Mac Memory Reader is a simple command-line utility to capture the contents of physical RAM on a suspect computer, letting an investigator gather volatile state information prior to shutting the machine down.  Results are stored in a Mach-O binary file for later off-line analysis by the investigator.

Mac Memory Reader is available free of charge.  It executes directly on 32- and 64-bit target machines running Mac OS X 10.4 through 10.7 and requires a PowerPC G4 or newer or any Intel processor.

Software Instructions

Please read the README.txt file, included in the download, before using the software.

License

By using this software, you agree to the terms in the LICENSE.txt file included in the download and reproduced here.

Download

Mac Memory Reader 3.0.0 [released November 2011]

Mac Marshal™

Mac Memory Reader is the basis for the physical RAM acquisition tools in ATC-NY's Mac Marshal, a computer forensic tool for Mac OS X investigations.