Please see attached document
For Windows OS, Registry keys are extensively used for forensic analysis; do we have similar information in UNIX or Macintosh OSes?
For Windows OS users UNIX or Linux operating systems might seem intimidating to use because of the different interface and design, and this can be no different for the digital evidence examiner who is not familiar with a UNIX system. If an examiner is commonly using Windows he/she would be quite conversant with Registry keys and their importance in forensic analysis, however UNIX or Macintosh operating systems clearly do not have Registry keys to investigate. Much of the configuration of the system and the changes are recorded into log files that can be viewed for examination.
In Windows, the registry is formed when the operating system starts up with the loading of two files namely system.dat and user.dat. Information starts to pour into these files ...
For Windows OS, Registry keys are extensively used for forensic analysis; there is similar information in UNIX or Macintosh Operating Systems