Protected Memory?

In the old days, BIOSes used to (indirectly) guard against this sort of attack.  Way back when, BIOSes used to do a Power On Self Test (POST) that tested various parts of the system (processor, RAM, etc).  The test patterns written to RAM would effectively scrub it.

As the years went by, people wanted faster boot times, so the amount of "testing" during POST has been trimmed down.  These days, a pretty severely broken system can still boot past POST.  Any kind of serious memory testing has been omitted from the default startup sequence.  Most BIOSes still have a menu option to enable some memory testing (Quick Boot, Extended Memory Testing, Test Memory Above 1MB, etc).

Some BIOSes can (and still do) have code in them that can foil such attacks:  RAM size detection.  During startup, BIOSes used to automatically figure out the size of the attached memory modules by writing special patterns into memory, checking for repeats, and used this to determine rows/columns, etc.  This has the side-effect of clobbering anything left over in memory.  It wasn't foolproof though.  The algorthim didn't always crush every byte in memory.  And it was also usually skipped during a warm reboot.  (Most of the older Award BIOSes use this memory-sizing method.)

In newer systems, there is a more standardized way of determining the memory module size/speed.  It is called Serial Presence Detect (SPD).  Basically, there is a tiny (~128byte) EEPROM on each memory module that specifies the brand/size/speed of the memory module.  The BIOS reads the SPD EEPROMs on each modules to figure out the BIOS size.  This eliminates the need to write to memory (bye-bye to the scrubbing effect).  Most modern AMI and Phoneix BIOSes use this method.

For reference, we added added a "RAM Scrub" option to a BIOS for one of our products.  It added ~8 seconds to the boot time to do a one-pass scrub 512MB of memory.  Obviously more RAM would take longer to scrub.

Unfortunately, the BIOS scrubber doesn't guard against the attack of someone yanking power from the system and pulling out the memory modules.  The attacker could then insert the modules into a non-scrubbing motherboard and read the RAM contents.  If they were really clever, the could have some custom hardware to read it with zero BIOS interaction (FPGA or specialized procesor board with a DIMM socket).  There are some primitive ways to guard against this, though (e.g. Epoxy the memory modules in place). 

~8 seconds was for 512MB of DDR memory at 333MHz.  Of course faster memory would go quicker, but its still going to take at least a few seconds on machine with "normal" quantities of RAM.  For maximum security, the scrub operation should be executed very early in POST (immediately after the memory controller was initializated), and before the processor L1/L2 caches are online, so it goes pretty slow.  Even with caching enabled, the scrub is one of the most cache-unfriendly memory operations you can do.  (Besides, the processor caching undermines some of the security aspect.)

Triggering the scrub on a temperature change isn't bulletproof.  The attacker can yank the power and then hit it with the freeze spray.

You could probably rig something up that does a scrub on a sudden temperature change, but it's non-trivial.  Most temperature monitoring chips have an "alarm" pin for when the thermal values exceed certain thresholds.  You could use this to trigger a System Management Interrupt. The SMI handler could contain the scrub routine.  Unfortunately, "rate of change" is usually not an alertable condition.  You'd need to have a timer-driven SMI routine to "tune" itself to the average operating temperature of the DIMMs.  I think there are also some issues with trying to get the SMI routines to manipulate memory outside of their address space.

All of this requires a custom BIOS (source code access, not "hax0rs" who found a copy of CBROM).  And probably custom hardware too (unless you can find a motherboard that happens to have the signals hooked up exactly as you want).

I neglected to mention one other option:  Surface-mounted memory, no DIMMs.  In a system with BGA memory chips mounted to the board, it is pretty much impossible to remove them without damaging them.  (Unless you hit them with a heat gun, which would probably wipe the chip anyway.)

[Our systems have the memory chips mounted directly to the board for shock/vibration issues.  The fact it guards against this attack is just a bonus.]

For more traditional PC hardware, a tamper-proof case coupled with a scrubbing BIOS will do a lot to mitigate the problem.

Spider Clips and a Logic Analyzer will let you listen in on memory transactions that are happening (e.g the OS reads something from memory, or writes something to memory).  You wouldn't be able to see any memory accesses that are serviced by the CPU cache, though.

Also, you wouldn't be able to arbitrarily read/write locations in memory.  You wouldn't be able to generate your own memory clocks/commands.  If you did, you would contend with the signals coming from the northbridge memory controller, and probably end up corrupting RAM contents (system crash).  This would prevent you from doing a full dump of memory.

That said, just listening to the memory transactions may be sufficient.  If the goal is to listen for an encryption key, it's bound to be in the datastream somewhere.  You just have to be listening at the right time.  If the key is frequently accessed, it's probably in the CPU cache, and therefore you wouldn't see it.  If you have the clips attached when the program starts up, you should be able to get it though.

Spider Clips would be tricky to attach to a running laptop with an SO-DIMM (half the signals are on the underside of the module).  You could probably do it with a steady hand.

"Whether the DIMMs are epoxied to the sockets or whether they are soldered in makes no difference. You can create a multi-pronged soldering tip that desolders all of the pins at the same time after freezing the memory.Then reattach it to a waiting socket that will accept the pins."

Not if the memory chips are BGA.  (Note that I explicitly said BGA.)  BGA components don't have exposed pins.  You can't use a soldering iron to get at it.  You need a heat gun or a reflow oven.

http://en.wikipedia.org/wiki/Ball_grid_array

(BTW, just to be clear, I'm talking about the memory chips themselves soldered to the board, no DIMM at all.)