[gambiting]

Well, in theory, let's say you've got a laptop encrypted with Truecrypt. You put it in sleep mode instead of switching it completely off or hibernating,because you are just nipping out for a coffee. An attacker could then steal it, lower its temperature(let's say they put it in a freezer for a while), and then extract - literally take out - the RAM from that machine and plug it into a specially prepared station which would then be used to extract the contents of that memory. In low temperatures, RAM data retention is measured in minutes, so all data you had in your system would be preserved, including the encryption key.

Unlikely? Quite, unless someone like NSA or FBI want your data. Possible? Yes, with the right resources.

[dobbsbob]

Cold boot attacks don't work on DDR3

[sigterm]

Why? Do you have any reference?

[nickles]

Here's a paper on the subject http://www1.cs.fau.de/filepool/projects/coldboot/fares_coldb...

[sigterm]

Note the comment at the end of the paper. The authors had not been able to do it successfully with their relatively simple methodology. Sure it is harder than DDR2 but this doesn't mean it is impossible. As pointed out by the authors, the failure can simply be due to the memory controller implementation (or DDR3 protocol itself) on their test setup. If this is the case, then all it takes is a custom memory controller that is optimized for this type of extraction.