Update: The Volatility Team has included my code changes so just grab the latest code to work on a Mavericks or 10.8.5 sample. You will still need the profiles below.
- Check out the latest Volatility code from the repository (v2.3):
- Download the following files and place them in their respective folders:
- And you should be done! It looks like only the check_trap_table plugin has issues, but that should be taken care of soon. Have fun!
svn checkout http://volatility.googlecode.com/svn/trunk/ volatility-read-only
| Mavericks_10.9_AMD.zip | volatility-read-only/volatility/plugins/overlays/mac/Mavericks_10.9_AMD.zip |
| MountainLion_10.8.5_AMD.zip | volatility-read-only/volatility/plugins/overlays/mac/MountainLion_10.8.5_AMD.zip |
| common.py | volatility-read-only/volatility/plugins/mac/common.py |
| lsof.py | volatility-read-only/volatility/plugins/mac/lsof.py |
| netstat.py | volatility-read-only/volatility/plugins/mac/netstat.py |
