To keep sensitive data safe, people on the internet recommend overwriting the RAM with other data.
Popular methods include, for example, running bios post memory test at startup, or running any other memory test utility from bios or CD.
I read somewhere on the forum that if you disconnect the power supply, the last thing the ram does is rewrite all the bits to 0 or 1 (I'm not sure now) and I'm also not sure if it's windows or bios that does it if at all?? Can anyon explain it to me?
In other words, I'm not so sure about this, because I don't know if it really works on every PCs, or if only some operating systems do it, or if it only works if you have the features set correctly in the BIOS. I mean specifically disabled quick boot, enabled memor clean, and automatic start in case of power loss.
According to one post I read, in theory it should be enough to have the turn on when ac power loss function turned on and pull out the cable, and the ram will supposedly be overwritten, but I can't say if it really works that way. I would appreciate it if someone could confirm or refute this information.
Regarding the memory clean function, I read that it is a security feature with the arrival of DDR3. Where the bios post is not seen so often due to the large ram capacity. Allegedly, this feature should zeroed out the contents of the entire ram upon restart. The question remains whether it also works in combination with features that speed up booting, and if is it enough?? Could someone explain here how to set this feature to work correctly?
In Linux systems, a script is used during shutdown. And I wonder if there would be, for example, the possibility to overwrite the ram several times with 0,1 and random characters or pseudo pattern, just as it is with sdelete program. Can it be done in practice, would it improve protection?
However, I came across this paper (Secure Deletion of Data from Magnetic and Solid-State Memory by Peter Gutmann) from 1996, which also mentions SRAM and DRAM a little, which are the predecessors of SDRAM and DDR ram, so the concept of the memory cells will probably be the similar as DDR2 DDR3 maybe DDR4 and DDR5, but I can't confirm that.
Dr. Gutmann claims that the value of the previous bit can be guessed based for example on voltage and current threshold shifts of memory cell.
By Peter Gutmann is it possible to recover overvritten ram data too if the recovery attempt is carried out fairly soon after the new data was written. (Does this also apply in the case of a cold restart?)
In chapter 8. Erasure of Data stored in Random-Access Memory, Dr.Gutmann states that the greater the amount of time that new data has existed in the cell, the more the old stress is "diluted", and the less reliable the information extraction will be. The oxide will immediately begin to take a "set" which will either reinforce the previous "set" or will weaken it.
He returns to this afterwards in his next study Data Remanence in Semiconductor Devices, where he analyzes the issues in more depth. Among other things, study mentiones various factors affecting RAM cells and general operation of the equipment, like electromigration, hot carriers, Ionic Contamination, Radiation, Scaling...)
In chapter 5.1. Avoiding Short-term Retention Effects explains further that, If nothing is done, the device will eventually recover by itself, although this can take quite some time at normal room temperatures. One way to accelerate the recovery process is to expose the device to elevated temperatures, the read access times for the SRAM devices mentioned previously were found to recover after around 1 ½ hours at 75°C, 3 days at 50°C, nearly two months at 20°C, and approximately 3 years at 0°C.
Finally in short, according to Dr. Gutmann's study, by measuring various values and examining the cells, it is possible to restore the contents of the ram.
If is possible to reconstruct the data from the ram after some time even though it has been overwritten, I would see it as a security issue.
Is this really doable, or is it just a myth, or an obsolete technique that could be done before DDR memories came?
Popular methods include, for example, running bios post memory test at startup, or running any other memory test utility from bios or CD.
I read somewhere on the forum that if you disconnect the power supply, the last thing the ram does is rewrite all the bits to 0 or 1 (I'm not sure now) and I'm also not sure if it's windows or bios that does it if at all?? Can anyon explain it to me?
In other words, I'm not so sure about this, because I don't know if it really works on every PCs, or if only some operating systems do it, or if it only works if you have the features set correctly in the BIOS. I mean specifically disabled quick boot, enabled memor clean, and automatic start in case of power loss.
According to one post I read, in theory it should be enough to have the turn on when ac power loss function turned on and pull out the cable, and the ram will supposedly be overwritten, but I can't say if it really works that way. I would appreciate it if someone could confirm or refute this information.
Regarding the memory clean function, I read that it is a security feature with the arrival of DDR3. Where the bios post is not seen so often due to the large ram capacity. Allegedly, this feature should zeroed out the contents of the entire ram upon restart. The question remains whether it also works in combination with features that speed up booting, and if is it enough?? Could someone explain here how to set this feature to work correctly?
In Linux systems, a script is used during shutdown. And I wonder if there would be, for example, the possibility to overwrite the ram several times with 0,1 and random characters or pseudo pattern, just as it is with sdelete program. Can it be done in practice, would it improve protection?
However, I came across this paper (Secure Deletion of Data from Magnetic and Solid-State Memory by Peter Gutmann) from 1996, which also mentions SRAM and DRAM a little, which are the predecessors of SDRAM and DDR ram, so the concept of the memory cells will probably be the similar as DDR2 DDR3 maybe DDR4 and DDR5, but I can't confirm that.
Dr. Gutmann claims that the value of the previous bit can be guessed based for example on voltage and current threshold shifts of memory cell.
By Peter Gutmann is it possible to recover overvritten ram data too if the recovery attempt is carried out fairly soon after the new data was written. (Does this also apply in the case of a cold restart?)
In chapter 8. Erasure of Data stored in Random-Access Memory, Dr.Gutmann states that the greater the amount of time that new data has existed in the cell, the more the old stress is "diluted", and the less reliable the information extraction will be. The oxide will immediately begin to take a "set" which will either reinforce the previous "set" or will weaken it.
He returns to this afterwards in his next study Data Remanence in Semiconductor Devices, where he analyzes the issues in more depth. Among other things, study mentiones various factors affecting RAM cells and general operation of the equipment, like electromigration, hot carriers, Ionic Contamination, Radiation, Scaling...)
In chapter 5.1. Avoiding Short-term Retention Effects explains further that, If nothing is done, the device will eventually recover by itself, although this can take quite some time at normal room temperatures. One way to accelerate the recovery process is to expose the device to elevated temperatures, the read access times for the SRAM devices mentioned previously were found to recover after around 1 ½ hours at 75°C, 3 days at 50°C, nearly two months at 20°C, and approximately 3 years at 0°C.
Finally in short, according to Dr. Gutmann's study, by measuring various values and examining the cells, it is possible to restore the contents of the ram.
If is possible to reconstruct the data from the ram after some time even though it has been overwritten, I would see it as a security issue.
Is this really doable, or is it just a myth, or an obsolete technique that could be done before DDR memories came?