RAM content lost after shutdown? Not exactly

This is really amazing stuff. It appears that modern memory chips don’t loose their content immediately after power loss. Apparently, it takes two minutes to the loose their content completely. Moreover, you can cool the memory chip using regular dust remover spray. This will keep the memory content intact for at least 10 minutes.

This is more than enough time to plug the memory stick into another laptop, boot it and dump the memory content to hard-disk.

The operating system cannot be Linux or any other modern OS because it will immediately overwrite the content of the memory stick. DOS or any of its clones is probably the perfect OS for this task.

Anyway, as video below shows, this can be used to crack encrypted hard drive. Encryption for encrypted hard drives done in software. The software (probably all kinds of it) keeps the key it uses to encrypt the data in memory. So, to crack encrypted hard drive, all you have to do is to grab its RAM, dump RAM contents to a file and find the key in the file. The later part can be tricky, but this is doable, given enough time.

Based on research from Princeton University, via twitter @jithin1987.

Did you know that you can receive periodical updates with the latest articles that I write right into your email box? Alternatively, you subscribe to the RSS feed!

Want to know how? Check out
Subscribe page

Leave a Reply

Prove you are not a computer or die *