# $Id: Portfile 70206 2010-08-01 23:28:25Z ryandesign@macports.org $ PortSystem 1.0 PortGroup python 1.0 name volatility version 2.3.1 categories security platforms darwin maintainers yahoo.fr:jul_bsd openmaintainer license GPL-2+ description collection of tools for the extraction of digital \ artifacts from volatile memory (RAM) samples long_description The Volatility Framework is a completely open collection \ of tools for the extraction of digital artifacts from \ volatile memory (RAM) samples. The extraction techniques \ are performed completely independent of the system being \ investigated but offer unprecedented visibilty into the \ runtime state of the system. The framework is intended \ to introduce people to the techniques and complexities \ associated with extracting digital artifacts from \ volatile memory samples and provide a platform for \ further work into this exciting area of research. homepage https://code.google.com/p/volatility/ distfiles-append MacProfilesAll.zip supported_archs noarch python.versions 26 27 python.default_version 27 depends_run-append port:yara post-patch { reinplace "s|import sys|import sys\\\nsys.path.append('${python.pkgd}')|" \ ${worksrcpath}/volatility reinplace "s|^#!c:\\\\python\\\\python.exe|#!${python.bin}|" \ ${worksrcpath}/volatility } post-destroot { xinstall -d ${destroot}${prefix}/share/doc/${name} xinstall -m 644 -W ${worksrcpath} \ AUTHORS.txt \ CHANGELOG.txt \ CREDITS.txt \ LEGAL.txt \ LICENSE.txt \ README.txt \ ${destroot}${prefix}/share/doc/${name} xinstall -d ${destroot}${prefix}/share/examples/${name} copy ${distpath}/MacProfilesAll.zip ${destroot}${prefix}/share/examples/${name}/ } if {${subport} eq ${name}} { master_sites googlecode checksums volatility-${version}.tar.gz \ rmd160 621de1bf164e604314baeca42de9114c5289e67a \ sha256 bb1411fc671e0bf550a31e534fb1991b2f940f1dce1ebe4ce2fb627aec40726c \ MacProfilesAll.zip \ rmd160 b52ed3412093f72b75a2cc167a589c49d2cf3d6f \ sha256 455815a7b51e7ff1d6cbcae1850433174020687d0c3cd080fd81d2def21a789b } subport ${name}-devel { conflicts ${name} fetch.type svn svn.url http://volatility.googlecode.com/svn/trunk ## Note: currently not tag/branch outside of releases svn.revision r3588 worksrcdir trunk checksums MacProfilesAll.zip \ rmd160 b52ed3412093f72b75a2cc167a589c49d2cf3d6f \ sha256 455815a7b51e7ff1d6cbcae1850433174020687d0c3cd080fd81d2def21a789b } notes " You may need some kernel profile depending on memory image you want to analyze. See https://code.google.com/p/volatility/wiki/MacMemoryForensics " livecheck.type regex livecheck.regex "Download the latest release: Volatility Framework (\\d+(?:\\.\\d+)*)"