Requirements

Install Xcode
Command Line Tools in the ‘Components’ tab.

Installing Homebrew

ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go)"
brew doctor

Installing XQuartz:
Download installer from http://xquartz.macosforge.org/landing/
Install using the installer downloaded from the website.

Installing Wine with Homebrew

brew install wine

Note: Keeping Wine up-to-date:

brew update
brew upgrade

Installing Wget with Homebrew

brew install wget

Installing pcre with Homebrew

brew install pcre

Installing pip

sudo easy_install pip

Recommended packages

Note: Change ownership of ‘opt’ directory to your user account:

sudo chown -R [USERNAME] /opt
e.g.:
sudo chown -R zam /opt

Installing Distorm3

cd /opt/
wget http://distorm.googlecode.com/files/distorm-package3.1.zip
unzip distorm-package3.1.zip
rm distorm-package3.1.zip
cd /opt/distorm3
python setup.py build
sudo python setup.py install

Installing Yara

cd /opt/
wget http://yara-project.googlecode.com/files/yara-1.7.tar.gz
tar xvzf yara-1.7.tar.gz
rm yara-1.7.tar.gz
mv yara-1.7 yara
cd /opt/yara
./configure CFLAGS=-std=gnu89
make
sudo make install

Installing Yara-Python

cd /opt/
wget http://yara-project.googlecode.com/files/yara-python-1.7.tar.gz
tar xvzf yara-python-1.7.tar.gz
rm yara-python-1.7.tar.gz
mv yara-python-1.7 yara-python
cd /opt/yara-python
python setup.py build
sudo python setup.py install

Test by running python shell:

python
>>> import yara

Installing PyCrypto

cd /opt/
wget https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.tar.gz
tar xvzf pycrypto-2.6.tar.gz
rm pycrypto-2.6.tar.gz
mv pycrypto-2.6 pycrypto
cd /opt/pycrypto
python setup.py build
sudo python setup.py install

Installing PIL – Python Imaging Library

brew install libtiff libjpeg webp little-cms2
pip install Pillow

Installing OpenPyxl

sudo pip install openpyxl

Installing Graphviz

brew install libtool

Download: www.graphviz.org/pub/graphviz/stable/macos/mountainlion/graphviz-2.32.0.pkg
Install Graphviz using the installer downloaded.

Optional packages

Installing pytz

cd/opt/
wget http://downloads.sourceforge.net/pytz/pytz/2006p/pytz-2006p.zip
unzip pytz-2006p.zip
rm pytz-2006p.zip
mv pytz-2006p pytz
cd /opt/pytz
python setup.py build
sudo python setup.py install

IPython
Installing Anaconda:

cd ~/Downloads
wget http://09c8d0b2229f813c1b93-c95ac804525aac4b6dba79b00b39d1d3.r79.cf1.rackcdn.com/Anaconda-1.6.1-MacOSX-x86_64.sh
bash Anaconda-1.6.1-MacOSX-x86_64.sh

Installing IPython:

conda update conda
conda update ipython

Installing pyxpress:

cd/opt/
mkdir pyxpress
cd /opt/pyxpress
wget https://rekall.googlecode.com/git/contrib/pyxpress/README
wget https://rekall.googlecode.com/git/contrib/pyxpress/pyxpress.c
wget https://rekall.googlecode.com/git/contrib/pyxpress/setup.py
python setup.py build
sudo python setup.py install

Installing libforensic1394:

cd /opt/
git clone git://git.freddie.witherden.org/forensic1394.git
cd forensic1394

Download: www.cmake.org/files/v2.8/cmake-2.8.11.2-Darwin64-universal.dmg

Install CMake:

cmake CMakeLists.txt
sudo make install
cd python
sudo python setup.py install

Installing Sysinternals Strings:

cd /opt/
mkdir Tools
cd /opt/Tools
wget http://download.sysinternals.com/files/Strings.zip
unzip Strings.zip
rm Strings.zip && rm Eula.txt

Volatility

Installing Volatility 2.3_beta

cd /opt/
sudo svn checkout http://volatility.googlecode.com/svn/trunk Volatility
cd /opt/Volatility
python setup.py build
sudo python setup.py install
sudo chmod +x vol.py

Finished! You can run it by using this command:

$ python vol.py

Reference: http://www.evild3ad.com/2459/how-to-install-volatility-on-mac-os-x-version-10-8-4/

By zam

One thought on “How to install Volatility on Mac OS X Mavericks (10.9.2)”
  1. Brew seems pretty awesome, but A lot of the google code repositories are no longer valid. Is there anyway you can update this procedure? Thanks.

Any Comments?

This site uses Akismet to reduce spam. Learn how your comment data is processed.