Multiple Linux distros on one usb drive: Msramdmp 6 September, 2008Posted by aronzak in Live Usb.
Tags: cold boot, msramdmp
A few students from Princeton published a paper that outlined how you could potentially attack a compouter, taking encryption keys using a ‘cold boot’ attack. The underlying principle is that information stays in the ram after a computer has been turned off. If this is cooled down to -50 degrees C then information stays in the ram for longer.
Msramdmp is created by Mcgrew Security to mimic the Princeton method. It boots up, and starts copying information from the ram onto a partition of a usb stick. This tool could potentially be used to recover information from a computer.
1. Download the tool here and extract it to a usb stick.
2. Use cfdisk or some other tool to create a partition type 40 on the drive. The partition should ideally be larger than the size of the ram. (The tool does not actually use type 40 Venix 80286 filesystem, it just marks the partition as such). You may have more success if you clear out the drive with dd if=/dev/zero /<usb drive>
3. Boot up the drive and type msramdmp (if msramdmp.c32 is on the root of the drive). The tool will copy information to a type 40 partition and change it to a type 41 partition (PPC PReP Boot)