Knowing the hierarchical organisation of a file system of a determined operating system is very important for every person that works in security.
This is the normal structure of the Apple file system.
For this we consider that the system has the User1 created.
Hidden folders will be coloured in green.
Normal viewable folders will be coloured in Purple.
/ – the root path of the file system.
/Applications – This directory is where you install apps intended for use by all users of a computer.
/Network – This directory contains the list of computers in the local area network.
/System – This directory contains the system resources required by OS X to run.
/Users – This directory contains one or more user home directories.
/Users/User1/Applications – Contains user-specific apps
/Users/User1/Desktop – Contains the items on the user’s desktop.
/Users/User1/Documents – Contains user documents and files.
/Users/User1/Downloads – Contains files downloaded from the Internet.
/Users/User1/Library – Contains user-specific app files (hidden in OS X v10.7 and later)
/Users/User1/Movies – Contains the user’s video files.
/Users/User1/Music – Contains the user’s music files.
/Users/User1/Pictures – Contains the user’s photos.
/Users/User1/Public – Contains content the user wants to share.
/Users/User1/Sites – Contains web pages used by the user’s personal site.
/bin - Contains essential command-line binaries. Typically, you execute these binaries from command-line scripts.
/dev - Contains essential device files, such as mount points for attached hardware.
/etc - Contains host-specific configuration files.
- Contains essential system binaries.
- Contains temporary files created by apps and the system.
- Contains non-essential command-line binaries, libraries, header files, and other data.
- Contains log files and other files whose content is variable. (Log files are typically viewed using the Console app.)
/Volumes – It is the mount point of all drives connected to the system
/Private – destination of some symbolic links
/Net – shortcut access to network drives
/Cores – Directory for the Core Dumps
/Trashes – Everything that we have putted on trash
/Spotlight – Information related with spotlight
/Developer – Path to old Xcode information
There are two primary techniques for identifying the type of content in a file:
- Uniform Type Identifiers (UTIs) – string that uniquely identifies a class of entities considered to have a “type.” UTIsprovide consistent identifiers for data that all apps and services can recognise and rely upon.
public.text—A public type that identifies text data.
public.jpeg—A public type that identifies JPEG image data.
com.apple.bundle—An Apple type that identifies a bundle directory.
com.apple.application-bundle—An Apple type that identifies a bundled app.
- Filename extensions – A filename extension is a string of characters appended to the end of a file and separated from the main filename with a period.