An in-depth analysis of the cold boot attack: Can it be used for sound forensic memory acquisition?

by Richard Carbone

The purpose of this technical memorandum is to examine the technical characteristics behind the cold boot attack technique and to understand when and how this technique should be applied to the field of computer forensic investigations. Upon thorough examination of the technique, the authors highlight its advantages, drawbacks, applicability and appropriateness for use in the acquisition of computer memory contents. The original cold boot attack paper, as conducted by a team of students and researchers in 2008, demonstrated the usefulness of computer memory remanence and how this phenomenon could be used to defeat popular disk encryptions tools and other data hiding techniques necessary for the safe storage of secret data and information. However, the technique is not a panacea and has many drawbacks dictated by the laws of physics, which cannot be overcome by the technique...

Read more at http://articles.forensicfocus.com/2011/08/21/an-in-depth-analysis-of-the-cold-boot-attack-can-it-be-used-for-sound-forensic-memory-acquisition/