Does a MacOS filesystem log reads (mounted read only) if not natively booted? And does Mac BIOS setting for USB boot or an encrypted filesystem/storage remain an obstacle to a viable attack vector?  

I'm not a hacker or a Mac user since long ago. I'm an defender of opsec for self and those who value it.