[Noisebridge-discuss] Cold Boot Attacks on Disk Encryption

Kristian Erik Hermansen kristian.hermansen at gmail.com
Tue Mar 4 18:34:09 UTC 2008


On Tue, Mar 4, 2008 at 10:18 AM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>  Using the linux kernel is a bad idea. If you're using it to do forensics
>  on a linux system it becomes clear why this is so...
>
>  Give a linux system a reboot into single user mode and cat /dev/mem
>  after a population of memory. You'll see your string but you probably
>  won't see a lot of kernel memory from the previous boot...

Good points.  How many bytes did your custom utilities consume?  Did
you have some special algorithm/method of loading the utilities to
minimize RAM usage or choose perhaps a location which would likely be
untouched by the previous booted OS?  Were all the utils written in
pure asm to get the greatest efficiency in mem usage?  I look forward
to hearing the reply...
-- 
Kristian Erik Hermansen
--
"It has been just so in all my inventions. The first step is an
intuition--and comes with a burst, then difficulties arise. This thing
gives out and then that--'Bugs'--as such little faults and
difficulties are called--show themselves and months of anxious
watching, study and labor are requisite before commercial success--or
failure--is certainly reached" -- Thomas Edison in a letter to
Theodore Puskas on November 18, 1878



More information about the Noisebridge-discuss mailing list