Results are out! Find what you need...fast. Get quick advice or join the chat
Hey there Sign in to join this conversationNew here? Join for free

For how long after shutdown does data remain in RAM?

This thread is sponsored by:
Announcements Posted on
Applying to Uni? Let Universities come to you. Click here to get your perfect place 20-10-2014
    • Thread Starter
    • 11 followers
    Offline

    ReputationRep:
    I'm curious about this.

    I know RAM is generally given the name "volatile memory", but some of you will know this is not completely true. It's been proven that data stored in RAM still remains for a short while after power loss. Police have been known to use "cold boot attacks" when they raid houses where they believe the suspect to have illegal data. They put the chips in liquid nitrogen and the data in this state can remain for days or even weeks - so plenty of time for them to get it back to the labs and recover what the suspect has been looking at.

    Does anyone know more about this? I'm not really into computer science normally but I find data remanence and security pretty interesting topics when it comes to computers.
    • 0 followers
    Offline

    ReputationRep:
    (Original post by vedderfan94)
    I.
    Yup you are right :laugh:. However recent developments in ram technology may change things. They have developed RAM that doesn't lose memory once turned off

    This was one of the ways they cracked encryption software such as true crypt and Microsoft bitlocker.

    However there is a time period in which the memory will be lost i personally don't know but would of course depend on the system. You should have a read on the web their is some good articles out there.

    Here is one:

    http://www.theregister.co.uk/2008/02...f_unbitlocker/
    • 32 followers
    Offline

    ReputationRep:
    What are you trying to hide would be my first question? :cool: No one asks a question like that unless they're planning on hiding something

    Following on from theregister article posted above by FinalMH you can read the original research here: https://citp.princeton.edu/research/memory/ It includes the full paper in pdf format plus experiment guide, source code, and some videos/images. There are some steps you can take however to protect against cold boot attacks. For instance fully powering down the machine every time and waiting a while (few minutes) before you leave it or by using TAILS which scrubs the RAM during shutdown thus guarding somewhat against cold boot attacks.

    In any case many have described cold boot attacks as alarmist nonsense: http://searchsecurity.techtarget.com...-is-over-hyped truth be told there's a multitude of different ways of nabbing the keys or data that require a lot less effort. For instance the simple approach...



    If they want your data they'll simply blackmail it out of you and twist the screws until you squirm.
    • 0 followers
    Offline

    ReputationRep:
    Temperature is the main variable, as is why when talking about trying to grab truecrypt encryption keys from memory the memory modules are frozen to slow the process. Realistically the for complete loss could be a while depending on how much ram you have, but at least some of the information would have disappeared after a matter of minutes.
    • 62 followers
    Offline

    ReputationRep:
    (Original post by vedderfan94)
    I'm curious about this.

    I know RAM is generally given the name "volatile memory", but some of you will know this is not completely true. It's been proven that data stored in RAM still remains for a short while after power loss. Police have been known to use "cold boot attacks" when they raid houses where they believe the suspect to have illegal data. They put the chips in liquid nitrogen and the data in this state can remain for days or even weeks - so plenty of time for them to get it back to the labs and recover what the suspect has been looking at.

    Does anyone know more about this? I'm not really into computer science normally but I find data remanence and security pretty interesting topics when it comes to computers.
    As a proof of concept, cold boot does work, but in the real world, it's pretty impractical, not to mention that it's not reliable. Certainly in the UK and US, investigators wouldn't even consider trying this - they'd keep the machines powered on as far as practically possible and use the courts (or $5 spanners) to get your encryption keys.

Reply

Submit reply

Register

Thanks for posting! You just need to create an account in order to submit the post
  1. this can't be left blank
    that username has been taken, please choose another Forgotten your password?
  2. this can't be left blank
    this email is already registered. Forgotten your password?
  3. this can't be left blank

    6 characters or longer with both numbers and letters is safer

  4. this can't be left empty
    your full birthday is required
  1. By joining you agree to our Ts and Cs, privacy policy and site rules

  2. Slide to join now Processing…

Updated: April 20, 2012
New on TSR

Join the Welcome Squad

Become a part of the TSR team!

Article updates
Reputation gems:
You get these gems as you gain rep from other members for making good contributions and giving helpful advice.