[ale] Letter of Volatility

Leam Hall leamhall at gmail.com
Wed Jan 29 16:12:48 EST 2014 

In general any storage device that enters an area for classified 
information cannot be removed intact. Even in non-classified 
environments some government agencies retain the ram, cmos, disk 
controller ram, hard drives, etc. Most of then are physically reduced 
beyond use.

The customer should have a disposal policy.



On 01/29/2014 02:19 PM, Greg Clifton wrote:
> Thanks, Jim. I pretty much figured that the keep alive time would be
> pretty short for SDRAM. But you know how anal the government-types can
> be sometimes [always?]. The facts don't matter so much as the
> DOCUMENTATION of the facts. Isn't that why the govt. uses RHEL instead
> of CENTOS? I.e., if you did all the same hardening procedures to a
> CENTOS box that you did to a RHEL box they would be equally secure, but
> the CENTOS box would not be CERTIFIED, correct?
>
> Would it be possible for a bot/virus/trojan to be loaded into BIOS that
> could then grab info when the system is up and running? If it is
> possible, they will be concerned about that and it will need to be
> addressed in the LoV letter.
>
>
> On Wed, Jan 29, 2014 at 1:57 PM, Jim Lynch
> <ale_nospam at fayettedigital.com <mailto:ale_nospam at fayettedigital.com>>
> wrote:
>
>     On 01/29/2014 01:13 PM, Greg Clifton wrote:
>>     Maybe this is Off Topic, but it is computer related. So here is
>>     the deal, I have a RFQ to quote on some computers to go into a
>>     classified application and the customer wants a Letter of
>>     Volatility. Now, obviously, the mass storage will be removable,
>>     but they are concerned about any memory in the system. I take this
>>     to include both volatile SDRAM (DDR3) and any non-volatile memory
>>     such as the CMOS for the BIOS (is it possible that some bot could
>>     be lurking there that could grab data and send it out when the
>>     computer is turned on?).
>>
>>     My question is basically, how long does DDR3 maintain any
>>     recoverable data once the power is turned off. I would assume that
>>     power should be totally removed (as in unplugged from the wall) so
>>     that there is not even 5V standby power, no?
>>
>>     Comments and especially links to solid information would be
>>     appreciated.
>>
>>     Thanks in advance,
>>     Greg Clifton
>>
>>
>     Dynamic memory is volatile.  I suspect the data remains for a period
>     of time measured in milliseconds.  Not nearly enough time to unplug
>     and get it to another system.  Unless of course you buy non-volatile
>     DDR memory.
>
>     One reference:
>     http://en.wikipedia.org/wiki/Dynamic_random-access_memory
>
>     _______________________________________________
>     Ale mailing list
>     Ale at ale.org <mailto:Ale at ale.org>
>     http://mail.ale.org/mailman/listinfo/ale
>     See JOBS, ANNOUNCE and SCHOOLS lists at
>     http://mail.ale.org/mailman/listinfo
>
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

-- 
http://31challenge.net
http://31challenge.net/insight

More information about the Ale mailing list