Volafox – Mac OS X & BSD Memory Analysis Toolkit

Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:


  1. Kernel version, CPU and memory spec, boot/sleep/wakeup time
  2. Mounted filesystems
  3. Process listing and dump address space
  4. KEXT(Kernel Extensions) listing
  5. System Call / Mach Trap Table (Hooking Detection)
  6. Network socket listing
  7. Open files listing by process
  8. PE State information ( Device Tree, Video Memory Area)
  9. EFI information ( EFI System Table, EFI Configuration Table, EFI Runtime Services)
  10. extract keychain master key candidates
  11. TrustedBSD analysis
  12. other command : uname, dmesg … etc  

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s