The source code for the tools was released earlier this week at the Hackers On Planet Earth (HOPE) conference.
The tools follow a study earlier this year by a group of researchers at Princeton University. The study concluded that, given the right tools, it could be possible to recover disk encryption information from a recently shut-down machine.
Because memory chips retain data for a short time after being powered down, an attacker could set the machine into a 'cold boot' and obtain the contents of the memory chips before the machine fully starts up.
The theory presents a major security risk, as it would allow a laptop thief to bypass encryption tools and access the contents of the user's hard drive. The technique could also be of use to law enforcement officials in recovering evidence from encrypted drives.
Encryption firms have acknowledged the possibility for the attack, but have also noted that it is often not practical, as the contents of the memory chips often disappear completely within a few minutes after being shut down, leaving the attacker with a very short window in which to recover the encryption keys.
Some firms have also suggested such technologies as virtualized disk encryption, which deletes the key from memory when the disk is unmounted, as a possible mitigation.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
