Tag Archives: volitality

How to install Volatility on Mac OS X Mavericks (10.9.2)


Install Xcode
Command Line Tools in the ‘Components’ tab.

Installing Homebrew

ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go)"
brew doctor

Installing XQuartz:
Download installer from http://xquartz.macosforge.org/landing/
Install using the installer downloaded from the website.

Installing Wine with Homebrew

brew install wine

Note: Keeping Wine up-to-date:

brew update
brew upgrade

Installing Wget with Homebrew

brew install wget

Installing pcre with Homebrew

brew install pcre

Installing pip

sudo easy_install pip

Recommended packages

Note: Change ownership of ‘opt’ directory to your user account:

sudo chown -R [USERNAME] /opt
sudo chown -R zam /opt

Installing Distorm3

cd /opt/
wget http://distorm.googlecode.com/files/distorm-package3.1.zip
unzip distorm-package3.1.zip
rm distorm-package3.1.zip
cd /opt/distorm3
python setup.py build
sudo python setup.py install

Installing Yara

cd /opt/
wget http://yara-project.googlecode.com/files/yara-1.7.tar.gz
tar xvzf yara-1.7.tar.gz
rm yara-1.7.tar.gz
mv yara-1.7 yara
cd /opt/yara
./configure CFLAGS=-std=gnu89
sudo make install

Installing Yara-Python

cd /opt/
wget http://yara-project.googlecode.com/files/yara-python-1.7.tar.gz
tar xvzf yara-python-1.7.tar.gz
rm yara-python-1.7.tar.gz
mv yara-python-1.7 yara-python
cd /opt/yara-python
python setup.py build
sudo python setup.py install

Test by running python shell:

>>> import yara

Installing PyCrypto

cd /opt/
wget https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.tar.gz
tar xvzf pycrypto-2.6.tar.gz
rm pycrypto-2.6.tar.gz
mv pycrypto-2.6 pycrypto
cd /opt/pycrypto
python setup.py build
sudo python setup.py install

Installing PIL – Python Imaging Library

brew install libtiff libjpeg webp little-cms2
pip install Pillow

Installing OpenPyxl

sudo pip install openpyxl

Installing Graphviz

brew install libtool

Download: www.graphviz.org/pub/graphviz/stable/macos/mountainlion/graphviz-2.32.0.pkg
Install Graphviz using the installer downloaded.

Optional packages

Installing pytz

wget http://downloads.sourceforge.net/pytz/pytz/2006p/pytz-2006p.zip
unzip pytz-2006p.zip
rm pytz-2006p.zip
mv pytz-2006p pytz
cd /opt/pytz
python setup.py build
sudo python setup.py install

Installing Anaconda:

cd ~/Downloads
wget http://09c8d0b2229f813c1b93-c95ac804525aac4b6dba79b00b39d1d3.r79.cf1.rackcdn.com/Anaconda-1.6.1-MacOSX-x86_64.sh
bash Anaconda-1.6.1-MacOSX-x86_64.sh

Installing IPython:

conda update conda
conda update ipython

Installing pyxpress:

mkdir pyxpress
cd /opt/pyxpress
wget https://rekall.googlecode.com/git/contrib/pyxpress/README
wget https://rekall.googlecode.com/git/contrib/pyxpress/pyxpress.c
wget https://rekall.googlecode.com/git/contrib/pyxpress/setup.py
python setup.py build
sudo python setup.py install

Installing libforensic1394:

cd /opt/
git clone git://git.freddie.witherden.org/forensic1394.git
cd forensic1394

Download: www.cmake.org/files/v2.8/cmake-

Install CMake:

cmake CMakeLists.txt
sudo make install
cd python
sudo python setup.py install

Installing Sysinternals Strings:

cd /opt/
mkdir Tools
cd /opt/Tools
wget http://download.sysinternals.com/files/Strings.zip
unzip Strings.zip
rm Strings.zip && rm Eula.txt


Installing Volatility 2.3_beta

cd /opt/
sudo svn checkout http://volatility.googlecode.com/svn/trunk Volatility
cd /opt/Volatility
python setup.py build
sudo python setup.py install
sudo chmod +x vol.py

Finished! You can run it by using this command:

$ python vol.py

Reference: http://www.evild3ad.com/2459/how-to-install-volatility-on-mac-os-x-version-10-8-4/