Difference between pages "Mac OS X" and "Category:Vaporware"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(New page: Category:Tools)
 
Line 1: Line 1:
{{Expand}}
+
[[Category:Tools]]
 
+
Apple Inc.'s Macintosh OS X (pronounced "'''OS Ten'''") is the operating system distributed with Apple computers. It includes heavily used several programs by default, including [[Apple Mail]], a web browser called [[Apple Safari | Safari]], and an [[Apple Address Book]], and [[iCal]].
+
 
+
== Quarantine event database ==
+
See [http://menial.co.uk/blog/2011/06/16/mac-quarantine-event-database/]
+
 
+
Snow Leopard and earlier
+
<pre>
+
/Users/$USER/Library/Preferences/com.apple.LaunchServices.QuarantineEvents
+
</pre>
+
 
+
<pre>
+
SELECT datetime(LSQuarantineTimeStamp + 978307200, "unixepoch") as LSQuarantineTimeStamp, LSQuarantineAgentName, LSQuarantineOriginURLString, LSQuarantineDataURLString from LSQuarantineEvent;
+
</pre>
+
 
+
Lion and later
+
<pre>
+
/Users/$USER/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2
+
</pre>
+
 
+
== Package Files (.PKG) ==
+
Package Files (.PKG) are XAR archives [http://en.wikipedia.org/wiki/Xar_(archiver)] that contain a cpio archive and metadata [http://s.sudre.free.fr/Stuff/Ivanhoe/FLAT.html].
+
 
+
== Also see ==
+
* [[MacOS Process Monitoring]]
+
* [[Acquiring a MacOS System with Target Disk Mode]]
+
* [[Converting Binary Plists]]
+
* [[FileVault Disk Encryption]]
+
* [[File Vault]]
+
 
+
== External Links ==
+
 
+
* [http://www.apple.com/macosx/ Official website]
+
* [http://en.wikipedia.org/wiki/OS_X Wikipedia entry on OS X]
+
* [http://menial.co.uk/blog/2011/06/16/mac-quarantine-event-database/ Quarantine event database]
+
* [http://www2.tech.purdue.edu/cit/Courses/cit556/readings/MacForensicsCraiger.pdf Mac Forensics: Mac OS X and the HFS+ File System] by P. Craiger
+
 
+
=== Apple Examiner ===
+
* [http://www.appleexaminer.com/ The Apple Examiner]
+
* [http://www.appleexaminer.com/MacsAndOS/Analysis/USBOSX/USBOSX.html USB Entries on OS X]
+
* [http://www.appleexaminer.com/Downloads/MacForensics.pdf Macintosh Forensics - A Guide for the Forensically Sound Examination of a Macintosh Computer] by Ryan R. Kubasiak
+
 
+
[[Category:Mac OS X]]
+
[[Category:Operating systems]]
+

Revision as of 20:07, 2 April 2007