I'm familiar with the concept of cold boot attacks on laptop and desktop computers, where the goal is to find hidden encryption keys in the memory. I also think it's done on certain mobile phones. I also know it's hard to do, and some products like VeraCrypt now encrypt keys in memory in order to mitigate this attack.
I'm wondering, would this kind of attack also work on a NAS unit where the user uses volume or folder/file encryption? As far as I know QNAP offers volume encryption on NAS units, and Synology offers File/Folder based encryption. I assume that in order to work the encryption key to these volumes or folders/files has to remain in memory while the volume/folder/file is open for access.
My questions:
Does that mean that the keys are kept in the NAS units memory, and thus also are retrievable by an attacker with physical access? If so, would it be natural to assume that the keys remain in the memory even after the volume/file/folder is dismounted/locked, until the unit reboots or the memory is overwritten with new data?
