Volafox

volafox project is most famous memory forensic toolkit for Mac OS X. This programs have been developed with the python language. volafox analyze physical memory image on Intel x86 and IA-32e. If you use this tool for digital investigation, you can find information related rootkit and malware. and dump it on your evidence(memory image). volafox project has two programs between volafox(Mac OS X) and volafunx(FreeBSD). For further information, please check a link

Lastest version : volafox-0.9 – README

 

Volafunx

volafunx, another tool in volafox project, is unique tool for analyzing FreeBSD memory image. It have been developed with the python language. volafunx support Intel x86 & IA-32e architecture. It is experimental project now.

GPT Parser

GPT is partition management method on EFI environment replaced BIOS. this tool can parse the Primary/backup GPT Header and each partition table entry. also, it can check CRC32 value for validation and provide partition type based on Partition GUID. For further information, please check a link

PE Viewer

Basic Tool for analyzing PE File Format. It is prototype tool and copy design with PeID ;p

Chain Breaker

Chain Breaker is tool that parse keychain structure called apple database and extract user’s confidential information. It show various information that application account/password, encrypted volume password(e.g. filevault), various communication protocol used authentication and so on. link

walitean

waliten, WAL for SQLite Analyzer, is write-ahead log analyzer for digital investigator. Write-Ahead Logging is journaling method for SQLite Database. Investigator can assume database action has happened recently though walitean. Please check a link