[jeffreyg]

I'm assuming he was mocking the ignorance of the article as it addressed live memory acquisition. The author jumped to something obscure (RAM freezing) when there are forensics tools (memorize, etc) that can be used to image memory on a running machine in hopes of getting a decryption key / other passwords.

[shabble]

There are other fun ways for your SWAT-team evidence seizure grunts to grab machines without powering them off, such as http://www.wiebetech.com/products/HotPlug.php -- a big UPS with connectors specially designed for vampire-tapping a live PSU lead.

[wmf]

Or even easier: if the encrypted drive is mounted, just use cp (or the overpriced forensic equivalent). Cold boot attacks are sci-fi.

[tjoff]

Are you guys saying that a person that use full disc encryption doesn't lock the computer when leaving it?

[DasIch]

Unless you are in the same room as the computer I'd consider it rather unlikely that you will be able to turn it off in case of a raid.

[IgorPartola]

There are lots of ways to overcome that as well. For one, you could set up your computer such that if you don't enter some key combination every minute it shuts down. Or you could set up a tricky kernel that does not allow opening/cp'ing certain files and if you try, triggers a shutdown. Or you could have speech recognition running, and as soon as you utter a certain phrase near your machine, it shuts down.

The point is that inaction or inadvertent action by the law enforcement may trigger an action on the machine. Such digital landmines could be made so unpredictable that there would be virtually no way to extract the data on site reliably.

In general, there is no solution to this problem. The person protecting their data will always be able to surprise the person that's trying to extract it. Furthermore, no government can control "manufacture" of encryption, the way that it can control manufacture of physical goods. It could mandate that a backdoor must be provided, or that you need to escrow your decryption key such that it could get at your data, but let's face it: people that do have something sinister to hide will not care much for this regulation anyways.

[marshray]

Plug in a USB device that feeds Windows a signed device driver.