So the head of SMERSH switches off his password protected and BitLocker-protected PC and walks out of his office to go home for the night.
Stealing the hard drive will get you nowhere because it is encrypted.
But you quickly break into his office - remove the DIMM RAM sticks and plonk them into a flask of liquid Nitrogen and then go back to your secret base. After a few minutes you have collected all the bytes that were in that RAM into a file on your USB drive. Now you can analyse the file to find out what passwords and images, etc. were in his RAM just at the point he shut it down. For instance you could use PHOTOREC to find jpeg images or perhaps use some of the investigative tools in Kali Linux to find passwords or the BitLocker key?
Later you will return the DIMM sticks and no one will be any the wiser. If the BitLocker key or any passwords were found in memory, you could try them out and gain access to the encrypted hard drive too.
Up to now this was only possible for a maximum of 4GB because the 'scraper' code only worked as 32-bit code. However, Basel has now also compiled a 64-bit version for us which seems to work nicely!
My original blog was here and I have updated the original RMPrepUSB Article 124 to include a menu for the 32-bit and 64-bit versions that he has kindly provide - great work Basel!
So now even BitLocker will not protect you Colonel Niktin!
YouTube video of a Cold Boot Attack here.
P.S. A funny thing happened in the park this morning ...
The local park had just opened for the first time for ages (it had been closed due to Corona) and my brother took his collie dog there for a walk as he used to do in the pre-Corona days.
Once there, the dog had a great time and then she saw an old friend - a whippet that she loves to chase and play with. Then suddenly the whippet runs along and puts his foot in a rabbit hole or something and 'SNAP!' goes his right hind leg - broken!
Everyone came to his rescue and even a wheelbarrow was fetched by someone to transport him back to the car park and get him to the vets. No one blamed my brother or his dog - it was just a freak accident.
So my brother goes back to his car and there a middle-aged lady bends down to make a fuss of his collie dog when the lady stumbles, falls over and hits her head on a large stone on the ground. She was unconscious for quite a few seconds and took some more time to slowly come to her senses.
So after that, my brother drove home very slowly and carefully with his dog and they are both staying indoors all day just in case anything else happens! You couldn't make this up!
P.P.S. The vet set the dog's broken leg but unfortunately it later got infected and so had to be amputated. The dog has now been re-named as 'tripod'.
No comments:
Post a Comment