The tools could allow a user to recover disk encryption keys from a recently powered-down computer, according to the researchers who developed them.
The source code for the tools was released earlier this week at the Hackers On Planet Earth (HOPE) conference.
The tools follow a study earlier this year by a group of researchers at Princeton University. The study concluded that, given the right tools, it could be possible to recover disk encryption information from a recently shut-down machine.
Because memory chips retain data for a short time after being powered down, an attacker could set the machine into a 'cold boot' and obtain the contents of the memory chips before the machine fully starts up.
The theory presents a major security risk, as it would allow a laptop thief to bypass encryption tools and access the contents of the user's hard drive. The technique could also be of use to law enforcement officials in recovering evidence from encrypted drives.
Encryption firms have acknowledged the possibility for the attack, but have also noted that it is often not practical, as the contents of the memory chips often disappear completely within a few minutes after being shut down, leaving the attacker with a very short window in which to recover the encryption keys.
Some firms have also suggested such technologies as virtualized disk encryption, which deletes the key from memory when the disk is unmounted, as a possible mitigation.
'Cold boot' tools surface
By
Shaun Nichols
on Jul 23, 2008 4:48PM
A set of tools for performing 'cold boot' data recoveries has been posted..
Got a news tip for our journalists? Share it with us anonymously here.
