Difference between revisions of "Mac OS X"
From Forensics Wiki
Joachim Metz (Talk | contribs) |
Joachim Metz (Talk | contribs) |
||
| Line 27: | Line 27: | ||
* [[Acquiring a MacOS System with Target Disk Mode]] | * [[Acquiring a MacOS System with Target Disk Mode]] | ||
* [[Converting Binary Plists]] | * [[Converting Binary Plists]] | ||
| + | * [[FileVault Disk Encryption]] | ||
== External Links == | == External Links == | ||
Revision as of 13:41, 20 June 2012
|
|
Please help to improve this article by expanding it.
|
Apple Inc.'s Macintosh OS X (pronounced "OS Ten") is the operating system distributed with Apple computers. It includes heavily used several programs by default, including Apple Mail, a web browser called Safari, and an Apple Address Book, and iCal.
Contents |
Quarantine event database
See [1]
Snow Leopard and earlier
/Users/$USER/Library/Preferences/com.apple.LaunchServices.QuarantineEvents
SELECT datetime(LSQuarantineTimeStamp + 978307200, "unixepoch") as LSQuarantineTimeStamp, LSQuarantineAgentName, LSQuarantineOriginURLString, LSQuarantineDataURLString from LSQuarantineEvent;
Lion and later
/Users/$USER/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2
Package Files (.PKG)
Package Files (.PKG) are XAR archives [2] that contain a cpio archive and metadata [3].
Also see
- MacOS Process Monitoring
- Acquiring a MacOS System with Target Disk Mode
- Converting Binary Plists
- FileVault Disk Encryption
External Links
- Official website
- Wikipedia entry on OS X
- Quarantine event database
- Mac Forensics: Mac OS X and the HFS+ File System by P. Craiger
