Volafox - Mac OS X & BSD Memory Analysis Toolkit

Friday, May 30, 2014


Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:

Information

  1. Kernel version, CPU and memory spec, boot/sleep/wakeup time
  2. Mounted filesystems
  3. Process listing and dump address space
  4. KEXT(Kernel Extensions) listing
  5. System Call / Mach Trap Table (Hooking Detection)
  6. Network socket listing
  7. Open files listing by process
  8. PE State information ( Device Tree, Video Memory Area)
  9. EFI information ( EFI System Table, EFI Configuration Table, EFI Runtime Services)
  10. extract keychain master key candidates
  11. TrustedBSD analysis
  12. other command : uname, dmesg ... etc  




Subscribe via e-mail for updates!