOS
📱 82% of all iPhones
📊 88% of devices from last 4 years
Source: developer.apple.com/support/app-...
Forensic hurdles:
• Users enabling Lockdown Mode
• Stolen Device Protection
• USB Restricted Mode
• Auto reboot = AFU → BFU
#iOS
App Store - Support - Apple Developer
developer.apple.com
June 5, 2025 at 5:43 PM
🔐 Most iPhones already run iOS 18. That’s a challenge for #DFIR.
📱 82% of all iPhones
📊 88% of devices from last 4 years
Source: developer.apple.com/support/app-...
Forensic hurdles:
• Users enabling Lockdown Mode
• Stolen Device Protection
• USB Restricted Mode
• Auto reboot = AFU → BFU
#iOS
📱 82% of all iPhones
📊 88% of devices from last 4 years
Source: developer.apple.com/support/app-...
Forensic hurdles:
• Users enabling Lockdown Mode
• Stolen Device Protection
• USB Restricted Mode
• Auto reboot = AFU → BFU
#iOS
🚨 Cellebrite is acquiring Corellium — big news for #MobileForensics.
🧠 AI + 🧪 virtualization = new possibilities
👀 Look out for “Mirror” — a beta tool that lets you create virtual iOS replicas for analysis.
🔗 www.forbes.com/sites/thomas...
#DFIR #Cellebrite #Corellium #DigitalForensics #iOS #AI
🧠 AI + 🧪 virtualization = new possibilities
👀 Look out for “Mirror” — a beta tool that lets you create virtual iOS replicas for analysis.
🔗 www.forbes.com/sites/thomas...
#DFIR #Cellebrite #Corellium #DigitalForensics #iOS #AI
Cellebrite To Acquire Phone Forensics Startup Corellium For $200 Million
Corellium founder and CEO Chris Wade is selling his startup to Cellebrite, law enforcement’s favorite cellphone forensics business.
www.forbes.com
June 5, 2025 at 4:45 PM
🚨 Cellebrite is acquiring Corellium — big news for #MobileForensics.
🧠 AI + 🧪 virtualization = new possibilities
👀 Look out for “Mirror” — a beta tool that lets you create virtual iOS replicas for analysis.
🔗 www.forbes.com/sites/thomas...
#DFIR #Cellebrite #Corellium #DigitalForensics #iOS #AI
🧠 AI + 🧪 virtualization = new possibilities
👀 Look out for “Mirror” — a beta tool that lets you create virtual iOS replicas for analysis.
🔗 www.forbes.com/sites/thomas...
#DFIR #Cellebrite #Corellium #DigitalForensics #iOS #AI
🔍 Into Apple forensics?
I built a resource hub for macOS, iOS, iPadOS, and watchOS DFIR tools, blogs, and test images — all free and open source.
📎 start.me/p/bp5QAm/dfi...
💻 Tools from here will also be used in Hexordia’s August macOS class.
📚 learn.hexordia.com/courses/HMAC...
#DFIR #macOS #iOS
I built a resource hub for macOS, iOS, iPadOS, and watchOS DFIR tools, blogs, and test images — all free and open source.
📎 start.me/p/bp5QAm/dfi...
💻 Tools from here will also be used in Hexordia’s August macOS class.
📚 learn.hexordia.com/courses/HMAC...
#DFIR #macOS #iOS
dfirOS - start.me
A startpage with online resources about dfirOS, created by Cesar Quezada.
start.me
June 3, 2025 at 8:47 PM
🔍 Into Apple forensics?
I built a resource hub for macOS, iOS, iPadOS, and watchOS DFIR tools, blogs, and test images — all free and open source.
📎 start.me/p/bp5QAm/dfi...
💻 Tools from here will also be used in Hexordia’s August macOS class.
📚 learn.hexordia.com/courses/HMAC...
#DFIR #macOS #iOS
I built a resource hub for macOS, iOS, iPadOS, and watchOS DFIR tools, blogs, and test images — all free and open source.
📎 start.me/p/bp5QAm/dfi...
💻 Tools from here will also be used in Hexordia’s August macOS class.
📚 learn.hexordia.com/courses/HMAC...
#DFIR #macOS #iOS
We may have to start explaining the jump from iOS 17 to iOS 26 📱
It’s a rebrand, not 9 years of change. But in court, it can sound like it. Clarity matters when timelines are questioned ⚖️
#iOS26 #macOS #iOS #DFIR #DigitalForensics #AppleForensics
It’s a rebrand, not 9 years of change. But in court, it can sound like it. Clarity matters when timelines are questioned ⚖️
#iOS26 #macOS #iOS #DFIR #DigitalForensics #AppleForensics
May 29, 2025 at 12:32 PM
We may have to start explaining the jump from iOS 17 to iOS 26 📱
It’s a rebrand, not 9 years of change. But in court, it can sound like it. Clarity matters when timelines are questioned ⚖️
#iOS26 #macOS #iOS #DFIR #DigitalForensics #AppleForensics
It’s a rebrand, not 9 years of change. But in court, it can sound like it. Clarity matters when timelines are questioned ⚖️
#iOS26 #macOS #iOS #DFIR #DigitalForensics #AppleForensics
APFS uses copy-on-write for metadata and most file data. When a file is modified, the new data is written to fresh blocks while the old data remains untouched until reused
Deleted data can persist in snapshots or unallocated space
#APFS #Forensics #macOS #DFIR
Deleted data can persist in snapshots or unallocated space
#APFS #Forensics #macOS #DFIR
May 22, 2025 at 10:49 PM
APFS uses copy-on-write for metadata and most file data. When a file is modified, the new data is written to fresh blocks while the old data remains untouched until reused
Deleted data can persist in snapshots or unallocated space
#APFS #Forensics #macOS #DFIR
Deleted data can persist in snapshots or unallocated space
#APFS #Forensics #macOS #DFIR
🎙️ Thrilled to be a guest on @arcpoint-amy.bsky.social #DFIRmas podcast! 🔍
Check it out here: t.co/KUHxGmWKid
Let me know your thoughts!
#DigitalForensics #MobileForensics #CyberSecurity #TechPodcast #Cyber #ARNG #Reserves #nationalguard #DFIR
Check it out here: t.co/KUHxGmWKid
Let me know your thoughts!
#DigitalForensics #MobileForensics #CyberSecurity #TechPodcast #Cyber #ARNG #Reserves #nationalguard #DFIR
https://youtu.be/N9fcBAvJWZs
t.co
December 23, 2024 at 9:47 PM
🎙️ Thrilled to be a guest on @arcpoint-amy.bsky.social #DFIRmas podcast! 🔍
Check it out here: t.co/KUHxGmWKid
Let me know your thoughts!
#DigitalForensics #MobileForensics #CyberSecurity #TechPodcast #Cyber #ARNG #Reserves #nationalguard #DFIR
Check it out here: t.co/KUHxGmWKid
Let me know your thoughts!
#DigitalForensics #MobileForensics #CyberSecurity #TechPodcast #Cyber #ARNG #Reserves #nationalguard #DFIR
Reposted by Cesar Quezada
#DFIR 💭 of the Day: #CTFs are a fantastic way to learn!
They are a great way to learn providing access to forensic images and questions that can increase and challenge your skills.
Registration is now open for the Magnet Virtual Summit 2025 CTF powered by Hexordia. youtu.be/YNEnpwoADKs
They are a great way to learn providing access to forensic images and questions that can increase and challenge your skills.
Registration is now open for the Magnet Virtual Summit 2025 CTF powered by Hexordia. youtu.be/YNEnpwoADKs
Capture The Flag 2025
YouTube video by Magnet Forensics
youtu.be
November 22, 2024 at 7:39 PM
#DFIR 💭 of the Day: #CTFs are a fantastic way to learn!
They are a great way to learn providing access to forensic images and questions that can increase and challenge your skills.
Registration is now open for the Magnet Virtual Summit 2025 CTF powered by Hexordia. youtu.be/YNEnpwoADKs
They are a great way to learn providing access to forensic images and questions that can increase and challenge your skills.
Registration is now open for the Magnet Virtual Summit 2025 CTF powered by Hexordia. youtu.be/YNEnpwoADKs