Difference between revisions of "Mac OS X"

From ForensicsWiki
Jump to: navigation, search
(Quarantine event database)
(External Links)
Line 32: Line 32:
 
* [http://en.wikipedia.org/wiki/OS_X Wikipedia entry on OS X]
 
* [http://en.wikipedia.org/wiki/OS_X Wikipedia entry on OS X]
 
* [http://menial.co.uk/blog/2011/06/16/mac-quarantine-event-database/ Quarantine event database]
 
* [http://menial.co.uk/blog/2011/06/16/mac-quarantine-event-database/ Quarantine event database]
 +
* [http://www2.tech.purdue.edu/cit/Courses/cit556/readings/MacForensicsCraiger.pdf Mac Forensics: Mac OS X and the HFS+ File System]
 +
 +
=== Apple Examiner ===
 +
* [http://www.appleexaminer.com/ The Apple Examiner]
 +
* [http://www.appleexaminer.com/MacsAndOS/Analysis/USBOSX/USBOSX.html USB Entries on OS X]
 +
* [http://www.appleexaminer.com/Downloads/MacForensics.pdf Macintosh Forensics - A Guide for the Forensically Sound Examination of a Macintosh Computer] by Ryan R. Kubasiak
  
 
[[Category:Mac OS X]]
 
[[Category:Mac OS X]]
 
[[Category:Operating systems]]
 
[[Category:Operating systems]]

Revision as of 14:33, 20 June 2012

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Apple Inc.'s Macintosh OS X (pronounced "OS Ten") is the operating system distributed with Apple computers. It includes heavily used several programs by default, including Apple Mail, a web browser called Safari, and an Apple Address Book, and iCal.

Quarantine event database

See [1]

Snow Leopard and earlier

/Users/$USER/Library/Preferences/com.apple.LaunchServices.QuarantineEvents
SELECT datetime(LSQuarantineTimeStamp + 978307200, "unixepoch") as LSQuarantineTimeStamp, LSQuarantineAgentName, LSQuarantineOriginURLString, LSQuarantineDataURLString from LSQuarantineEvent;

Lion and later

/Users/$USER/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2

Package Files (.PKG)

Package Files (.PKG) are XAR archives [2] that contain a cpio archive and metadata [3].

Also see

External Links

Apple Examiner