Volafox Mac OS X Memory Analysis Toolkit - SecTechno

May 4, 2014 Forensics, Open-Source, Tools No comments

Volafox Mac OS X Memory Analysis Toolkit

Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:

MAC Kernel version, CPU, and memory specification
Mounted filesystems
Kernel Extensions listing
Process listing
Task listing (Finding process hiding)
Syscall table (Hooking detection)
Mach trap table (Hooking detection)
Network socket listing (Hash table)
Open files listing by process
Show Boot information
EFI System Table, EFI Runtime Services
Print a hostname

Screenshot for volafox (click to enlarge)

You can download the tool on the following link: https://code.google.com/p/volafox/

Related Posts:

Forensics, Mac, Mac OSX, open source, Tool, Tools, Volafox

Subscribe

<img alt='guest' src='https://secure.gravatar.com/avatar/?s=56&d=identicon&r=g' srcset='https://secure.gravatar.com/avatar/?s=112&d=identicon&r=g 2x' class='avatar avatar-56 photo avatar-default' height='56' width='56' />

0 Comments

Inline Feedbacks

View all comments