Setup:
Pagefile.sys: The file that acts as an extension to physical memory.hiberfil.sys: Stores contents of RAM when system is in hibernation mode.swapfile.sys: The Swap Space. In other words, stores data from non active processes to optimise system performance.
The Attack? (Overly specific isn’t it):
- Boot off the computer. Info is thus stored in memory temporarily
- Boot with a different OS using a CD.
- Retrieve the files mentioned, as they likely have sensitive info.
Mitigation:
Encrypt your Hard Disk buddy.