Recover the prior contents of RAM from a turned-off PC?
There is an element of truth to this one - an attack was discovered which took advantage of data remanence in RAM, allowing an attacker to grab data from the RAM in a machine. There was a very short timeframe (a matter of seconds or minutes) in which to do this, but it wasn't a hack of the PC as such.
Simple Wikipedia link to Cold Boot Attack here
And the McGrew link here giving more detail
Yes, but the term 'turned-off' may be confusing.
A computer require power to run, this you know. A PC is powered from the wall in AC (alternating current) but computer parts require DC (Dirrect Current). Inside the desktop PC is a power supply unit that converts AC to DC. As long as the desktop PC is plugged into the wall it always recieves AC power.
In the early days a PC had a 'AT' power supply with a switch on the front. The 'AT' type power supply had a push button switch that stoped the DC power. The problem with this was that users would turn off the computer while it was writing to the hard drive. Turning off the power during hard drive write would cause the hard drive to become corrupted.
So, the next itteration of PC design had an ATX power supply. In this design the power supply connected to the motherboard and the switch on the front of the PC was connected to the motherboard. For the ATX design pushing the off switch sends a signal to the motherboard, the Operating System reads the signal on the motherboard and sends a signal to the power supply.
The power supply has multiple DC outputs. The hard drive (and floppy) used 12 Volts. The CPU took 5 Volts and later 3.3 Volts. The different voltages are independent, so different parts of the computer may be switched of while other parts are on.
When you press the power button on the fron of the PC or select turn-off from the Operating System, there are always at least one or two powered components. At very least the circuit on the motherboard that receives the power button signal and relays it to the power supply must be powered and is as long as the PC is plugged into the wall.
The component in question is the RAM (actually DRAM), and it is not easy to tell if the power to the RAM is off or what method of turning the computer off will stop the supply of power to the RAM.
The only way to be absolutly sure there is no power to the RAM is to disconnect the PC from the wall.
As long as power is supplied to the RAM the RAM will retain the contents of whatever was last in it.
When RAM is removed from power the conents begin to decay and at some point become unreadable. Temperature has a impact on how quickly the data in the RAM decays. Lowering the temperature will slow the decay of the data. A simple “canned air” duster turned upside down will allow an attacker to cool the RAM down to a temperature that allows them to reboot the machine with a custom Operating System designed to extract the contents of RAM.
This attack requires only a bootable CD/DVD or USB Flash Drive and a canned air duster.
The RAM in a PC is DRAM: each bit is stored in what amounts to a very small capacitor, which leaks. Which is why DRAM must be "refreshed" regularly. Typical DRAM is guaranteed to hold a given bit for at least 64 ms, but, in practice, a given bit may linger for longer times, up to several minutes, depending notably on temperature.
See the bottom of the Wikipedia page for details.
Also, many machines (desktops and laptops) have a "sleep mode" in which the CPU is off but the RAM is still powered; this is the mode from which the machine can be "awakened" without going through the whole boot procedure. It seems that real shutdowns have become a rarity nowadays. In such a mode, RAM contents are, by definition, preserved, hence extending the "several minutes" above to arbitrary durations.