Good article and I think you are doing some very interesting research.<p>My problem with this type of research though is the amount of fear, uncertainty and doubt (FUD) it generates. Your attacks are viable if certain very precise conditions are in place i.e.:<p>[+] device has not been shut down for a period of time(you can probably advice what that is)
[+] the attacker knows and cares enough to try a cold boot attack and recover keys from the DRAM, and doesn't have any other easier options available to them to get the data
[+] they are able to take the memory out and store it in ultracool conditions
[+] the user has not applied another level of encryption on top for really sensitive files e.g. PGP file / email encryption<p>I mean if I was the US, Chinese, Russian governments or organized crime and wanted something on someone's laptop I would just kidnap them or hold their family hostage and ask for the password. Although Truecrypt hidden operating system was designed as some mitigation to this type of attack
I had a question on my blog: <a href="http://rakkhi.blogspot.com/2010/09/3-million-reasons-to-encrypt-your.html" rel="nofollow">http://rakkhi.blogspot.com/2010/09/3-million-reasons-to-encr...</a><p>Have you tried or are you aware of anyone sucessfully using a cold boot attack on Blackberry or other mobile phone memory to extract encryption keys?
loop-AES can apparently prevent this type of attack. See the paragraph about key scrubbing in their README file: <a href="http://loop-aes.sourceforge.net/loop-AES.README" rel="nofollow">http://loop-aes.sourceforge.net/loop-AES.README</a>
So it seems that the fix for losing data on hung PCs is similar to that for involuntary amputees: gather up the bits you need, shove them on ice and get yourself as quickly as possible to someone who knows what to do with them.