After a computer is powered off, the data in RAM disappears rapidly, but it can remain in RAM up to several minutes after shutdown. An attacker having access to a computer before the data in RAM disappears completely could recover important data from your session.
This can be achieved using a technique called [[!wikipedia cold boot attack]]. To prevent such attacks, the data in RAM is overwritten by random data when you shut down Tails.
<p>In a <a href="https://www.forensicfocus.com/stable/wp-content/uploads/2011/08/cold_boot_attack_for_forensiscs1.pdf">research report from 2011</a>, Defense Research and Development Canada concluded that cold boot attacks can be useful in some cases to acquire data in memory but are not a panacea and have many drawbacks dictated by the laws of physics, which cannot be overcome by the technique. The authors recommend to only use cold boot attacks as a last resort when all other avenues have been exhausted.</p>
<p>See how we implement this [[memory erasure|contribute/design/memory_erasure]], for example, if you want to implement this feature outside of Tails.</p>