This chapter focuses on the static analysis of nonbinary file formats, such as packages, disk images, and scripts, that you’ll commonly encounter while analyzing Mac malware. Packages and disk images are compressed file formats often used to deliver malware to a user’s system. When we come across these compressed file types, our goal is to extract their contents, including any malicious files. These files, for example a malware’s installer, can come in various formats, though most commonly as either scripts or compiled binaries (often within an application bundle). Because of their plaintext readability, scripts are ...