While using a computer, all the data manipulated is written temporarily in [[!wikipedia Random-access_memory desc="RAM"]]: texts, saved files, but also passwords andencryption keys. The more recent the activity, the more likely it is for the data to still be in RAM.
Moreover, an attacker having physical access to the computer *while Tailsis running* can recover data from RAM as well. To avoid that, learn the different methods to [[shutdown Tails|doc/first_steps/shutdown]] rapidly.