Goldfish

less than 1 minute read

Project: Goldfish

Purpose: MAC OS X automated memory acquisition and analysis tool

Status: Not Active
License: GNU GPLv3

Developer(s): Afrah Almansoori, Pavel Gladyshev

More information:

Goldfish is a MAC OS X live forensic tool for use by law enforcement. Its main purpose is to provide an easy to use interface to dump system RAM of a target OS X machine via a firewire connection. It then automatically extracts the current user login password and any open AIM conversation fragments that may be available.

Related Publications:

Gladyshev, P. and A. Almansoori (2010). Reliable Acquisition of RAM dumps from Intel-based Apple Mac computers over FireWire. Second International Conference on Digital Forensics and Cyber Crime (ICDF2C). Abu Dhabi, UAE, ICST.

Publications

http://www.springerlink.com/content/l5368587354m3724/

Websites

Share on

Twitter Facebook LinkedIn

You may also enjoy

iLEAPP and RLEAPP updates and dev thoughts

2022-08-18 3 minutes to read

Alex (@kviddy) has been pushing some extremely useful updates to the open-source Android forensic tool - [ALEAPP](https://github.com/abrignoni/ALEAPP]. Speci...

What data can you find in RAM?

2022-08-17 3 minutes to read

To determine if you need to collect Random Access Memory on-scene, it is useful to know what kinda of investigation-relevant data is often available in RAM.

Modular artifact scripts coming to iLEAPP

2022-08-13 3 minutes to read

kviddy has been pushing some great core updates to ALEAPP. Specifically, artifact scripts are now self-contained. This means that script authors no longer ne...

Forensic 4:Cast Awards - The real award is DFriends we made along the way

2022-08-12 3 minutes to read

Come hang out with the nominees for the Forensic 4:Cast “Best DFIR Show of the Year”: 13Cubed, I Beg to DFIR, and DFIR Science!