Showing applications, documents, and severs a user most recently accessed can help direct an investigator to files of interest or help show intent. By default, Mac OS X keeps track of the last 10 applications, documents, and servers used. The user can increase of decrease this number but most leave it set to the default state.
You can use the MacForensicsLab Analyze function to explore the following file: ~/Library/Preferences/com.apple.recentitems.plist Inside this file you will find recent applications, documents, and servers accessed on the suspect computer. The lists includes applications and documents on local and network drives and include the user that accessed the file (sometimes the user is different if it was accessed on remote server). It also shows PC shared files accessed through a Workgroup and the access path used to open the files. Some of the file pathnames could be the most forensically useful as well as applications used and documents opened.