Cold Boot Attack Defense
TODO: write introduction
- What is a cold boot attack.
- What is RAM.
- Explain DDR2 vs DDR3 RAM.
- How is RAM different from mass storage.
- Document how to find out if one is using DDR3 RAM.
To make memory forensics harder, make sure you shutdown your computer normally  and then remove the machine from any power source by pulling the power plug. In the case of notebooks, the battery should be removed after powering off. And the computer should be turned when exposed to higher-risk situations like traveling. 
Use DDR3 RAM since it might be resistant to this attack. 
- https://www.youtube.com/watch?v=JDaicPIgn9U [archive]
- https://en.wikipedia.org/wiki/Cold_boot_attack [archive]
- https://blog.f-secure.com/cold-boot-attacks/ [archive]
- https://www.usenix.org/legacy/event/sec08/tech/full_papers/halderman/halderman.pdf [archive]
- https://cyberside.planet.ee/docs/fares_coldboot.pdf [archive]
so the Linux kernel's memory erasing features (
init_on_free) and/or your firmware reset attack mitigation can kick in
- And/or the memory should be wiped upon shutdown. This is a theoretical mechanism at present because it is undocumented. https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix/5596 [archive]
Quote On the Practicability of Cold Boot Attacks [archive]:
we could not reproduce cold boot attacks against modern DDR3 chips.