Olle Segerdahl, F-Secure Pasi Saarinen, F-Secure A decade ago, academic researchers demonstrated how computer memory remanence could be used to defeat popular disk encryption systems[1]. Today, most seem to believe that these attacks are too impractical for real world use. Microsoft has played down the threat of memory remanence attacks against BitLocker using words such as "they are not possible using published techniques"[2]. We will show techniques that allow recovery of BitLocker encryption keys from RAM on most, if not all, currently available laptops and tablets. These techniques allow bypassing of security controls such as password protected BIOS configuration, UEFI-based Secure Boot and the TCG Platform Reset Attack Mitigation by directly manipulating the firmware storage device (EFI SPI flash chip). [1] https://www.usenix.org/legacy/event/sec08/tech/full_papers/halderman/halderman.pdf [2] https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/choose-the-right-bitlocker-countermeasure