While reviewing a new Windows Server 2008 publication, The Complete Guide to Windows Server 2008, which is extremely good from what I’ve read so far, the author discusses physical security of machines and the use of BitLocker. While the book is on Windows Server 2008, there are references to Vista and how cold boot attacks can potentially defeat drive encryption software, not just Bitlocker, but any drive encryption by getting access to the machine at it’s physical memory.

To help explain this here is a short video that talks you through an attack and also demonstrates it.

Breaking disk encryption with ram dumps