A team of Ph.D. students at Princeton university has published a research paper on how to quite easily crack practically any kind of harddrive encryption. They do it through a cold-boot attack and take advantage of the fact that RAM does not wipe immediately as the power is lost. In fact, data (including the encryption key) stored in the RAM remains in the RAM for up to several minutes in room temperature. If you go to such as extremes as they do, by cooling the chips down to -50°C, it will remain in the RAM for even longer.
The first you have to do is make sure the laptop is running the operating system, meaning the user can be logged in or logged out, just make sure it’s on and have booted. Then cut the power. The encryption key is now left in the RAM for you to retrieve.
The team has developed a simple application that the laptop can boot from using an external harddrive or USB memory stick. The application dumps the content of the RAM onto the drive and then searches for the encryption key. When found, the cracker can easily boot the computer, enter the encryption key and boot the computer to access all of your secret files.
Right now there is no easy way to defend yourself against such an attack. The perhaps best way would be if a low-level system, such as the BIOS, wipes the RAM after a hard shutdown, but that would require recompiling your current BIOS and that’s probably not worth the effort.
More information, including the full research paper, more pictures and videos can be found at Princeton’s website.
