Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:
Information
- Kernel version, CPU and memory spec, boot/sleep/wakeup time
- Mounted filesystems
- Process listing and dump address space
- KEXT(Kernel Extensions) listing
- System Call / Mach Trap Table (Hooking Detection)
- Network socket listing
- Open files listing by process
- PE State information ( Device Tree, Video Memory Area)
- EFI information ( EFI System Table, EFI Configuration Table, EFI Runtime Services)
- extract keychain master key candidates
- TrustedBSD analysis
- other command : uname, dmesg ... etc
