Friday, February 22, 2008

“Lest We Remember: Cold Boot Attacks on Encryption Keys"

Seems like a team of Princeton students have put together a very well done website, research paper (pdf) and video regarding acquiring RAM. The jist of these items shows: Information stays in RAM after power loss and then degrades, cooling DRAM Chips will help prevent the decay of volatile memory and keys to Full Disk Encryption can be obtained by capturing RAM.

The online community has definitely weighed in:
Slashdot Replies: Over 300 Comments Over 121 Comments
I even received an email message from Multimedia Forensics regarding this new information.

I think my prior blogpost regarding the “Guillotine Method” of RAM Acquisition is the perfect twin to their basic premises except the Guillotine Method is really a “HOT Boot”.

SO at least I can say, “…I remembered... RAM Capture can be Valuable to Forensic Examiners””

No comments: