posted on Oct, 17 2017 @ 10:36 PM
Some time ago I came across a few method by which the data held within RAM could be recovered thus giving full access to the computer as it stores the
passwords to unlock the machine, encryption keys for hard drives and everything else of interest that has been used on the machine.
RAM is a volatile memory, unlike a hard drive which is non-volatile and permenant. I had read about some techniques to increase the time the data
stays in RAM after losing power and found that with a few simple techniques this can be extended to 30-60 minutes with very little effort and even
without, data can remain for up to 5 mins after powering down. These are some unsettling numbers and I didn't know that data could be retained for
so long after powering off the system.
Most desktops have a "open case" switch which can lock the BIOS (or at least notify the user) if the case opened at any point. It is a simple 2
wire switch. I'm thinking of re-wiring this case switch to work with the "power on" wire from the ATX connector, so that if the panel is removed,
the switch is tripped powering down the PSU, giving less time for the RAM to be recovered.
I'm not sure if there is any way to do a "RAM flood" of either repeating data or usless data if the switch is tripped. IDK how this couid be
integrated into the MOBO the way they are currently made.
I just found out that USB-C and Thunderbolt are both vulnerable to DMA attacks! This is seriously disheartening as this is a major security risk. I
found this out after writing about Firewire below.
Another method of accessing RAM data is via Firewire as it has DMA. This seems like a major security issue which is why I would never buy a computer
with firewire in it as it leaves the entire system open to hacking to anyone with a Firewire cable. I've had a couiple system with firewire for
almost a decade and never once needed to use it and all the devices that have firewire also have USB, so unless you REALLY need to daisy chain, then
disable firewire, destroy the port or don't get a system with it.
Has anyone ever recovered data in RAM by any of these methods?