Prosecution based on memory forensics

freejack at freejack at
Thu Jan 13 11:22:29 CET 2011

> When you close a laptop, Windows (or Mac OS X, or Linux, or what-have-you)
> takes a snapshot of memory contents and writes it to disk.  This can be a
> really big problem, since encryption keys, passphrases, and so forth are
> written out in the process.  For instance, if you have gpg-agent set up to
> cache your passphrase, your passphrase will probably be written to the
> hibernation file, unless the GnuPG devs have taken heroic measures to
> prevent this. 

This is an OS feature, not a hardware feature. Turn off hibernation. Encrypt
your swap file(s) or for Windows, go to system options and turn off swap and
reboot in safe mode, defrag your disk and delete any remaining swap file.
Better yet, uninstall Windows and set up a nice Linux or BSD! Encrypted swap
on Linux and BSD is trivial to set up and works a treat!

P.S. Robert, how about trimming your line lengths!

More information about the Gnupg-users mailing list