I just asked myself if the content of my RAM is kept when I shut down the OS but the PC is still running. For example when I do apply updates they sometimes require a reboot. Is the informaiton that is stored in the RAM kept after the reboot?
1 Answers
Main RAM is DRAM: it keeps its contents as long as it is regularly refreshed, and the refresh is done automatically by the hardware. Thus, as first-level approximation, RAM contents are preserved across a reboot.
However, there are various ways by which the RAM contents from before the reboot may not live long:
During a reboot, control is passed to the BIOS. The BIOS may perform a quick on-boot "RAM test" which involves writing and re-reading the complete RAM contents. Whether the BIOS does that depends on both its brand, and its configuration. If it does, then the data contents are lost.
The OS, right after boot, considers that the previous RAM contents, if any, are to be ignored. From its point of view, the RAM is "free", and the OS will begin to use the RAM for its own usages. In particular, RAM will be used as a cache for disk access, so all bytes read from disk after boot will go through RAM until it is filled up. Such RAM usage, mechanically, destroys the information which was there before.
In any case, when an application asks the OS to provide some RAM, the OS takes care to zeroize the contents of that RAM. Even if old data lingers from the previous boot, applications won't see it. If you want to inspect scraps of data from before the last boot, you will need to do it with some kernel-level tricks.
In other words, previous RAM contents may linger, but the whole of the system is designed to ignore such data, so you won't easily observe it.
When DRAM ceases to be refreshed, in particular when it is unpowered, it loses its contents in a matter of seconds or, at most, minutes (this depends a lot on the chip details and the temperature; see this answer for some pointers on that subject).
Cold boot attacks are attacks that try to plunder data from RAM after a power-down or reboot. The attacker tries not to let the normal OS boot up, as this process will necessarily use a substantial amount of RAM and thereby destroy its previous contents.
-
Note that ECC RAM will always be wiped (initialized) by the BIOS. – forest Nov 02 '18 at 02:43