I’m taking a very short break from my Ph.D. preliminary exam to write a short post about this, because it’s so cool :) .

The Center for Information Security Policy at Princeton has published a very interesting paper on recovering encryption keys by imaging memory after a computer has been forcibly shut down:

Modern RAM chips hold state for longer than most people expect after power has been removed. I became aware of this a while back, and after testing it out, found that the time varied wildly between computers. When I did this, I used a minimal linux boot CD to write a known string to memory over and over again, filling it up. Then I’d pull power, leave it off for a short while, then boot back up and see if I could find the string in memory again. On the desktop machine I tested it on, the string would stay in memory for a few seconds with the power off. Amazingly, with my Latitude C400 laptop, it would stay in memory for a good 10 minutes (with no battery or wall power).

It’s really fun stuff, and it’s nice to see it fleshed out way better than my own limited experiments.

  One Response to “Imaging Memory After a Cold Boot”

  1. [...] Information Security Blog and News « Imaging Memory After a Cold Boot [...]

 Leave a Reply



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

© 2012 McGrew Security Suffusion theme by Sayontan Sinha