Given its popularity, Microsoft Windows remains among the most targeted operating systems. Therefore, various versions of the Windows operating system are adjustable for carrying cyber forensic investigations and acquiring electronic evidence. Considering the mainstream of the system, most computer forensics is Windows-centric. The Windows Registry is a central hierarchical repository for configuration data (incl. (Windows 9x/ME, Windows CE, Windows NT/2000/XP/2003) that contains configuration data to facilitate forensic examiners conduct forensic analysis. The Windows Forensic Environment (referred to Windows FE) is an operating system booted from external sources, including CDs, DVDs, and USBs. Unlike Windows PE, Windows FE is capable of forensically booting a computer system.

Your 20% discount here!

Use your promo and get a custom paper on
Comparing Windows and Macintosh Forensic Investigations

Order Now
Promocode: SAMPLES20

In its turn, Apple Operation System (iOS) is rather spacious to store a vast amount of records, text and browsing history, map searching, messages and chats to facilitate forensic analysts. However, the AppleÆs Macintosh (Mac) platform is not as feasible in terms of forensic investigations. The Mac tools are few and hardly recognizable beyond the Mac application. Furthermore, most of them are inadequate for forensics analysis and rather expensive (Hawkins, 2002).

In practical terms, while a forensic analyst may be relatively comfortable with Windows environments, it takes one much time and effort to investigate the Mac forensics. Nonetheless, both platforms have their own encrypting data options. At that, their own built-in products designed to protect data from unauthorized access substantially differ. In case of the Windows system, a forensic analysis typically embraces the following: Deleted File Recovery, Unallocated Space, Data Carving, Data Wiping, Link Files, Date/Time, Metadata,
Email (web based), Internet History, Windows Registry, Virus / Malware, MD5 Comparison, Signature Analysis, File Listing, Keyword Searching, Document Review, and Graphic File Review. In its turn, Mac deploys the ôsecure empty trashö method to wipe the files from the drive without the possibility of further recovery by any forensic tools (Weber, 2011).

  • Hawkins, P. (2002) ôMacintosh Forensic Analysis Using OS X,ö SANS Institute InfoSec Reading Room, retrieved Oct 2, 2018 from
  • Weber, P (2011). ôMac forensics Is Different,ö retrieved Oct 2, 2018 from