Blog

Forensic notes from the field.

Technical deep-dives on macOS artifacts, evidence integrity, and the nuts and bolts of building a forensic tool.

January 28, 2026Toby Vervaart
Introducing macfor 1.0: Open-Source macOS Forensics
After months of development and testing, we're excited to announce the first stable release of macfor, an open-source macOS forensic collection tool.
Read article
January 25, 2026Toby Vervaart
How We Parse Safari's Binary Cookie Format
A technical deep-dive into Safari's proprietary binarycookies format and how macfor extracts forensic evidence from it.
Read article
January 20, 2026Toby Vervaart
Building File System Timelines with FSEvents
Learn how macOS FSEvents journals can reveal file activity that other artifacts miss, and how to leverage them in your investigations.
Read article
January 15, 2026Toby Vervaart
Designing a Forensically Sound Evidence Container
How we designed macfor's evidence container format to meet ISO 27037 requirements while remaining practical for real-world investigations.
Read article