.

Cold boot

<<

Joshsevo

User avatar

Sr. Member
Sr. Member

Posts: 281

Joined: Tue Dec 29, 2009 11:00 pm

Post Tue Jun 14, 2011 1:56 pm

Cold boot

So at my recent SANS 408 Forensics class my instructor told me about a method that him and some others are looking into to see if they can actually pull it off and if they can work with some people to get some software up and running.

He said this is already being looked at by others in the community.

What the cold boot is, is getting the cache of the volitile memory.  The previous thinking was once the computer was shut down the data stored in the memory was wiped immediatly.  Well, that's not always the case as the memory is run on power and that it slowly leaks off and then is gone forever.

This would help with Forensics investigations and such...

What are your thoughts on this.  If there is enough colaboration do you think it would be done?
Security+, Network+, C|EH, CHFI, CPT
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Jun 14, 2011 3:18 pm

Re: Cold boot

Joshsevo wrote:What the cold boot is, is getting the cache of the volatile memory.  The previous thinking was once the computer was shut down the data stored in the memory was wiped immediately.  Well, that's not always the case as the memory runs on power and that it slowly leaks off and then is gone forever.

What are your thoughts on this.  If there is enough collaboration do you think it would be done?


There was an article, some time ago about dumping information from the RAM. (Quite some time ago.)
One of them that I found interesting, was freezing the computer down to -271C or something like that, immediately, and thereby somehow preserving the contents, of what was in the ram at the time. (Transportation issue.)

Stealing what's in the (hot) RAM at run-time is of course easier, if the contents aren't encrypted somehow. (I say somehow because everything can work in theory, but in theory a lot cannot work as well  :D )

Anyway, I haven't really played with this, but of course I've heard about it  :)

The problem with stealing data from RAM, where the power slowly degrades, is a possible corruption of the data or total loss (of data), when there isn't a sufficient amount of power. This depends on the amount of time used of course.

If it's a transportation issue, steal the contents while the ram is HOT as I already mentioned or hibernate the system xD Either virtually or physically. These are just ideas, and some of it may not work in real life, but I have a great imagination  :)
I'm an InterN0T'er

Return to Hardware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software