How to clean RAM from any data residue quickly?

[empleat]

Hey,

 

does disconnected PSU from network and pressing and holding power button, or pressing it couple times clean RAM from any residue data quickly? I know data loss doubles over time, and data become increasingly fragmented, but at the same time: I heard it was possible to recover an encryption key even like couple mines afterwards... I just want to know, if this method is reliable way to clear all data out of RAM instantly!  

 

Thanks!

[Bad5ector]

Huh? Once power is cut, I am pretty sure that's it for RAM's memory. Unless you are talking that short time between hitting power off and the caps fully dissipating their charge? 

[empleat]

Yeah, but it can take even like 15 minutes before it clears out fully, or how one can be sure? I don't know if this method can drain power from RAM, no idea currently!

[Levent]

Hey man, if you are doing stuff that is that sensitive to bad actors stealing encryption keys from your computers ram. You might want to take a deep look into your opsec from other angles first.

 

How can you be sure? You can't unless you plan to build yourself an EMP grenade.

[Bad5ector]

2 minutes ago, empleat said:

Yeah, but it can take even like 15 minutes before it clears out fully

Do you have some sources for that? Just a sec, let me ask ChatGPT:

 

RAM (random access memory) is a type of volatile memory that is used to store data that is being actively accessed by the CPU (central processing unit). When the power is cut, the data stored in RAM is lost, because RAM relies on an active power supply to maintain the data stored in its memory cells. Once the power is cut, the data stored in RAM is no longer available to the system.

[Ripred]

From my understanding it dose because sometimes bit of information get corrupted in ram, causing all sorts of havoc and the method to restore function is hold power button until power down, then continue holding for a few second basically a ten count but its not good practice to shutdown this way, the os cant properly save updates, changes, sometimes even corrupting recently saved data, safest bet is shutdown properly then flip the power switch in the back to off position then about 30sec to a minute the capacitors should run out and that will also clear the memory   

[Takumidesh]

put it in a blender?

If you are concerned about someone getting to the data before its gone they really won't be able too, unless they have resources to get to the PC, remove the ram, slow down the data loss (like freezing the chip) and then putting it into a tool to power on the chips and copy them. If you are dealing with that type of threat against you, chances are they will put you in the back of a van with a bag over your head before you have a chance to turn the computer off in the first place.

[empleat]

1 minute ago, Takumidesh said:

put it in a blender?

If you are concerned about someone getting to the data before its gone they really won't be able too, unless they have resources to get to the PC, remove the ram, slow down the data loss (like freezing the chip) and then putting it into a tool to power on the chips and copy them. If you are dealing with that type of threat against you, chances are they will put you in the back of a van with a bag over your head before you have a chance to turn the computer off in the first place.

So it can't be recovered from Windows? After restart?

[empleat]

Just now, Caroline said:

Unless CIA agents break into your house and freeze your RAM with LN2 right after you've opened the encryption software there won't be a chance to steal them.

 

Also keys won't stay there for too long after you dismount volumes and close software, definitely not for 15 minutes after shutdown.

 

If you're at that level of concern regarding your data then you shouldn't be using Windows. At all.

You shouldn't even be using a mainstream x86 chip that's for sure.

 

They're everywhere. Listening, reading, watching you.

No I mean more like virus, reading data from RAM (from previous sessioN) after PC restart. Restart doesn't clean RAM fully https://community.spiceworks.com/topic/451610-recoverable-data-in-ram I wonder how long to wait before turning on PC. I want to isolate 2 systems from each other.

[Bad5ector]

Dude, just cut your power:

 

 

Mind you, this is just ChatGPT and it is known to be confidently wrong at times... but I am pretty sure it's on the money with this one.

[Takumidesh]

5 minutes ago, empleat said:

No I mean more like virus, reading data from RAM (from previous sessioN) after PC restart. Restart doesn't clean RAM fully https://community.spiceworks.com/topic/451610-recoverable-data-in-ram I wonder how long to wait before turning on PC. I want to isolate 2 systems from each other.

if you just want peace of mind, run memtest before booting into the OS, this will write data to all of the blocks on the memory, effectively overwriting any potential data.

 

EDIT: I should add that I believe this is frivolous and you really shouldn't care, there are so many things that would need such perfect conditions that this is effectively a non-issue except for the absolute most precious of targets (nuclear missile codes).

[empleat]

2 minutes ago, Takumidesh said:

if you just want peace of mind, run memtest before booting into the OS, this will write data to all of the blocks on the memory, effectively overwriting any potential data.

 

EDIT: I should add that I believe this is frivolous and you really shouldn't care, there are so many things that would need such perfect conditions that this is effectively a non-issue except for the absolute most precious of targets (nuclear missile codes).

Thanks, how long memtest takes to do this?

[Takumidesh]

a long time.
 

I'll say again. it really isn't a problem.

 

let's assume that there is malicious code in ram (since this seems to be the problem)

 

it would need to be a) written to operate with the intent of being powered down and transferred to the new computer.

b) be robust and effective enough to survive absolute near corruption, this would mean data replication across multiple DRAM chips, and some ability to piece everything back together.

c) be able to execute instructions the moment it is powered on.

 

this is such an obscenely difficult task that it is effectively impossible outside of specific controlled instances.

 

edit: it is also likely that the malware would need to have previous knowledge about specific hardware.

 

[empleat]

1 minute ago, Takumidesh said:

a long time.
 

I'll say again. it really isn't a problem.

 

let's assume that there is malicious code in ram (since this seems to be the problem)

 

it would need to be a) written to operate with the intent of being powered down and transferred to the new computer.

b) be robust and effective enough to survive absolute near corruption, this would mean data replication across multiple DRAM chips, and some ability to piece everything back together.

c) be able to execute instructions the moment it is powered on.

 

this is such an obscenely difficult task that it is effectively impossible outside of specific controlled instances.

 

 

I meant if virus were on HDD, but you power up system with RAM and data residue on it. Memtest solution is fine unless it takes long, otherwise I can just wait 15 minutes...

[Takumidesh]

Just now, empleat said:

I meant if virus were on HDD, but you power up system with RAM and data residue on it. Memtest solution is fine unless it takes long, otherwise I can just wait 15 minutes...

this is not how it works.

[empleat]

3 minutes ago, Takumidesh said:

this is not how it works.

Why couldn't virus on a computer recover residual data on RAM from previous restart? If it gets access to a memory. I know OS should isolate program in memory, but still... Anyways power drain should work too, no? Just to be sure...

[empleat]

1 minute ago, Caroline said:

I knew it was going this way, read my edit.

 

No HDD = no "viruses" that can siphon out any data. If something advanced as that exists then it's top secret, top top secret, the kind of things only a few people in the world would know how to create and operate. A type of worm to steal the CCP's nuclear missile launch codes from a cold facility located deep underground behind some mountains, a stunt not even James Bond could pull off without getting caught.

But I will connect hdd, i didn't know what you are talking about. Anyways I will try power drain, or memtest for piece of mind or wait like 15 minutes, even it is inprobable IK, thanks for answers.

[Levent]

1 minute ago, empleat said:

Why couldn't virus on a computer recover residual data on RAM from previous restart? If it gets access to a memory. I know OS should isolate program in memory, but still... Anyways power drain should work too, no? Just to be sure...

Well fundemantally RAM can't keep data even when it's powered on constantly. It will need to refresh the contents (I believe this was called tRFC in timings).

 

If you are that paranoid, it is also possible to keep data in the RAM encrypted. AMD calls it SME.

[Takumidesh]

4 minutes ago, empleat said:

even it is inprobable IK

I just want to reassure you that it is so improbable, that if you had a virus that succesfully did it, your phone would be ringing off of the hook from every major infosec firm on the planet.

[empleat]

No need, just for piece of mind, if I can completely clear data in RAM between restarts that would be fine

 

Quote

I just want to reassure you that it is so improbable, that if you had a virus that succesfully did it, your phone would be ringing off of the hook from every major infosec firm on the planet.

Oh ok, thanks

[Thomas4]

There IS a 100% sure way to guarantee complete computer security.

 

Step 1. Don't ever go online

Step 2. Destroy both the drive and the RAM every time its used.

 

By performing these two easy steps, you can guarantee yourself that no one can obtain your data.

 

Everything else is at best only 99.99+% of security.

[Takumidesh]

Just now, empleat said:

if I can completely clear data in RAM between restarts that would be fine

 

If your concern is that there is a virus in the non-volatile storage and you plan on transferring that storage to another computer, why are you even concerned with the ram in the slightest

8 minutes ago, empleat said:

But I will connect hdd, i didn't know what you are talking about. Anyways I will try power drain, or memtest for piece of mind or wait like 15 minutes, even it is inprobable IK, thanks for answers.

the virus (if it existed) would be on the hard drive anyway.

[ImorallySourcedElectrons]

The only sure-fire ways I can think of are incredibly destructive.  But let's be blunt, how do you realistically see this attack vector being used against you? The physical variants of this attack are pretty much only performed by state-level agencies and researchers in a lab, and the former would just go for the solution suggested in a particular xkcd comic.