Cold Boot Attacks on Disk Encryption
Ed Felten (via Drew Thaler):
Our results show that an attacker can cut power to the computer, then power it back up and boot a malicious operating system (from, say, a thumb drive) that copies the contents of memory. Having done that, the attacker can search through the captured memory contents, find any crypto keys that might be there, and use them to start decrypting hard disk contents.
Seems like the OS should secure-erase the RAM when the user isn’t around.