Cold Boot Attacks

Summary

By hard reseting a target machine the RAM can be dumped to gain access to encryption keys. DRAM typically retains data for "seconds to minutes" at room tempature but can last up to a full week when stored with liquid nitrogen.

Mitigations

The most effective mitigation is always fully shutting down the machine when not in physical control.

VeraCrypt can encrypt in-RAM keys in 64-bit Windows.

Register based key storage can be used as they are zeroed on restart. Various implementations have been proposed but none of them are in active use.

Tails writes random data to system memory upon shutdown. This doesn't currently include video memory however.