From the course: Operating System Forensics
Join today to access over 25,200 courses taught by industry experts.
Apple hands-on
From the course: Operating System Forensics
Apple hands-on
- [Instructor] It's time to do some hands-on again. Apple files consist of two parts called data fork and resource fork. As its name suggests, data fork stores file data created by users through applications like word processors and spreadsheets. Resource fork contains file metadata and application-specific information such as icons and window locations. Let's try this out. Open your terminal and locate your favorite folder. Let's pick a file. Here I already created a file called apple.jpg. Type ls -l@ apple.jpg. Press Enter. Do you see the line starting with com.apple.metadata? These are the information stored in the resource fork _kMDItemUserTags contains the names and colors of associated Finder tags. Finder tags allow MacOS users to categorize their files by assigning specific colors to them. An example Finder use would be to attach a color like blue to all the documents to be reviewed by your coworker. The number 42 next to the file attribute is the size of the space needed to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.