>That’s an old method, it’s the same thing you do in normal forensics like doing a savecore which will save all the contents of memory.
>But it still only works on disk encryption that unlocks on startup. If you just pgp a certain folder and only unencrypt it when you use it, and not constantly then there’s nothing you can do unless they get it seconds after it’s been decrypted
>
>
>>One more thing to worry about:
http://citp.princeton.edu/memory/>>
>>The video explains it very well.
Hmm, I thought a savecore was against memory in a running/powered up computer. What looks new to me is reading the contents of DRAM after it has been powered off. I thought DRAM lost its contents quite quickly after being powered off (well under a second, essentially instantaneously) but as they show in the video, that's not necessarily the case, especially if it's quickly chilled.
I agree about the encrypted folder example you gave. In the video, they also said if Vista is started with the BitLocker logon rather than the standard Vista logon that's not vulnerable either.
Regards. Al
"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov
Neither a despot, nor a doormat, be
Every app wants to be a database app when it grows up
