Tails - The Amnesic Incognito Live System Released

volafox-mac-os-x-bsd-memory-analysis

Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:

Information
  • Kernel version, CPU and memory spec, boot/sleep/wakeup time
  • Mounted filesystems
  • Process listing and dump address space
  • KEXT(Kernel Extensions) listing
  • System Call / Mach Trap Table (Hooking Detection)
  • Network socket listing
  • Open files listing by process
  • PE State information ( Device Tree, Video Memory Area)
  • EFI information ( EFI System Table, EFI Configuration Table, EFI Runtime Services)
  • extract keychain master key candidates
  • TrustedBSD analysis
  • other command : uname, dmesg ... etc  

Download Volafox

If you are like to add your tool in our blog feel free to contact us. We are always ready to add it for free.

Post a Comment