A recent study -- conducted by Princeton University and the Electronic Frontier Foundation -- revealed how successful cold boot attacks can be launched on disk encryption.
According to the study, most users assume that dynamic random access memory (DRAM) is erased when a computer is shut down. Not true, according to the study. Such data remains visible for several minutes. This time gap provides attackers with a window to access DRAM data. After much experimentation, researchers found a number of methods that could be used to penetrate three widely used disk encryption systems.
The full research paper includes a detailed analysis of the exact methods used for extracting information. A short video segment provides a brief overview of the study as well as a demonstration of how the methods can be used. Ed Felten, one of the eight researchers, also followed up with a blog. Here Felten discusses the experiments, answers questions from readers and offers bits of advice to those concerned by the findings of the study.