I will introduce the volafox and new tool at CodeGate 2013 (4. April). The topic of the presentation is “keychain analysis from digital forensic perspective”.
This topic focus on method of more elegant keychain analysis and extracting master key candidates from Mac memory image.
A new tool called the (Key)Chain Breaker. It is powerful analysis toolkit that extracts user credential on keychain. If investigator has disk and memory image, He will get various information (e.g. key, user account generated from application, web autofill data, ssh/ftp account …) from it.
Chain Breaker a.k.a keychain analysis toolkit will be committed to GitHub or be integrated into the volafox project.
Slide will be uploaded to slideshare or other sharing site after presentation.
See you at the CodeGate 2013 ;-)