Initially Apple Inc released OS X Server in 1999, their first Unix-based operating system, designed for server systems. The X denotes the operating system as the tenth version, replacing Mac OS 9. The first version designed for Mac desktop machines was released by Apple in 2001.
At the time OS X was released, all Apple computers were PowerPC based, using Motorola processors. In 2006 Apple announced they were switching to use Intel processors for all subsequent computers. The next two releases of OS X were available for installation on both the new Intel based computers and old PowerPC units. Subsequent to this, all Apple computer are now exclusively 64 bit processors, avoiding the extra design and maintenance issues caused by also supporting 32 bit processors.
HFS+ remains the default file system, despite a the major a major design change of the operating system core. Apple Inc have also since added additional support for reading and writing to FAT32, ExFAT and NTFS file system, often used on external USB and Thunderbolt drives, all of which are well-known, for which DiskEng provide comprehensive data recovery support.
Apple Mac User Base
The most typical use for Apple Mac computers has for many years been graphical design, photo manipulation, video editing, web design and desktop publishing. Although the move to the Intel processor in Mac systems has improved support for the latest games, Windows systems are still the more popular choice for gaming.
With only an 8.5% market share in the desktop market, Apple computers were not considered as a typical target for virus and malware creators, particularly for PowerPC based systems. For many years Apple Inc used this in their marketing literature. The writers of malware however switched their focus when Apple made an ill-advised announcement, stating their computers were hack proof. It was also noted that the price of an Apple system to an equivalent PC is much higher, meaning they are considered better targets for malware. The malware creators set about taking advantage of any loopholes and by 2016 the first occurrence of ransomware on a Mac was seen.
Apple Mac Computers and Data Recovery
Data recoveries from Apple systems are almost entirely from HFS Plus file systems, the default file system for use on internal hard disk drives. Although there has been a significant increase in the occurrence of malware infections, the majority of data recoveries are the result of hardware failures of the hard disk drive.
Despite the increase in malware infected hard disk drives from which the operating system is unable to start, or the file system mount, the rate of successful recovery is extremely high. Fortunately, all the examples we have seen thus far have only damaged and many cases relocated file system metadata structures, without destroying the content of the data files, although the recovery process in these cases can be extremely complex.
Another source of drives arriving for data recovery is due to user error, where a data drive is incorrectly reinitialised, or reformatted. There are many erroneous claims about the recoverability of the HFS+ file system, mainly due to low level of fragmentation inherent in the design and implementation in the operating system core. Unfortunately, if an HFS+ file system is reformatted, the metadata areas are completely rewritten, destroying important data which is needed for rebuilding the file system. The only option available in such cases is a raw data trawl for known file signatures, for which filenames are lost, while the overall yield of recoverable files is variable, being dependent upon the level of fragmentation.