Memory as a data risk?

In our company – I work in the IT department – not only the hard drives/SSDs of decommissioned computers are destroyed, but also the main memory. I know that RAM is volatile memory. So how can discarded RAM become a security risk?

The RAM chips themselves do not store any data without power; one also speaks of Dynamic Random Access Memory (DRAM) because the content of each memory cell has to be “dynamically” refreshed every few microseconds. A memory module (Dual Inline Memory Module, DIMM) not only contains DRAM memory chips, but also a so-called Serial Presence Detect (SPD-)EEPROM, which (via the I2C interface) is connected to the System Management Bus (SMBus) of the mainboard connected is.

The SPD-EEPROM essentially contains a “digital data sheet” of the DIMM so that the motherboard BIOS can properly configure the memory controller. In principle, however, you could write a few (kilo)bytes of information into the SPD-EEPROM, which would then be stored permanently. However, the SPD EEPROMs are typically write-protected.

The Thaiphoon Burner software is said to be able to write the SPD-EEPROM of many modules, the DDR4 XMP Editor tool at least memory modules with Extended Memory Profiles (XMP) – which, however, should not be found in normal office computers. If such software was used on the computer, it cannot be ruled out that data will also be retained without electricity.

Some servers also contain non-volatile DIMMs (NVDIMMs), which, in addition to volatile DDR SDRAM memory chips, also have non-volatile memory such as NAND flash chips.