News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Hybrid attack can extract data from inert RAM

    Posted on Tracey Capen Comment on the AskWoody Lounge

    Home Forums AskWoody blog Hybrid attack can extract data from inert RAM

    This topic contains 7 replies, has 6 voices, and was last updated by  wavy 1 month ago.

    • Author
      Posts
    • #2003135 Reply

      Tracey Capen
      AskWoody MVP

      LANGALIST By Fred Langa It sounds impossible, but data can be recovered from RAM chips — even after they’ve been removed from a PC. Specialized attack
      [See the full post at: Hybrid attack can extract data from inert RAM]

      2 users thanked author for this post.
    • #2003150 Reply

      Ascaris
      AskWoody_MVP

      I knew there had to be an advantage to my laptop’s soldered-on RAM!

      Group "L" (KDE Neon User Edition 5.17.4).

    • #2003186 Reply

      mn–
      AskWoody Lounger

      … some outfits have used the RAM removal trick for debugging. Data on those chips degrades slower if kept cold, so they sometimes used ice packs too…

    • #2003619 Reply

      Fred
      AskWoody Plus

      LANGALIST By Fred Langa It sounds impossible, but data can be recovered from RAM chips — even after they’ve been removed from a PC. Specialized attack
      [See the full post at: Hybrid attack can extract data from inert RAM]

      Right, you don’t need a “new Snowden” now to reveal this….
      For a quite number of years this knowledge was already used to protect the “goodies” when switching off power quite some before leaving. At the other hand, special forces tend to freeze puters of the bad guys when they have the chance.
      Nice to know when you have an icecream

      After all.. Just because we're paranoid doesn't mean they aren't out to get us.
    • #2003735 Reply

      OscarCP
      AskWoody Plus

      It says in Fred Langa’s article that, to the criminals especializing in this sort of thing, home PCs are not worth all the trouble it takes to extract the data slowly evaporating form the DRAM chips after the computer is turned off. So, as my computer is not worth it, I don’t have to expect to be attacked, in dead of night, by announced ninja assassins throwing shuriken (a.k.a. death stars) at me and carrying liquid nitrogen canisters to spray it all over my computer’s motherboard. That’s nice to know. Right?

      Right?

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

      1 user thanked author for this post.
    • #2003839 Reply

      Fred
      AskWoody Plus

      It says in Fred Langa’s article that, to the criminals especializing in this sort of thing, home PCs are not worth all the trouble it takes to extract the data slowly evaporating form the DRAM chips after the computer is turned off. So, as my computer is not worth it, I don’t have to expect to be attacked, in dead of night, by announced ninja assassins throwing shuriken (a.k.a. death stars) at me and carrying liquid nitrogen canisters to spray it all over my computer’s motherboard. That’s nice to know. Right?

      Right?

      OscarCP:  That’s nice to know, you are one of the good guys then!
      Appently, ME making a reply to you is a reason to polish that of this board … so, I am one of the bad guys then; the price of knowing [very near to the source and sharing here now] that this technique is being used for a very long time.

      After all.. Just because we're paranoid doesn't mean they aren't out to get us.
      • #2004342 Reply

        OscarCP
        AskWoody Plus

        Fred: You are definitively a good guy. But I’ve noticed that you did not vaccinate your comment with something directly relevant to the topic under discussion. While it is not a given here that vaccines will always take, or, contrariwise, prove necessary after the fact, nevertheless I think it is better than not to be vaccinated.

        You and others have certainly added information in this thread, with your previous comments on an intriguing topic.

        For example, to me it has been a surprise to learn here that the information in DRAM memory can be read off long after the power is switched off — after all, the “D” in ‘DRAM’ stands for “Dynamic”. Meaning that the electrons stored in tiny capacitors, forming a binary pattern of charge levels corresponding to “ones” and “zeroes” inside the chip, are being refreshed periodically (and very quickly, at a rate of once every 64 milliseconds or less) to keep them charged and maintaining that pattern and the information it represents. If the power is turned off, then this stops and the memory of the information previously stored then should also vanish very quickly, or so I had thought, as those capacitors discharge. So, now I know, while they do discharge when the power is off, it is not all that fast. And cooling the chip slows down the discharge further, mainly (I imagine) by increasing the leakage path’s resistance, thus keeping the information available to be picked up, with suitable tools, for a longer time.

        https://en.wikipedia.org/wiki/Dynamic_random-access_memory

        Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

    • #2005058 Reply

      wavy
      AskWoody Plus

      Maybe what is needed is a Firmware(UEFI ) routine to rewrite RAM when shutting down.

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Hybrid attack can extract data from inert RAM

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.