Cold Boot Attack Defense

From Whonix


Ambox warning pn.svg.png Documentation for this is incomplete. Contributions are happily considered!

TODO: write introduction

  • What is a cold boot attack.
  • What is RAM.
  • Explain DDR2 vs DDR3 RAM.
  • How is RAM different from mass storage.
  • Document how to find out if one is using DDR3 RAM.


Defending Cold Boot Attacks makes most sense for users of Full Disk Encryption and/or Host Live Mode.

To make memory forensics harder, make sure you shutdown your computer normally [2] and then remove the machine from any power source by pulling the power plug. In the case of notebooks, the battery should be removed after powering off. And the computer should be turned when exposed to higher-risk situations like traveling. [3]

Use DDR3 RAM since it might be resistant to this attack. [4]

Development Discussion[edit] [archive]


  1. so the Linux kernel's memory erasing features (page_poison, slub_debug or init_on_free) and/or your firmware reset attack mitigation can kick in
  2. And/or the memory should be wiped upon shutdown. This is a theoretical mechanism at present because it is undocumented. [archive]
  3. Quote On the Practicability of Cold Boot Attacks [archive]:

    we could not reproduce cold boot attacks against modern DDR3 chips.

text=Jobs in USA
Jobs in USA

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Cold Boot Attack Defense&body= link= Boot Attack Defense link= Boot Attack Defense link= Boot Attack Defense%20 Boot Attack Defense

LIVE MODE: Host operating system or VM can be booted into Live Mode, using Host Live Mode or VM Live Mode.

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.