PC Client Work Group Platform Reset Attack Mitigation Specification, Version 1.0
When a platform reboots or shuts down, the contents of volatile memory (RAM) are not immediately lost. Without an electric charge to maintain the data in memory, the data will begin to decay. During this period, there is a short timeframe during which an attacker can turn off or reboot the platform, and quickly turn it back on to boot into a program that dumps the contents of memory. Encryption keys and other secrets can be easily compromised through this method.