Congratulations to Thomas Tempelmann, who has brought to market the first system for performing forensic analysis (‘DFIR’) on APFS file systems.

His app, Biskus APFS Capture, is available for macOS (10.8 and later) and Windows (most forensic analysis is performed on Windows hosts), and performs a full analysis on file system metadata. It can export those metadata in CSV format for spreadsheets, or to an SQLite database, browse all directories, and copy any or all files.

Currently, it is unable to unlock encrypted volumes, given their password, but Thomas is working on that.

This is a serious tool for the forensic analyst, not for the merely curious. It is currently available in an early bird offer, at a cost of around £/$/€ 160, from its website here.