Research

An in-depth analysis of the cold boot attack: Can it be used for sound forensic memory acquisition?

Abstract

The purpose of this technical memorandum is to examine the technical characteristics behind the cold boot attack technique and to understand when and how this technique should be applied to the field of computer forensic investigations. Upon thorough examination of the technique, the authors highlight its advantages, drawbacks, applicability and appropriateness for use in the acquisition of computer memory contents. The original cold boot attack paper, as conducted by a team of students and researchers in 2008, demonstrated the usefulness of computer memory remanence and how this phenomenon could be used to defeat popular disk encryptions tools and other data hiding techniques necessary for the safe storage of secret data and information. However, the technique is not a panacea and has many drawbacks dictated by the laws of physics, which cannot be overcome by the technique. The authors believe that a thorough understanding of this phenomenon will empower computer forensic investigators to take advantage of it when appropriate but also aim at dispelling various distortions surrounding it.

Keywords

Computer forensics, Memory acquisition, Cold boot attack, Software memory acquisition, Hardware memory acquisition, Flash freeze, Platform reset attack, Cold ghosting attack, Iceman attack

Author

Richard Carbone (forensicsrichard@gmail.com)

PDF Document Link

https://forensicfocus.files.wordpress.com/2011/08/cold_boot_attack_for_forensiscs1.pdf

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: