使用電腦時,所有的資料操作會暫時地寫在RAM: 含文檔、已儲存的檔案以及密碼與加密密鑰等。有更多近期活動,RAM 更可能將這些資料仍暫時儲存起來。

After a computer is powered off, the data in RAM disappears rapidly, but it can remain in RAM up to several minutes after shutdown. An attacker having access to a computer before the data in RAM disappears completely could recover important data from your session.

這種技術稱之為cold boot attack 。為防止這類攻擊,當關閉 Tails 利用隨機資料來覆寫 RAM 資料。它可以清除 使用電腦期間留下的記錄。

再者,攻擊者若能當 Tails 正在運行時 實地接近電腦,也可以從 RAM 來回復資料。要避免此情況,學習可快速 關閉 Tails的各種方式。

As far as we know, cold boot attacks are not a common procedure for data recovery.

In a research report from 2011, Defense Research and Development Canada concluded that cold boot attacks can be useful in some cases to acquire data in memory but are not a panacea and have many drawbacks dictated by the laws of physics, which cannot be overcome by the technique. The authors recommend to only use cold boot attacks as a last resort when all other avenues have been exhausted.