Practical whole disk encryption, or, how to frustrate data forensics.

When you get right down to it, the best way for an attacker to get hold of your data is to shut the box down, pull the drive, and rip a sector-by-sector image to analyze offsite. It might not be quick (depending on the speed of the hard drive, speed of the storage drive, and a number of other factors) but if you're not there when it's done you might not know that it ever happened. However, if you encrypt data at the level of the drive, they can copy the drive all they want but they won't be able …

Read more...

Title restored - so how did I spent my weekend, anyway?

Unfortunately, I spent much of last Friday asleep, recovering after a routine filling went south and turned into an emergency root canal. I don't know what does it about the procedure, but it wipes me out completely - it might be the body reacting to having a part of it removed with what amounts to tiny drill bits, or it might be the knowledge of it. For all I know, it could be the aftereffects of multiple injections of local anesthetic that happens to contain epinephrine, which would logically bring about a fight-or-flight reaction as the syringe-loads naturally leaked into the …

Read more...

Portable power for search and seizure.

A major problem faced by data forensics professionals and law enforcement was how to confiscate computer systems without running the risk of damaging or losing access to information. It's all well and good if you seize a machine running full-disk encryption while it's online because, by definition, the disk is being transparently decrypted so that the machine can operate. Once you power it down, however, all bets are off because the machine won't boot back up without someone supplying a passphrase to the disk encryption system, and no one with anything shady in mind is going to give up their …

Read more...