Volafox, a computer forensics tool for Mac OS X

image courtesy of Victory Investigations

Thanks to a security-related mailing list I follow I’ve come to know this tool – Volafox Mac OS X Memory Analysis Toolkit – that’s a Python powered collection of open source scripts focused in the computer forensics analysis of systems equipped with Mac OS X or some other BSD flavours. This tool may come handy when a system is compromised and during investigations, permitting to be complaint with the best practices and helping in the detection and listing of malware or malicious software in the victim’s computer.

It’s main capabilities are to give information on:

  • MAC Kernel version, CPU, and memory specifications
  • Mounted filesystems
  • Kernel Extensions listing
  • Process listing
  • Task listing (Finding process hiding)
  • Syscall table (Hooking detection)
  • Mach trap table (Hooking detection)
  • Network socket listing (Hash table)
  • Open files listing by process
  • Show Boot information
  • EFI System Table, EFI Runtime Services
  • Print a hostname

Download and project’s documentation is available over the official page on Google Code:

☞ https://code.google.com/p/volafox

One thought on “Volafox, a computer forensics tool for Mac OS X

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.