Hi All,
Some of you may be familiar with the research paper put out last year by some Princeton researchers titled: "Lest We Remember: Cold-Boot Attacks on Encryption Keys." Presented at the 17th USENIX Security Symposium (Sec '08), San Jose, CA, July 2008.
In their paper Halderman, et al. present a method of preserving and capturing physical memory, then sample code for searching the resulting memory image for RSA or AES encryption keys. They furthermore extract the Microsoft Bit Locker keys (AES by default) from a demo system. The paper and original sample code can be found online at http://citp.princeton.edu/memory/
To show the power to Perl and ProScript the development team has put together two ProScripts ported from the sample code for AESKeyfinder and RSAKeyFinder. These scripts will identify possible RSA and AES keys from any memory key added to the current ProDiscover project. The scripts are attached.