101 Questions
Which operating system was developed as a replacement for Apple DOS 3.3 and had more support for programming, including assembly and BASIC?
ProDOS
What was the name of the first edition of the Apple DOS released in 1978?
Apple DOS 3.1
Which Apple II model was the first to feature color graphics in a plastic case with a built-in keyboard?
Apple II+
What was the acronym SOS in Apple SOS operating system stood for?
Sophisticated Operating System
Which Apple II model was released as a 16-bit computer, unlike its predecessors which were 8-bit?
Apple IIGS
Which operating system had a full graphical user interface with a file browser navigated with mouse clicks?
Lisa OS
What is the main reason many forensic examiners lack a good working knowledge of Mac OS systems?
They have more exposure to Windows than to Mac OS.
Who were the three founders of Apple Computer?
Steve Wozniak, Steve Jobs, Ronald Wayne
What was the first computer created by Wozniak for Apple Computer?
Apple I
Which company originally had the right of first refusal on any new inventions by Steve Wozniak?
Hewlett-Packard
How fast was the 8-bit microprocessor in the first Apple computer running?
~1 MHz
What technology did Steve Wozniak's employment contract with Hewlett-Packard lead to being released to him?
The technology of the first Apple computer.
What was the main change with the introduction of Mac OS X?
It was the first Apple operating system to use a Unix clone.
Which product introduced by Apple did not perform well in the market and was discontinued in 1997?
Apple Network Server with AIX system
What was the operating system for the Macintosh computer initially released by Apple in January 1984?
System 7
Which processor speed did the Macintosh have when it was released in January 1984?
8 MHz
What distinguished the Macintosh II from its predecessor, the Macintosh?
Had a color display
In what year did Apple release the Apple Network Server with a variation of the IBM AIX system?
1996
When did Apple change the operating system brand name to macOS?
2016
Which Mac OS version introduced Handoff, allowing interaction between iPhones and Mac OS computers?
Yosemite
What was the main focus of Mac OS X 10.6, Snow Leopard, upon its release in 2009?
Performance enhancements
Which Mac OS version was the last to be named after animals?
Mountain Lion
What was one significant change in Mac OS X v10.7, Lion, regarding its interface?
Making it more like iOS interfaces
Which Mac OS version allowed users to complete unfinished iPhone emails on their Mac OS computer?
Yosemite
What technology supported by Big Sur helps ease the transition to Apple's silicon processor architecture?
File-level encryption
Which Mac OS version included built-in support for iCloud to support cloud computing?
Mountain Lion
Which file system used concepts from the SOS operating system designed for the Apple III?
Hierarchical File System
Which file system introduced to support Apple's new hard drive in 1985?
HFS Standard
Which file system supported filenames of up to 255 characters, unlike the DOS system?
HFS
Which file system was an enhancement of the HFS file system?
Hierarchical File System Plus
Which file system replaced the HFS file system with Mac OS 8.1?
Hierarchical File System Plus
Which file system feature keeps a record of file transactions to aid in file recovery after a crash?
Journaling
What type of link in HFS+ is an inode linking directly to a specific file?
Hard link
Which file system uses Unicode for file naming information encoding?
HFS+
When does an HFS+ file get defragmented upon opening?
If the file is less than 20 megabytes in size and fragmented
What storage system used in HFS+ keeps track of free and in-use allocation blocks?
Catalog file
Which Mac OS feature allows execution of Linux commands through a BASH shell prompt?
Command prompt
In HFS+, what is a significant difference compared to HFS regarding allocation blocks?
HFS uses 16 bits while HFS+ uses 32 bits for allocation blocks.
What file system is used by DVD-ROM discs?
Universal Disk Format
What is a key feature of APFS in comparison to HFS+?
Optimized for flash drives and solid-state drives
Which partition scheme is used primarily with computers that have an Intel-based processor?
GUID Partition Table
Which file system is associated with CDs?
ISO9660
What utility allows one to install additional operating systems alongside Mac OS in a nondestructive manner?
Boot Camp Assistant
What type of drive partition can Mac OS read with read-only support?
NTFS
What does the Apple Partition Map work with?
PowerPC-based Macs
Which Apple device is likely to use APFS as its file system?
iPad Pro (released in 2016)
Which partition scheme requires OS X v10.4 or later?
GUID Partition Table
Which file system has specific extensions developed by Apple?
ISO9660
What should you not create if the system is using APFS according to the text?
Separate partition for Windows dual boot
In Mac OS, support for which file system allows reading floppy disks?
FAT16
What type of information can be found in the /var/spool/cups folder in Mac OS logs?
Details about printed documents
Which log in Mac OS provides data on all mounted volumes, including the dates they were mounted?
/var/log/daily.out
In Mac OS, which folder can give information about devices that have been attached and data from them?
/var/log/daily.out
What is the significance of the /private/var/audit logs in Mac OS forensics?
Logs of system audits, including user login
Which log directory in Mac OS is similar to Linux file structures due to its FreeBSD base?
/var/log
Why is checking logs considered one of the first steps in any forensic examination?
Because logs are essential sources of information in computer examinations
Where can important forensic data be found in Mac OS audit logs?
/private/var/VM Folder
Which folder in Mac OS contains user preferences, including preferences of deleted programs?
/Users//Library/Preferences Folder
In which folder of Mac OS can you find lists of recently opened applications and temporary data used by applications?
/var/vm Folder
Where would you look to find items saved to iCloud in Mac OS?
/Library/Mobile Documents
Which folder in Mac OS is less useful for forensic investigation but can indicate if a patch was applied and when?
/Library/Receipts Folder
Where can you find a log showing a variety of commands executed in the terminal window of Mac OS?
/Users//.bash_history Log
Where can a forensic examiner find information about mounted devices in Mac OS?
/Volumes Directory
Which Mac OS directory should a forensic examiner check primarily for user accounts and associated files?
/Users Directory
In a forensic examination of a Mac machine, where would an examiner look for network properties and servers information?
/Network Directory
Which Mac OS directory is particularly important to check in cases involving malware?
/Applications Directory
Where are configuration files typically located in a Mac OS system that could be of interest in a forensic investigation?
/etc Directory
If an examiner needs data regarding mounted devices like CDs and external disks in Mac OS, which directory should they explore?
/Volumes Directory
Where is the network configuration data for each network card stored in Mac OS?
/Library/Preferences/SystemConfiguration/dom.apple.preferences.plist File
Which Mac OS directory is essential for examining user accounts and associated files?
/Users Directory
Where can an examiner find information about servers, network libraries, and network properties in Mac OS?
/Network Directory
In which Mac OS directory are configuration files located, often manipulated by cybercriminals?
/etc Directory
Where does an examiner need to look to find information on mounted devices like CDs and external disks in Mac OS?
/Volumes Directory
Which directory in Mac OS stores applications and is particularly critical to check in cases involving malware?
/Applications Directory
What is one advantage of using Target Disk Mode in a Mac OS forensic investigation?
It provides a quick inspection on-site before transporting the computer
Which tool can be used in Mac OS forensics to create a bit-level copy of a suspect drive?
EnCase
In Mac OS forensics, what command can be used along with netcat to make a forensic copy of a drive?
dd
What is the primary benefit of placing the suspect computer into Target Disk Mode during imaging?
Prevents writing to the source disk
What differentiates Target Disk Mode from traditional imaging tools like EnCase or Forensic Toolkit in Mac OS forensics?
Provides a way to preview the computer on-site
Which option correctly describes the process of connecting to a suspect computer in Target Disk Mode?
Connect with USB or FireWire for imaging the disk
What is the purpose of using the ls -al command in a Mac OS forensic examination?
To list all the files in virtual memory along with program launch details
Which command should a forensic examiner use to list the device files that are currently in use on a Mac machine?
ls/dev/disk?
In Mac OS forensics, what information can be obtained using the system_profiler SPHardwareDataType command?
Hardware information of the host system
Which directory in Mac OS is particularly important to check for user accounts and associated files during a forensic investigation?
/private/var/audit
What type of information does the date command provide in a Mac OS forensic examination?
Current date and time zone
Why is it essential to know the partitions recognized by a Mac machine upon boot-up in a forensic examination?
To understand the storage allocation blocks on the device
What is the purpose of using the ls -al command in a Mac OS forensic examination?
To list all files in the virtual memory folder along with additional details
What information does the date command provide in a forensic examination on a Mac OS?
Current date and time of the system
Which command should a forensic examiner use to list the device files that are currently in use on a Mac machine?
ls /dev/disk?
Why is it important to document the information from the ls /dev/disk? command before shutting down a Mac system for transport to a forensic lab?
To identify mounted devices on the system
What type of information does the system_profiler SPHardwareDataType command return in a forensic examination on a Mac OS?
Hardware information for the host system
In Mac OS forensics, what does the grep search tool allow an examiner to do in the virtual memory folder?
Search for specific files based on content
Which folder in Mac OS contains the swap file/virtual memory?
/var/vm/
How can a forensic examiner check the partitions recognized by a Mac machine upon boot-up?
ls /dev/disk? command
What is a significant advantage of using shell commands in Mac OS forensic examinations?
To retrieve information from virtual memory
What does the hdiutil partition /dev/disk0 command primarily help in listing during a forensic examination of a Mac system?
Boot drive partition table
What is a critical step to remember when mounting a forensic image as a VM?
Mount it as read-only
Which software mentioned allows the creation of a VM from a forensic image?
OSForensics version 4
In Mac OS forensics, what is the purpose of converting a forensic image to a VM?
To maintain data integrity and prevent modifications
Which tool allows mounting forensic images as read-only VMs using the VM of your choice?
Forensic Explorer
What technique is recommended to examine directories and execute BASH commands in Mac OS forensics when standard tools are insufficient?
Creating a read-only VM from the forensic image
Learn about the Mac OS operating system fundamentals to prepare for forensic analysis. Get insights on the history of Mac OS and key differences from Windows systems.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
