any way to wipe RAM completely after exiting an Ubuntu live CD (or any other liveCD)?

Discussion in 'privacy problems' started by qwsazx, Dec 29, 2012.

Thread Status:
Not open for further replies.
  1. qwsazx

    qwsazx Registered Member

    Dec 29, 2012
    The only one I've seen that is able to do this is TAILS, as described here:

    However, this seems terribly difficult and complicated. Is there an easier, more straight forward way? (for a 32 bit system, hopefully using ubuntu as the live cd of choice. I want to create a custom, secure live cd, perhaps using something simple like remastersys.)
  2. badkins79

    badkins79 Registered Member

    Dec 23, 2011
    The ubuntu cds usually come with a memory tester. They simply write all kinds of junk all through the ram to test that it holds the data correctly. I would think a few minutes of that would get the job done.

    It doesn't "wipe" the RAM, but it does overwrite everything with garbage so the end result is the same.
  3. lotuseclat79

    lotuseclat79 Registered Member

    Jun 16, 2005
    Hi qwsazx,

    Yes, it is possible. I have experimented with this feature.

    TAILS uses the sdmem commands package to wipe RAM. You need to investigate the actual commands used when the system is shutdown (TAILS), and then find the corresponding shutdown sequence in Ubuntu Live CD/USB .ISO file. Essentially, you need to modify the /etc/init.d/halt POSIX script command by inserting the command that overwrites RAM before the actual halt. The simplest thing to do when investigating TAILS is to find the text that TAILS spills out which indicates it is now ok to remove the Live CD/USB media - which is just before the point in its code where it launches the RAM wipe command.

    With enough disk space used as a sandbox for development, you can unwind whichever .ISO (into its component parts) you want to start, but you must have a suite of developer package tools installed to aid you in its reconstruction after you have chrooted the sandbox and made your changes in order to reconstruct a new .ISO file with the changes you desire, and rebuilt the .ISO.

    Search for web articles relating to: Building-Your-Own-Live-CD, Build-Ubuntu-LiveCD-From-Scratch-With-Live-Helper, howto-customize-an-Ubuntu-Live-CD, LiveCDCustomizationFromScratch. When you search for these article replace the "-" character with a space, and where the lack of a space character exists in the last one listed - insert a space character between words. Those article names are just the file names I have used to save them with a .txt suffix.

    I have asked the author of remastersys in the past if remastersys could be modified to do what you intend, and his answer was that you would need roughly 12GB of disk space to do the job. Approximately, less than 1/4 that according to my experiments as I recall.

    I normally use an Ubuntu Live USB without those changes (but, with my own customized setup), since it is simply not necessary after I turn off the power to my computer and I am not paranoid about it.

    -- Tom
  4. TheWindBringeth

    TheWindBringeth Registered Member

    Feb 29, 2012
    FWIW, there was an article here, not that long ago, about some European possibly Italian researcher and the text seemed to suggest that certain brands of computers don't power down RAM in states where that would be expected. Said computers retaining potentially sensitive information in RAM unless you completely remove power (AC disconnect, perhaps even battery disconnect in some cases shrug). Interested parties might want to try to find that article and/or look into testing their systems.

    FWIW2, this thread caused me to search for a couple of things. One page I stumbled across backed up to:

    sdmem does not clear all memory
    Last edited Thu 20 Dec 2012 09:34:02 AM CET
  5. genieautravail

    genieautravail Registered Member

    May 6, 2012
    Do you have tried PrivaZer?

    It seems to have an option for cleaning memory...

    Page 20 of the manual:

    PrivaZer detects potential traces in RAM, Pagefile.sys and Hiberfil.sys.
    When you close a program, traces may still exist in RAM, PrivaZer cleans up and resets to zero the RAM free space overriding residual traces.
    The Pagefile.sys may also contain traces of your activities. The Pagefile.sys needs to be cleaned at computer shutdown.
    When computer hibernates, memory is copied into Hiberfil.sys. PrivaZer checks that Hiberfil.sys is actually reset to zero by the system. If not PrivaZer overwrites it with zeros during cleanup process.

    The manual can be downloaded from this link:
  6. guest

    guest Guest

    seems to me a simple power off cycle would wipe the ramo_O
  7. RejZoR

    RejZoR Registered Member

    May 31, 2004
    Turn system off, flip the switch at the back to 0 (zero) and press the ON button in the front. This will discharge the capacitors and effectively clear the RAM. I don't think anyone needs more than this...
  8. TheWindBringeth

    TheWindBringeth Registered Member

    Feb 29, 2012
    Arguably, a computing device for processing sensitive information should have a feature which when enabled will cause the system to automatically wipe/lose "residual sensitive information" (RAM, peripheral cache/buffers, device registers, etc) when the system is no longer in its operational state. This is actually a firm requirement for certain types of equipment and gets tricky. For everyday computing devices, a mere best effort approach might be reasonable and is certainly better than nothing. In which case, if the software can't count on hardware cooperation, the software should do the wiping. IOW, if you can eliminate the need for a human (who may or may not be involved or still present) to do something special (physically severing power to the device) you should.
  9. x942

    x942 Guest

    I haven't looked at the sources to much but apparently if your computer has DDR3 RAM you don't have to worry.

  10. ArchMage

    ArchMage Registered Member

    Feb 4, 2013
    Ya turn computer off then back on duh....:cautious:
Thread Status:
Not open for further replies.