Sunday, August 03, 2008

Dump RAM from a USB stick

A short while back, researchers at Princeton University published a detailed research paper in which they discussed the process of recovering encryption keys out of computer memory (RAM) after a cold boot.

The researchers successfully recovered encryptions keys for popular disk encryption systems such as BitLocker, dm-crypt and developed new algorithms for finding such keys in memory images.

msramdmp is a bootable syslinux USB stick that manages to boot itself without overwriting the contents of RAM. This allows msramdmp to dump the contents of RAM to the USB stick for information gathering purposes. Those who can’t boot from a USB device can use the bootable ISO version.

No comments: