Keeping Cool
What’s the story with all of this talk of freezing memory chips and then extracting RAM after power off? Read on for more information!
Electronic memory is essentially a set of tightly packed electronic switches. In reality, memory is typically comprised of a large number of latches which are formed from transistors, but it’s much simpler to imagine something more physical. Picture, if you would, a garden hose.
When you turn on your sprinkler, it takes a few moments for the water pressure in the hose to rise high enough to start spraying water out of the sprinkler head. Conversely, when you turn the water off, water will continue to flow out of the sprinkler head as the water pressure drops. In a similar way, the memory latches maintain their state as a result of a charge that is applied to them. When the power turns off, the “pressure” source is removed, but it takes varying amounts of time for all of the pressure to go out of the system. By refrigerating the memory chips, you are actually making them much more efficient, so it takes longer for the remaining power to drain completely. Even without cooling, however, tests have found that some laptops will actually retain a fairly accurate representation of the RAM for upwards of ten minutes! Desktop systems, far more power hungry, can only retain memory contents for a few seconds without cooling.
What does this all mean? It means that the rumors are true. In fact, there was at least one paper regarding this issue written and published back in 2006, but it never really caught anyone’s attention. If you’re looking for tools that you can use to test out these theories, have a look at McGrewSecurity, which has released a simple tool with easy to follow directions on how to build a bootable USB key that will allow you to easily dump memory captures to the USB stick.
When you turn on your sprinkler, it takes a few moments for the water pressure in the hose to rise high enough to start spraying water out of the sprinkler head. Conversely, when you turn the water off, water will continue to flow out of the sprinkler head as the water pressure drops. In a similar way, the memory latches maintain their state as a result of a charge that is applied to them. When the power turns off, the “pressure” source is removed, but it takes varying amounts of time for all of the pressure to go out of the system. By refrigerating the memory chips, you are actually making them much more efficient, so it takes longer for the remaining power to drain completely. Even without cooling, however, tests have found that some laptops will actually retain a fairly accurate representation of the RAM for upwards of ten minutes! Desktop systems, far more power hungry, can only retain memory contents for a few seconds without cooling.
What does this all mean? It means that the rumors are true. In fact, there was at least one paper regarding this issue written and published back in 2006, but it never really caught anyone’s attention. If you’re looking for tools that you can use to test out these theories, have a look at McGrewSecurity, which has released a simple tool with easy to follow directions on how to build a bootable USB key that will allow you to easily dump memory captures to the USB stick.