RAM encryption increases protection against cold boot attacks and provides an obfuscation layer to render it considerably more complex to recover encryption master keys from memory dumps (Live & Offline Dumps). RAM encryption decreases the likelihood of master keys being present in RAM.

Hence, implementing RAM encryption is better than not implementing it at all. Nonetheless, there is no certainty that keys can never be located in RAM. In the absence of RAM encryption, locating and extracting master keys from memory dumps is comparatively straightforward.

As of v1.24, VeraCrypt will erase the encryption keys from RAM when the Windows system is shut down or rebooted to mitigate against some cold boot attacks.

Without RAM encryption, an attacker can utilize a cold boot attack to recover without difficulty a portion of the master key. Subsequently, the attacker may deploy brute force attacks to recover the remaining key. //

Bear in mind that VeraCrypt will disable Windows Hibernate and Windows Fast Startup features before activating RAM encryption.

Alternatively, you can right-click the VeraCrypt icon in the system tray, select “Preferences,” select “More Settings…,” click “Performance/Driver Configuration,” enable “Activate encryption of keys and passwords stored in RAM,” and click “OK” to save the configuration settings in the “VeraCrypt – Performance and Driver Options” window.