The technology regarding RAM isn't a consistent exploit. Assuming there is a viable internet connection preconfigured and linked to the target terminal, this particular type of RAM exploit may be utalized without leaving a signature decscrpency. It is basically a toggle for the RAM already installed. I've seen it before if it is something you'd consider using SHA signatures to identify.