Cesar Quezada's Avatar

Cesar Quezada

@mcquezada

Digital forensics, incident response, and systems that tell stories. Also into fitness and tech. https://www.linkedin.com/in/mcquezada/

14
Followers 19
Following 13
Posts 18.11.2024
Joined
Posts Following

Latest posts by Cesar Quezada @mcquezada

Preview
πŸ•΅οΈβ€β™‚οΈ Inside macOS Tahoe: A Peek at Apple’s New Spotlight Attributes What are Spotlight Attributes? Spotlight was first introduced in June 2004 at the Worldwide Developers Conference [1]. It was billed as a tool that β€œlets users instantly find anything stored on the…

🧭 Three new Spotlight attributes… so far!

macOS Tahoe is quietly expanding Spotlight’s metadata attributes.

With Beta 2 just released, I’ll be digging deeper. For now, here’s what I’ve found so far.
πŸ‘‰ dfiros.com/2025/06/23/%...

#macOS #Tahoe #Spotlight #DigitalForensics #Apple #Forensics

23.06.2025 21:05 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Howard Oakley, Eclectic Light Co on X: "macOS Tahoe brings a new disk image format https://t.co/A7QKS8D7Fa via @howardnoakley" / X macOS Tahoe brings a new disk image format https://t.co/A7QKS8D7Fa via @howardnoakley

New disk image format in macOS Tahoe x.com/howardnoakle...

12.06.2025 13:10 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Disarming Code: System Programming, Debugging & Reverse Engineering in Linux, Android, Darwin Disarming Code: System Programming, Debugging & Reverse Engineering in Linux, Android, Darwin [Jonathan Levin] on Amazon.com. *FREE* shipping on qualifying offers. Disarming Code: System Programming, Debugging & Reverse Engineering in Linux, Android, Darwin

πŸ“˜ Disarming Code by Jonathan Levin is finally available πŸ“–
If you work in reverse engineering, digital forensics, or low level system internals across Linux, Android, or Darwin (macOS and iOS), this book is sure to be for you!

πŸ”— www.amazon.com/dp/099105550...

#DFIR #macOS #iOS #Android #Linux

11.06.2025 08:21 πŸ‘ 0 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

Living life on the edge of frustrations with the #AppleDeveloper Beta's. πŸ˜… My thoughts on the visual aspect of #Apple's OS 26 family:
πŸ“± iOS: meh
πŸ’» macOS: love it
πŸ“Ί tvOS: subtle
⌚ watchOS: plain
πŸ•ΆοΈ visionOS: TBD

10.06.2025 14:57 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

πŸ“² It’s that time again! iOS 26 Beta just droppedβ€”and for forensic examiners, that means new logs, artifacts, and security changes are coming. Time to dig in! πŸ” #iOS26 #DFIR #AppleForensics #DigitalForensics #WWDC25

09.06.2025 19:14 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
App Store - Support - Apple Developer

πŸ” Most iPhones already run iOS 18. That’s a challenge for #DFIR.

πŸ“± 82% of all iPhones
πŸ“Š 88% of devices from last 4 years
Source: developer.apple.com/support/app-...
Forensic hurdles:
β€’ Users enabling Lockdown Mode
β€’ Stolen Device Protection
β€’ USB Restricted Mode
β€’ Auto reboot = AFU β†’ BFU
#iOS

05.06.2025 17:43 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Cellebrite To Acquire Phone Forensics Startup Corellium For $200 Million Corellium founder and CEO Chris Wade is selling his startup to Cellebrite, law enforcement’s favorite cellphone forensics business.

🚨 Cellebrite is acquiring Corellium β€” big news for #MobileForensics.

🧠 AI + πŸ§ͺ virtualization = new possibilities

πŸ‘€ Look out for β€œMirror” β€” a beta tool that lets you create virtual iOS replicas for analysis.

πŸ”— www.forbes.com/sites/thomas...

#DFIR #Cellebrite #Corellium #DigitalForensics #iOS #AI

05.06.2025 16:45 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
dfirOS - start.me A startpage with online resources about dfirOS, created by Cesar Quezada.

πŸ” Into Apple forensics?

I built a resource hub for macOS, iOS, iPadOS, and watchOS DFIR tools, blogs, and test images β€” all free and open source.
πŸ“Ž start.me/p/bp5QAm/dfi...

πŸ’» Tools from here will also be used in Hexordia’s August macOS class.
πŸ“š learn.hexordia.com/courses/HMAC...

#DFIR #macOS #iOS

03.06.2025 20:47 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

We may have to start explaining the jump from iOS 17 to iOS 26 πŸ“±

It’s a rebrand, not 9 years of change. But in court, it can sound like it. Clarity matters when timelines are questioned βš–οΈ

#iOS26 #macOS #iOS #DFIR #DigitalForensics #AppleForensics

29.05.2025 12:32 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

APFS uses copy-on-write for metadata and most file data. When a file is modified, the new data is written to fresh blocks while the old data remains untouched until reused
Deleted data can persist in snapshots or unallocated space
#APFS #Forensics #macOS #DFIR

22.05.2025 22:49 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
https://youtu.be/N9fcBAvJWZs

πŸŽ™οΈ Thrilled to be a guest on @arcpoint-amy.bsky.social #DFIRmas podcast! πŸ”

Check it out here: t.co/KUHxGmWKid

Let me know your thoughts!

#DigitalForensics #MobileForensics #CyberSecurity #TechPodcast #Cyber #ARNG #Reserves #nationalguard #DFIR

23.12.2024 21:47 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Microsoft Teams Forensics Microsoft Teams is probably the most popular messaging app used in companies from various industries. People discuss in the chat about everything related to their work. Often these informations could ...

Fantastic write-up on Microsoft Teams forensics! Great insights for investigations! πŸ‘ Read it here: hexseven.pl/articles/mic... #DFIR #CyberSecurity #ForensicScience #InfoSec #MicrosoftTeams #IncidentResponse #ThreatHunting #DataAnalysis #TechInsights #CyberAwareness #Forensics

29.11.2024 00:05 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Capture The Flag 2025
Capture The Flag 2025 YouTube video by Magnet Forensics

#DFIR πŸ’­ of the Day: #CTFs are a fantastic way to learn!

They are a great way to learn providing access to forensic images and questions that can increase and challenge your skills.

Registration is now open for the Magnet Virtual Summit 2025 CTF powered by Hexordia. youtu.be/YNEnpwoADKs

22.11.2024 19:39 πŸ‘ 11 πŸ” 4 πŸ’¬ 0 πŸ“Œ 1

Wish I could have made it!

18.11.2024 14:02 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0