While Microsoft dominates the household market and many network systems, other popular operation systems such as Apple and Linux are also very much in use and likely to have to be examined by the forensic practitioner. The following subsections provide a brief introduction to these systems.
Apple Macintosh devices use a different operating system (currently called OS X), which, unlike Microsoft's systems, enables applications to run independently of users, who do not have direct access to the filesystem. Simplicity and convenience is the general convention, which is based on the Unix filesystem.
Applications installed on an Apple machine have limited interaction with the filesystem, being restricted from doing so from within directories inside the application's sandbox. The sandbox protects systems and users from malware attacks. In effect, it limits the access privileges of each application to tighten the security...