Which statement best describes the role of the /var/log folder in the context of the provided material?

• A. It stores user documents and media files
• B. It contains logs related to system operations and mounting of volumes, such as daily.out
• C. It stores software installer packages
• D. It contains the Windows registry equivalents for macOS

Answer: (B)

Logs produced by the OS and services belong in /var/log. This directory is where the system stores event records, including startup messages, daemon activity, kernel messages, and operations around mounting and unmounting volumes. The example daily.out represents the kind of log file you’d find there, documenting daily system operations and mount events. That makes it the best description of the folder’s role. Other options describe different data types: user documents live in the user’s home area, software installers are kept in package managers or application directories, and Windows registry equivalents don’t exist in macOS, which uses different configuration storage. In forensic practice, /var/log is crucial because it preserves time-stamped records of what happened on the system, aiding the reconstruction of events and system state.