[Noisebridge-discuss] Cold Boot Attacks on Disk Encryption
Kristian Erik Hermansen
kristian.hermansen at gmail.com
Tue Mar 4 18:34:09 UTC 2008
On Tue, Mar 4, 2008 at 10:18 AM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> Using the linux kernel is a bad idea. If you're using it to do forensics
> on a linux system it becomes clear why this is so...
>
> Give a linux system a reboot into single user mode and cat /dev/mem
> after a population of memory. You'll see your string but you probably
> won't see a lot of kernel memory from the previous boot...
Good points. How many bytes did your custom utilities consume? Did
you have some special algorithm/method of loading the utilities to
minimize RAM usage or choose perhaps a location which would likely be
untouched by the previous booted OS? Were all the utils written in
pure asm to get the greatest efficiency in mem usage? I look forward
to hearing the reply...
--
Kristian Erik Hermansen
--
"It has been just so in all my inventions. The first step is an
intuition--and comes with a burst, then difficulties arise. This thing
gives out and then that--'Bugs'--as such little faults and
difficulties are called--show themselves and months of anxious
watching, study and labor are requisite before commercial success--or
failure--is certainly reached" -- Thomas Edison in a letter to
Theodore Puskas on November 18, 1878
More information about the Noisebridge-discuss
mailing list