Volafox Mac OS X Memory Analysis Toolkit

Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:

  • MAC Kernel version, CPU, and memory specification
  • Mounted filesystems
  • Kernel Extensions listing
  • Process listing
  • Task listing (Finding process hiding)
  • Syscall table (Hooking detection)
  • Mach trap table (Hooking detection)
  • Network socket listing (Hash table)
  • Open files listing by process
  • Show Boot information
  • EFI System Table, EFI Runtime Services
  • Print a hostname

volafoxScreenshot for volafox (click to enlarge)

You can download the tool on the following link: https://code.google.com/p/volafox/

Share