Cold Boot Attack Defense
TODO: write introduction
- What is a cold boot attack.
- What is RAM.
- Explain DDR2 vs DDR3 RAM.
- How is RAM different from mass storage.
- Document how to find out if one is using DDR3 RAM.
To make memory forensics harder, make sure you shutdown your computer normally  and then remove the machine from any power source by pulling the power plug. In the case of notebooks, the battery should be removed after powering off. And the computer should be turned when exposed to higher-risk situations like traveling. 
Use DDR3 RAM since it might be resistant to this attack. 
- https://www.youtube.com/watch?v=JDaicPIgn9U [archive]
- https://en.wikipedia.org/wiki/Cold_boot_attack [archive]
- https://blog.f-secure.com/cold-boot-attacks/ [archive]
- https://www.usenix.org/legacy/event/sec08/tech/full_papers/halderman/halderman.pdf [archive]
- https://cyberside.planet.ee/docs/fares_coldboot.pdf [archive]
so the Linux kernel's memory erasing features (
init_on_free) and/or your firmware reset attack mitigation can kick in
- And/or the memory should be wiped upon shutdown. This is a theoretical mechanism at present because it is undocumented. https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix/5596 [archive]
Quote On the Practicability of Cold Boot Attacks [archive]:
we could not reproduce cold boot attacks against modern DDR3 chips.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)