David,

It is not intentional for volatility.plugins.overlays.mac to be missing from setup.py (it was probably missed when merging the old mac branch into trunk). However, unless you plan on using volatility as a library (i.e. importing it from other Python scripts), you don't need setup.py at all.

$ svn checkout https://volatility.googlecode.com/svn/trunk/ volatility

$ cd volatility

$ cp <PATH TO YOUR PROFILE>/Mac10.6.zip volatility/plugins/overlays/mac

$ python vol.py --info | grep Mac

Before the 2.3 release, setup.py will be fixed in case you do plan on installing volatility as a library. Also, pre-built Mac profiles for all common OS X kernels will be available at that time, so you won't need to build your own.

MHL

On Sun, Feb 24, 2013 at 2:42 PM, David Kovar <dkovar@gmail.com> wrote:

Greetings,

I was adding OS X support to my copy of Volatility per the instructions on https://code.google.com/p/volatility/wiki/MacMemoryForensics. It went well but I thought I'd pull the most recent version while I was at it.

Mac support went away when I did so. setup.py is now missing:

"volatility.plugins.overlays.mac",

Even when I add that back, vol.py --info doesn't show the OS X profiles.

Is this intentional? Is there a different version that I should be using?

Thanks!

-David

_______________________________________________
Vol-users mailing list
Vol-users@volatilesystems.com
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users