Research on memory forensics for Mac OS X has been conducted over the last couple of years. This paper covers the characteristics of a prevalent piece of Mac malware and diverse analysis techniques based on an ongoing project, Volafox, including general system information view, hidden process detection, hidden KEXT (device driver for Windows) detection, system call and mach trap table hooking detection, and so on. Furthermore, we will deal with efficient rootkit detection methods using memory forensic techniques for Mac.
Hi all,
volafox project will be introduced at Virus Bulletin 2013. It is reserve paper but nice opportunity that show volafox unto malware analyst in world-wide. This paper covers diverse analysis techniques based on memory forensics including hiding process/kext/network session detection, function call table hooking, trustedbsd root kit and so on. For further information, check out the link. ;-)











