Advanced Memory Forensics: Releasing The Cold Boot Utilities presented at The Last HOPE 2008

by Jacob Appelbaum,

Tags: Security

Summary : This talk will cover some of the issues involved with Cold Boot attacks. A description of the multiple methods (disk, network, etc.) developed for targeting computers whose memory is being targeted for extraction. The tools used for these experiments will be released here. In addition, code will be released that was written and has improved since the initial public release of these experiments. This includes a dumper using a standard iPod with unmodified Apple firmware. In addition, an improved AES keyfinding tool has been implemented. Great caution has been taken to not stomp on important bits in memory. All of the tools will be released as free software. Possibilities for protection as well as other ideas for improvement of the attacks in software and hardware will be discussed. The paper related to this talk can be found at