'Cold boot' tools surface

New software has been posted for recovering encryption keys from DRam

Security researchers have posted a set of tools for performing 'cold boot' data recoveries.

The tools could allow a user to recover disk encryption keys from a recently powered-down computer, according to the researchers.

Source code for the tools was released earlier this week at the Hackers On Planet Earth conference.

The tools follow a study earlier this year by a group of researchers at Princeton University which concluded that, given the right tools, it could be possible to recover disk encryption information from a recently shut-down machine.

Memory chips retain data for a short time after being powered down, so an attacker could set the machine into a 'cold boot' and obtain the contents of the memory chips before the machine fully starts up.

The theory presents a major security risk, as it could allow a laptop thief to bypass encryption tools and access the contents of the hard drive.

The technique could also be of use to law enforcement officials in recovering evidence from encrypted drives.

Encryption firms have acknowledged the possibility of the attack, but have noted that it is not practical as the contents of the memory chips often disappear completely within a few minutes of being shut down.

This would leave the attacker with a very short window in which to recover the encryption keys.

Some firms have also suggested technologies such as virtualised disk encryption, which deletes the key from memory when the disk is unmounted, as a possible mitigation.