The tools to do this were released at HOPE a few weeks ago, very interesting and very scary. They also mentioned something interesting about the Apple OS’s, whenever you are logged in, the OS keeps a copy of your username and password in cleartext in the RAM. According to them, this was reported to Apple a little over 10 years ago, and they refuse to change it (something about how the UN/PW combo is used for silent elevation, scary on its own…). But when paired with a cold boot attack it is very dangerous.