jump to navigation

Multiple Linux distros on one usb drive: Msramdmp 6 September, 2008

Posted by aronzak in Live Usb.
Tags: ,
trackback

A few students from Princeton published a paper that outlined how you could potentially attack a compouter, taking encryption keys using a ‘cold boot’ attack. The underlying principle is that information stays in the ram after a computer has been turned off. If this is cooled down to -50 degrees C then information stays in the ram for longer.

Msramdmp is created by Mcgrew Security to mimic the Princeton method. It boots up, and starts copying information from the ram onto a partition of a usb stick. This tool could potentially be used to recover information from a computer.

Howto:

1. Download the tool here and extract it to a usb stick.

2. Use cfdisk or some other tool to create a partition type 40 on the drive. The partition should ideally be larger than the size of the ram. (The tool does not actually use type 40 Venix 80286 filesystem, it just marks the partition as such). You may have more success if you clear out the drive with dd if=/dev/zero /<usb drive>

3. Boot up the drive and type msramdmp (if msramdmp.c32 is on the root of the drive). The tool will copy information to a type 40 partition and change it to a type 41 partition (PPC PReP Boot)

About these ads

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: