So basically my computer is in deadlock, pressing caplock does not light up caplock led and nothing in the screen ever moves. So computer has frozen. In such case, would it be possible to obtain or recover memory data using some equipment?
Asked
Active
Viewed 673 times
2 Answers
2
Various ports and sockets on a computer have direct memory access, including FireWire, ExpressCard, Thunderbolt, PCI and PCI Express. It may be possible to dump memory contents to another computer via a connection to one of these and appropriate software.
However, the contents wouldn't be neat and directly usable. What is in RAM is not like what is stored in the file system on your hard disk, all nicely arranged in self-contained files and directories. It would be more akin to a low-level recovery of contents from hard disk platters.
fixer1234
- 28,064
1
There is another approach to trying to salvage memory contents. A study at Princeton found that RAM contents actually persist after the power is shut off for seconds to minutes at room temperature and longer if the chips are frozen. This has been exploited to recover encryption keys (see this and this), using a technique called a coldboot attack.
The Princeton article mentions the potential to acquire usable full-system memory images by this approach. The third link mentions recovering 8 to 16GB of data from a preceding boot, which could be any data on the deadlocked PC. Two methods are mentioned in these links. One is physically transferring the RAM to another computer. The other is creation of a USB tool that dumps memory to storage immediately upon rebooting.
Using DMA, as discussed elsewhere on this post, might be the first thing to try since it keeps the RAM refreshed. However, if you don't have access to the necessary equipment and software to do that, This approach might be worth exploring.
