Volafox - Mac OS X & BSD Memory Analysis Toolkit
Volafox is an open source toolkit that you can use for Mac OS X and
BSD forensics. The tool is a python based and allows investigating
security incidents and finding information for malwares and any
malicious program on the system. Security analyst can have the following
information using this tool:
Information
- Kernel version, CPU and memory spec, boot/sleep/wakeup time
- Mounted filesystems
- Process listing and dump address space
- KEXT(Kernel Extensions) listing
- System Call / Mach Trap Table (Hooking Detection)
- Network socket listing
- Open files listing by process
- PE State information ( Device Tree, Video Memory Area)
- EFI information ( EFI System Table, EFI Configuration Table, EFI Runtime Services)
- extract keychain master key candidates
- TrustedBSD analysis
- other command : uname, dmesg ... etc
Volafox - Mac OS X & BSD Memory Analysis Toolkit
Reviewed by Zion3R
on
2:07 PM
Rating: