A
cold boot attack physically freezes RAM chips to preserve contents after power off, then reads the memory — potentially extracting full disk encryption keys.
Demonstrates that RAM persists briefly after power off. Countermeasures: pre-boot authentication, memory encryption (AMD SME/SEV), clearing RAM on shutdown. BitLocker's startup PIN prevents this.