[ale] Letter of Volatility

Greg Clifton gccfof5 at gmail.com
Wed Jan 29 14:19:41 EST 2014 

Thanks, Jim. I pretty much figured that the keep alive time would be pretty
short for SDRAM. But you know how anal the government-types can be
sometimes [always?]. The facts don't matter so much as the DOCUMENTATION of
the facts. Isn't that why the govt. uses RHEL instead of CENTOS? I.e., if
you did all the same hardening procedures to a CENTOS box that you did to a
RHEL box they would be equally secure, but the CENTOS box would not be
CERTIFIED, correct?

Would it be possible for a bot/virus/trojan to be loaded into BIOS that
could then grab info when the system is up and running? If it is possible,
they will be concerned about that and it will need to be addressed in the
LoV letter.


On Wed, Jan 29, 2014 at 1:57 PM, Jim Lynch <ale_nospam at fayettedigital.com>wrote:

>  On 01/29/2014 01:13 PM, Greg Clifton wrote:
>
> Maybe this is Off Topic, but it is computer related. So here is the deal,
> I have a RFQ to quote on some computers to go into a classified application
> and the customer wants a Letter of Volatility. Now, obviously, the mass
> storage will be removable, but they are concerned about any memory in the
> system. I take this to include both volatile SDRAM (DDR3) and any
> non-volatile memory such as the CMOS for the BIOS (is it possible that some
> bot could be lurking there that could grab data and send it out when the
> computer is turned on?).
>
>  My question is basically, how long does DDR3 maintain any recoverable
> data once the power is turned off. I would assume that power should be
> totally removed (as in unplugged from the wall) so that there is not even
> 5V standby power, no?
>
>  Comments and especially links to solid information would be appreciated.
>
>  Thanks in advance,
> Greg Clifton
>
>
>  Dynamic memory is volatile.  I suspect the data remains for a period of
> time measured in milliseconds.  Not nearly enough time to unplug and get it
> to another system.  Unless of course you buy non-volatile DDR memory.
>
> One reference: http://en.wikipedia.org/wiki/Dynamic_random-access_memory
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140129/8899c3cf/attachment.html>

More information about the Ale mailing list