This is some interesting research from the folks at Princeton in which they show that DRAM retains data after the computer has been powered off. Taking advantage of this, and the fact that disk encryption key is stored in memory, they can plugin a usb drive while your computer is on (even in locked or sleep mode), boot their OS stored in the usb drive, dump your memory, and steal your disk encryption key which resides on DRAM.
This attack is hard to defend in the sense that it takes advantage of a physical characteristic of DRAM: the content is not erased immediately after the memory chip is powered off. You can not rely on the OS to do the erasing job because the attacker can turn off the machine by unplugging power cable. Also, the disk encryption key must reside in memory in order to be used.
The best defense mechanism that I can think of now is to store disk encryption key in a memory location which will be erased right after the machine is booted up... some location that will be used temporary by BIOS for example.
