Goldfish

Project: Goldfish

Purpose: MAC OS X automated memory acquisition and analysis tool

Status: Active
License: GNU GPLv3

Developer(s): Pavel Gladyshev, Afrah Almansoori

More information:

Goldfish is a MAC OS X live forensic tool for use by law enforcement. Its main purpose is to provide an easy to use interface to dump system RAM of a target OS X machine via a firewire connection. It then automatically extracts the current user login password and any open AIM conversation fragments that may be available.

Related Publications:

Gladyshev, P. and A. Almansoori (2010). Reliable Acquisition of RAM dumps from Intel-based Apple Mac computers over FireWire. Second International Conference on Digital Forensics and Cyber Crime (ICDF2C). Abu Dhabi, UAE, ICST.

Links:

• Publications
• http://www.springerlink.com/content/l5368587354m3724/
• Websites
• DigitalFIRE Goldfish Project Page
• Goldfish on Foreniscs Wiki