Volafox Mac OS X Memory Analysis Toolkit
Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:
- MAC Kernel version, CPU, and memory specification
- Mounted filesystems
- Kernel Extensions listing
- Process listing
- Task listing (Finding process hiding)
- Syscall table (Hooking detection)
- Mach trap table (Hooking detection)
- Network socket listing (Hash table)
- Open files listing by process
- Show Boot information
- EFI System Table, EFI Runtime Services
- Print a hostname
Screenshot for volafox (click to enlarge)
You can download the tool on the following link: https://code.google.com/p/volafox/
Subscribe
0 Comments