Requirements
Install Xcode
Command Line Tools in the ‘Components’ tab.
Installing Homebrew
ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go)" brew doctor
Installing XQuartz:
Download installer from http://xquartz.macosforge.org/landing/
Install using the installer downloaded from the website.
Installing Wine with Homebrew
brew install wine
Note: Keeping Wine up-to-date:
brew update brew upgrade
Installing Wget with Homebrew
brew install wget
Installing pcre with Homebrew
brew install pcre
Installing pip
sudo easy_install pip
Recommended packages
Note: Change ownership of ‘opt’ directory to your user account:
sudo chown -R [USERNAME] /opt e.g.: sudo chown -R zam /opt
Installing Distorm3
cd /opt/ wget http://distorm.googlecode.com/files/distorm-package3.1.zip unzip distorm-package3.1.zip rm distorm-package3.1.zip cd /opt/distorm3 python setup.py build sudo python setup.py install
Installing Yara
cd /opt/ wget http://yara-project.googlecode.com/files/yara-1.7.tar.gz tar xvzf yara-1.7.tar.gz rm yara-1.7.tar.gz mv yara-1.7 yara cd /opt/yara ./configure CFLAGS=-std=gnu89 make sudo make install
Installing Yara-Python
cd /opt/ wget http://yara-project.googlecode.com/files/yara-python-1.7.tar.gz tar xvzf yara-python-1.7.tar.gz rm yara-python-1.7.tar.gz mv yara-python-1.7 yara-python cd /opt/yara-python python setup.py build sudo python setup.py install
Test by running python shell:
python >>> import yara
Installing PyCrypto
cd /opt/ wget https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.tar.gz tar xvzf pycrypto-2.6.tar.gz rm pycrypto-2.6.tar.gz mv pycrypto-2.6 pycrypto cd /opt/pycrypto python setup.py build sudo python setup.py install
Installing PIL – Python Imaging Library
brew install libtiff libjpeg webp little-cms2 pip install Pillow
Installing OpenPyxl
sudo pip install openpyxl
Installing Graphviz
brew install libtool
Download: www.graphviz.org/pub/graphviz/stable/macos/mountainlion/graphviz-2.32.0.pkg
Install Graphviz using the installer downloaded.
Optional packages
Installing pytz
cd/opt/ wget http://downloads.sourceforge.net/pytz/pytz/2006p/pytz-2006p.zip unzip pytz-2006p.zip rm pytz-2006p.zip mv pytz-2006p pytz cd /opt/pytz python setup.py build sudo python setup.py install
IPython
Installing Anaconda:
cd ~/Downloads wget http://09c8d0b2229f813c1b93-c95ac804525aac4b6dba79b00b39d1d3.r79.cf1.rackcdn.com/Anaconda-1.6.1-MacOSX-x86_64.sh bash Anaconda-1.6.1-MacOSX-x86_64.sh
Installing IPython:
conda update conda conda update ipython
Installing pyxpress:
cd/opt/ mkdir pyxpress cd /opt/pyxpress wget https://rekall.googlecode.com/git/contrib/pyxpress/README wget https://rekall.googlecode.com/git/contrib/pyxpress/pyxpress.c wget https://rekall.googlecode.com/git/contrib/pyxpress/setup.py python setup.py build sudo python setup.py install
Installing libforensic1394:
cd /opt/ git clone git://git.freddie.witherden.org/forensic1394.git cd forensic1394
Download: www.cmake.org/files/v2.8/cmake-2.8.11.2-Darwin64-universal.dmg
Install CMake:
cmake CMakeLists.txt sudo make install cd python sudo python setup.py install
Installing Sysinternals Strings:
cd /opt/ mkdir Tools cd /opt/Tools wget http://download.sysinternals.com/files/Strings.zip unzip Strings.zip rm Strings.zip && rm Eula.txt
Volatility
Installing Volatility 2.3_beta
cd /opt/ sudo svn checkout http://volatility.googlecode.com/svn/trunk Volatility cd /opt/Volatility python setup.py build sudo python setup.py install sudo chmod +x vol.py
Finished! You can run it by using this command:
$ python vol.py
Reference: http://www.evild3ad.com/2459/how-to-install-volatility-on-mac-os-x-version-10-8-4/
Brew seems pretty awesome, but A lot of the google code repositories are no longer valid. Is there anyway you can update this procedure? Thanks.