I found the article interesting, but I wonder about it's practicality. If you have physical access to the box you never really need to power down the box in the first place and generally if the box is already on, I think most people would prefer to attack a service to get on the system directly. But there are some special cases where these techniques will likely be very useful. <br>
<br>For me, I've always disliked the practice of doing live forensic discovery. I'd much rather get a clean disk dump than to poke around on the system first, but losing RAM sucks. Maybe now IR/Forensic guys can get the best of both worlds? They can yank the power to save the disk state and dump memory by using the techniques described in the article. :)<br>
<br><br><div class="gmail_quote">On Fri, Feb 22, 2008 at 8:32 AM, niclas <<a href="mailto:lists@datenritter.de">lists@datenritter.de</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">> <a href="http://blog.wired.com/27bstroke6/2008/02/researchers-dis.html" target="_blank">http://blog.wired.com/27bstroke6/2008/02/researchers-dis.html</a><br>
<br>
</div>(cooling down DRAMs keeps their contents for longer time, even during<br>
reboot.)<br>
<br>
well, this shows how important mechanical security still is, even with<br>
all the crypto-stuff out there. if you e.g. just *glued* your RAM<br>
modules into your motherboard, the option left would be booting a<br>
malicious OS. a BIOS-password might put delays on that.<br>
<br>
so, if it is really secret put your PC in a locked steel box!<br>
<br>
as a dircet countermeasure you might as well consider a simple<br>
temperature sensor next to your DRAMs, releasing [evil self-destruction<br>
hack] when temperatures drop below 0°C.<br>
<br>
thermite does a good job on destroying HDDs but it's very dangerous.<br>
<br>
it's probably more easy to use this device then:<br>
<a href="http://www.wiebetech.com/products/HotPlug.php" target="_blank">http://www.wiebetech.com/products/HotPlug.php</a><br>
<br>
looking at these two methods, i notice how "they" (whoever) seem to aim<br>
not only on physical access but also more and more on surprising the<br>
crypto-user. "they" might use the methods mentioned above or just hit<br>
you with a flashbang, so you can't press the lock key anymore. this<br>
worries me more than any it-related security flaw. i don't want the<br>
police to behave like that.<br>
<font color="#888888"><br>
n.<br>
</font><div><div></div><div class="Wj3C7c"><br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a></div></div></blockquote></div><br><br clear="all"><br>-- <br>Matthew Wollenweber<br><a href="mailto:mwollenweber@gmail.com">mwollenweber@gmail.com</a> | <a href="mailto:mjw@cyberwart.com">mjw@cyberwart.com</a><br>
<a href="http://www.cyberwart.com">www.cyberwart.com</a>