Re: Can volatile RAM still contain evidence?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Quoted text here. Click to load it

You are presumably reacting 10 months late to the paper:

Lest We Remember: Cold Boot Attacks on Encryption Keys

I and many others consider this paper to be sensationalist and even
somewhat dishonest, and are especially dismayed that it was thrust out in
a shameless self-promoting way without peer review.  The kindest thing
that can be said for it is that, while it introduced nothing new, it
reminded people of a long-known effect, RAM remanence.

It has been known at least snce the 1970s that RAM preserves state for
some time after removal of power (RAM is, after all, essentially just
capacitors) and the the length of time before full discharge is extended
by cooling.

With that out of the way, it can be said that, for most modern RAM
memory, waiting about a minute after power off is more than sufficient to
ensure that RAM is not recoverable. (If you think you may be subject to a
no-knock raid, harden your machine with automatic shutoff and obstacles
to memory access that will take at least a minute.)

For extreme paranoids the following "double shutdown" drill removes all
doubt:  Shut off the computer normally, reboot it from a CD and run a
memory zeroisation program, and then shut down for the second final time.  
(If your BIOS supports a "long memory check on POST" option, then the
shutdown-reboot-shutdown-again drill does not require a CD, zeroisation
software, etc. Just shutdown-reboot with long memory test-shutdown).

For learning about additional subtleties, google is your friend.


Site Timeline