[sleuthkit-developers] [Sleuth Kit - APFS Filesystem] How to dump from APFS file system to POOL image?

[김형찬 <hj1...@aj...>]

I am a researcher at ICS Lab, Ajou University in South Korea.

I'm publishing papers with dfrws for forensic research for 2019 and 2020
and I'm interested in using tsk.

I am currently testing APFS, and I have a question on how to create a pool
type image.

I tried to create an APFS file system using two methods and then create an
image using the dd command.

The first method is to create a partition using macOS's basic disk utility,
add a volume to the partition, and then use the dd command.

The second method used the dd command after creating the volume using
macOS' basic disk utility.

However, these methods output an error message that the file system type
error cannot be determined.

I want to see how to create a pool type image to test TSK-APFS.

I am waiting for answer.