Re: Are computer forensics people as stupid as they seem?


Caldera wrote:
On 9-Jun-2007, More FUD from Cyberiade <bull***@xxxxxxxxxxxxxx> wrote:

On Jun 9, 2:30 pm, Nomen Nescio <nob...@xxxxxxxxx> wrote:
More FUD from Cyberiade <bulls...@xxxxxxxxxxxxxx> wrote:

You're saying you could go to jail for using DBAN?

Don't be so thick. Nobody said anything of the sort. They said if push
comes to shove and your idiotic "undetectable encryption" is actually
put to the test it doesn't *matter* if the data is DBAN, TC, or hand
written. They already know you're dirty, and have a good idea of
exactly how dirty you are.

Of that, we're in total agreement. I never said otherwise. And I'm not
the thick one. I said it was undetectable that it was crypto. I didn't
say they wouldn't strongly suspect it was anyway. There's a
difference, and I never crossed over and said you wouldn't go to jail
anyway. I just said you can't detect that it's crypto. Don't put words
in my mouth. Everyone still knows the risks if you cross the wrong
peopls.

Once again, you seem to be missing the crucial point: if my need/desire to
bury my data is so great then it's fair to assume that I fear 'cross[ing]
the wrong people'. If that happens, then I won't want to have entrusted my
data to a scheme that, in the nature of its implementation, appears far more
likely to harbour a hidden OS in its skirts than to exist for whatever lame
PD excuse I can dredge up for it. Whether or not it is 'undetectable that
it [is] crypto' is irrelevant as the likelihood that it *is* crypto is too
strong and the consequences for me will be no different from those that
would ensue in the event of my refusal to give up a key for a known
encrypted device/volume/file or what have you. Ouch.


Far more likely to harbor a hidden OS? How would you know? I haven't
revealed anything. Again, we are terminally stuck on step 1. Can
encrypted data look like wiped data? I have defended the position that
it can if you do it correctly. I've been attacked on this position. If
we can't agree on step 1, then step 2 is pointless. I cannot reveal
step 2 until the premise is accepted. Until I reveal anything
substantial, you cannot know it appears more likely to harbor a hidden
OS.



Telling your interrogators the random bits
on your drive are just wiped space will get you laughed at, and in some
places jailed for trying to obstruct justice or whatever.

Maybe. But in those cases, you're probably screwed no matter what you
do. There's no point in resisting, you'll go to jail no matter what.

'Those cases' probably obtain in most countries. So even if we use your
system we're still screwed nomatter what? That's hardly an advance on any
existing scheme that I could download & install today then, is it?

Uhmm. Again, you would need some kind of evidence to back this up. Do
you have any idea how many people use DBAN. I've never heard of anyone
going to jail for this. I'm not saying it couldn't happen, but I've
never heard of it. If it looks exactly like a DBAN'd drive that's now
in use again, I think you're in pretty good shape (in most countries).
Sorry, but if people were going to jail for DBAN'd drives, you should
be able to site something where the guy just claimed the drive was
wiped, and he went to jail anyway. And again, you can do this without
a stale OS. If you're genuinely interested in what I (and other
people) might be doing, you should consider telling your cohorts not
to stomp on people right out of the gate.

Again, look at the first post from Cyberiade. I want you to genuinely
address me on this issue. Who would respond in any productive way
after they're spoken to like that? There may be some genuinely smart
and creative people out there that don't like being treated like
garbage.

Can you understand that?


I'm very aware of these situations. But this solution is better than
clearly having FDE and not handing over the password(s) to both your
primary and hidden OS.

If your predicament is serious enough and your data is important enough I
would suggest there's effectively no difference, as I outlined above.

True. But it would have to be very serious. Like terrorism, etc. And
even if your hard drive didn't look like it was DBAN'd, you might
still be in the same predicament. You're stating the obvious. If it's
serious enough to be sent to Guantanamo, nothing will save your ass.


If my scheme is considered obstruction in 10%
of cases, then this is considered obstruction in 90% of cases. You
know that. You're basically saying don't do anything to piss anyone
off because there's nothing that can help you, because you know what
I'm saying is much more likely to not be detected/proved than
otherwise.

That would be impossible to know because, as has been repeated ad nauseam,
no-one has any good idea about your scheme as you refuse to back up your
claims with any evidence we could use to assess it.

And as I've repeated ad nauseum, don't treat me like a pile of heaving
garbage just because I've expressed an opinion. I don't know how else
to say it. You don't catch flies with a sledge hammer. I never
intended to release anything, but I would have if someone had
expressed a genuine interest, instead of kicking me in the nuts.


And even if it is detected, you're just guilty of using
crypto, the same as you were if you did nothing to hide the fact.

In your zeal to try to find holes in what I'm saying, you've lost site
of the big picture. Nowhere is hiding the fact that you use crypto a
bigger crime than using crypto and refusing to hand over your
password. It's just that simple. If it's unprovable that it's crypto
but still suspected, you're still in a much better position than if
they know you're using crypto but they don't get their passwords.

Why do I always get a sinking feeling when I hear the words 'it's just that
simple'? This may be the root of your problem.

I don't know. Some things are simple.



That's what's most amusing about this whole thing. Whether it works or
not, it accomplishes absolutely nothing at all above and beyond what
standard encryption accomplishes.

Not correct. If you knew how standard forensics tools worked and the
people that look at hard drives, you'd know it stands an excellent
chance of working, hence the title of my thread. Read up on the
standard techniques of forensics people. You'll see this would not be
looked at at all in the US. And what are they gonna do, take to court
a bunch of random appearing data with no indication of what produced
(with a functioning OS and partitions that occupy the entire drive)?
Maybe but very unlikely.

It's a matter of picking your poison, and I maintain this is the least
deadly of the poisons you have to choose from.

At the risk of being tiresomely repetitive, I wouldn't know because I have
no real idea of what your scheme is, or what it would look like to EnCase or
a forensic investigator as you've provided nothing more than hints and
unsubstantiated assertions to go on.


Caldera, can you look at it from my perspective for a second. We're on
the 94th post of a thread I didn't want to be in after the first 10.

I've been attacked in so many ways it's hard to count. And all of this
without having revealed anything. Nobody came up and said they were
interested, and wanted some info. Look at the first post by anyone
seeking any information. He more or less said, "Do you want me to
explain to you why you're an idiot?"

What do you want me to do? They refuse to accept the basic premise
that encrypted data can look like wiped data. If you refuse to accept
that premise, there's no point in continuing further.

Does this make sense to you? I don't respond to intimidation,
bullying, and name-calling. You don't get useful information when you
continue to brow beat a person. This thread has changed my opinion
dramatically about sharing information. I have no desire to convince
you that my technique works, but I'm not going to leave here and let
you guys jump all over me when I'm gone. I share information when I
genuinely like a person, and no one here except twosandals and Nemo
has been likable in any way, shape, or form. I offered to share it
with twosandals in my e-mail contacts with him.

Get it? If you want to try a different tactic than calling me a klutz,
I may be more inclined to share.

Are we done?

.

Quantcast