Re: Are computer forensics people as stupid as they seem?
- From: Cyberiade.it Anonymous Remailer <anonymous@xxxxxxxxxxxxxxxxxxxxx>
- Date: 6 Jun 2007 15:11:28 +0200
ass@xxxxxxxxxxxxxx wrote:
I've actually devised a system by which you can use OTFE without
anyone knowing it's actually being used. Meaning you have a fully
functional operating system and all the space on the drive is occupied
by benign unencrypted data. Yet the drive still harbors an encrypted
operating system and encrypted partitions that cannot be detected by
any forensic techniques. It's fairly trivial to set up. Gold star to
anyone who can tell me how to do this. I call it OTFE+.
You didn't do it. :)
It's a physical impossibility to store data of any type on a drive
outside the specifications of that drive. IOW, bits and bytes written
to a drive within the cyl/head/sectors/etc geometry of the drive
itself.
That being fact, any place you write your "hidden" encrypted data to
must be protected from being overwritten. The "unused" portions of the
drive (cluster slack?) must be locked, which means an easily detected
locking mechanism and/or "stale file syndrome". Or, your data is in
constant peril of being completely lost when a single bit of your
"hidden" content gets overwritten by normal, unencrypted operations
like booting the machine and generating a boot log. ;).
We've "been there discussed that" in this group several times now. The
consensus is that "stenographic" drive or volume encryption is mostly
snake oil in principal.
.
- Follow-Ups:
- References:
- Prev by Date: Information required about the sound masking industry
- Next by Date: Re: Are computer forensics people as stupid as they seem?
- Previous by thread: Re: Are computer forensics people as stupid as they seem?
- Next by thread: Re: Are computer forensics people as stupid as they seem?
- Index(es):
Relevant Pages
|
