A cold boot attack is a process for obtaining unauthorized access to a computer's encryption keys when the computer is left physically unattended.
Researchers from Princeton University, the Electronic Frontier Foundation and Wind River Systems discovered that a cold boot attack is possible because dynamic random access memory (DRAM) chips retain data for a brief period of time after a computer is turned off. The amount of time can be increased if the chips are removed from the motherboard and kept at low temperatures; this can be accomplished by spraying them with an inverted can of compressed air. The chips can then be quickly reinserted into the machine and their contents read.
Cold boot attacks demonstrate that disk encryption programs, which are used to protect data on desktops, laptops and various other computing devices, have no reliably secure location in which to store their keys. The attack is carried out by performing a cold boot of the system and dumping the contents of the DRAM to a CD or USB token. The memory image is then scoured for data structures that store the decryption key. With this data, an attacker can obtain encryption keys either by copying the entire encrypted partitions or rebooting the machine and using the computer's encryption software to decrypt it.
This video from the Center for Information Technology Policy demonstrates how a cold boot attack works.
See also: full disk encryption
Continue Reading About cold boot attack
Dig Deeper on Disk and file encryption tools