[Full-disclosure] Disk wiping -- An alternate approach?
Thor (Hammer of God)
Thor at hammerofgod.com
Wed Jan 27 17:31:08 GMT 2010
This topic has pretty much run its course. You shared what you thought was an interesting idea, and most of the responses have been along the lines of "interesting, but it does nothing to support your goal." You are free to hold onto your ideas, but there is no reason to continue to try to make others agree with you. I run into this all the time - one should just speak one's mind and move on. You've spoken your mind, now move on ;)
Your pretense of "without much analysis to where it came from" is incorrect. People are not (typically) arrested and jailed for garbage on their drives; if they are, there is probably some ulterior motive on the part of LE. If you look at the cases where people are serving time, particularly in child pornography cases, the prosecution has a volume of evidence against the accused, and it is typically accompanied by other physical evidence (photos, toys, magazines, etc). Having crap on your drive does not give you plausible deniability. Period. Wipe zeros and be done.
T. Biehn's recommendation to TC's hidden drive feature is spot on. It is a very functional feature, and I use it all the time, particularly when travelling to other countries. In some countries (like the UK) if you DON'T give up your keys, you will be arrested on that basis alone. With a hidden volume within an encrypted volume, you can give up your phrase to the one volume and it is impossible to know of the existence of the other. Trying to position TC as being weak in some way via your "very hard to brute force with off the shelf tools" is silly - as if it's NOT very hard with "super secret gov brute force tools." A properly created TC drive would take a billion years (with today's tech) to brute force (or whatever the actual time is).
The fact that you've been on FD talking about how you want to attempt to create an environment of plausible deniability has done far worse to weaken your position than anything else you could have done. When you cry "it wasn't me, it was the one armed man!" while on the stand, the prosecutor will simply hand over all these publically available emails where you've gone on about how you are explicitly trying to cover illegal activity with Wiki-blithe and the next thing you know you'll be singing "doot doot doot, lookin' out my back door" in prison.
> -----Original Message-----
> From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-
> disclosure-bounces at lists.grok.org.uk] On Behalf Of Bipin Gautam
> Sent: Wednesday, January 27, 2010 8:19 AM
> To: T Biehn
> Cc: McGhee, Eddie; full-disclosure
> Subject: Re: [Full-disclosure] Disk wiping -- An alternate approach?
> Really? How much do you know of computer forensics? Care to Double
> clicked a few forensic tools first............
> I bring up this issue here because as you can see the laws are
> different in different country and at places just "possession" of a
> questionable content is a crime, without much analysis from where did
> it come from. Such a logic doesnt hold much water from a technical
> prospective, that is what i was trying to discuss. (but you were so
> much concerned about my english lol )
> We were talking on a NEW topic, But if truecrypt is all you know, then
> download truecrypt and add a "custom cascade of ciphers" to your
> truecrypt source code... so that your truecrypt hidden volume will be
> very hard to bruteforced with off the self tools (which is what most
> forensic examiners do, they are tool dependent).....
> (i wish to make fun of you, but maybe another email! ;)
> On 1/27/10, T Biehn <tbiehn at gmail.com> wrote:
> > You made the argument against youself; apparently you didn't
> comprehend the
> > points made in 90% of the on-topic responces to this thread.
> > On Jan 27, 2010 9:34 AM, "Bipin Gautam" <bipin.gautam at gmail.com>
> > McGhee & T Biehn !
> > Thankyou for putting up your "best" argument.... sadly that is the
> > BEST technical thing you happen to pick............. in this topic to
> > comment about........
> > -bipin
> > On 1/27/10, McGhee, Eddie <Eddie.McGhee at ncr.com> wrote: > and also
> lol @
> > maybe USELESS, try making ...
> >> <bipin.gautam at gmail.com<mailto:bipin.gautam at gmail.com>> wrote: > >
> > noise, Lets wrap up: > >...
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure is hosted and sponsored by Secunia.