less than 1 minute read

Project: Goldfish
Purpose: MAC OS X automated memory acquisition and analysis tool
Status: Not Active
License: GNU GPLv3
Developer(s): Afrah Almansoori, Pavel Gladyshev

More information:
Goldfish is a MAC OS X live forensic tool for use by law enforcement. Its main purpose is to provide an easy to use interface to dump system RAM of a target OS X machine via a firewire connection. It then automatically extracts the current user login password and any open AIM conversation fragments that may be available.

Related Publications:

Gladyshev, P. and A. Almansoori (2010). Reliable Acquisition of RAM dumps from Intel-based Apple Mac computers over FireWire. Second International Conference on Digital Forensics and Cyber Crime (ICDF2C). Abu Dhabi, UAE, ICST.