A cold boot, also called a cold start or hard boot, is a method of starting a computer in which the machine begins powering down or a specific function is sent to the computer’s processor that triggers a restart. In a normal cold boot process, the computer executes a small program. This process triggers another program to start, which loads the operating system. A cold boot attack is a computer boot-based hacking attack.
The term ‘boot’ is short for ‘bootstrap load,’ a very old computing term. The original term drew on the phrase, ‘pulled up by his own bootstraps.’ In the non-computing phrase, a person was self-sufficient enough to pull himself off the ground by pulling on the loops on the back of a pair of cowboy boots. In computing, the computer was self-sufficient enough that, once a sequence was initiated, it was able to load its own operating system. Eventually, the term was shortened down to simply ‘boot load’ or ‘booting.’
When a computer cold boots, it runs through a series of predefined steps that culminate in loading the operating system. Generally, the first steps are executed by the computer's basic input/output system (BIOS) when it performs hardware self-tests, locates the boot drive and then executes the boot loader program. The boot loader continues the start-up process by actually loading the operating system. Some systems have one or two additional steps, such as a second stage boot loader or additional hardware step, but this is still the basic process.
Most cold boots involve a user pushing the power button on a computer, but this isn’t the only method. It is also possible to send a specific type of restart signal to the computer’s processor. This signal circumvents all shutdown and caching procedures and restarts the computer as though it was powered off. While this may seem to the user like a random computer restart, it is actually a rare occurrence and may signal an attempted cold boot attack.
In a cold boot attack, a hacker sends a reset signal to a powered-up computer. This will reset the machine, bypassing normal shutdown processes. One of these processes is clearing information from the computer’s memory. If the memory in the restarted computer is read quickly enough, the hacker may be able to gain information that would have been locked out on the previous boot. Common goals of a cold boot attack are log-in information and computer encryption keys.