Update: The Volatility Team has included my code changes so just grab the latest code to work on a Mavericks or 10.8.5 sample. You will still need the profiles below.
- Check out the latest Volatility code from the repository (v2.3):
- Download the following files and place them in their respective folders:
- And you should be done! It looks like only the check_trap_table plugin has issues, but that should be taken care of soon. Have fun!
svn checkout http://volatility.googlecode.com/svn/trunk/ volatility-read-only
Mavericks_10.9_AMD.zip | volatility-read-only/volatility/plugins/overlays/mac/Mavericks_10.9_AMD.zip |
MountainLion_10.8.5_AMD.zip | volatility-read-only/volatility/plugins/overlays/mac/MountainLion_10.8.5_AMD.zip |
common.py | volatility-read-only/volatility/plugins/mac/common.py |
lsof.py | volatility-read-only/volatility/plugins/mac/lsof.py |
netstat.py | volatility-read-only/volatility/plugins/mac/netstat.py |
No comments:
Post a Comment