Hey guys, hope you are all doing well. I don’t normally write a post such as this, but I want to cover a few important topics about personal “maintenance” of data you may store.
This data includes email content and attachments, and especially if you are using a common webmail provider based in the United States, such as Google and Google Mail. These web providers do not cherish and protect your data. They sell it, they give it up, they hand it over to the US Federal Government. Microsoft doesn’t even charge anything for it, they just give it up willingly. Google has the head about them to charge a small sum for the logs containing the IP address and date and time of every access to your email account since inception.
Although I don’t have it published anywhere here on the blog (I should, shame on me! Go to pgp.mit.edu) I do have at least one GnuPG public key hanging around out there which you can communicate with me via. Some of you do, and it is very beneficial to the privacy of our communications. However, this can all be for naught, if you do not maintain good practices, or “housekeeping”. What I mean by this is that if a hostile entity, such as the US Federal Government or a lapdog agency, were to gain access to your system and your private key, it is possible that your private communications could be revealed and any private communications you have had would be exposed.
This is especially true if you give up access to the key (e.g. on an encrypted system) because of force or threat of force against you or your family. Now I know what you are saying, “Max, jeeze, you’re paranoid. This doesn’t happen where I live. I live in the United States, Federal Agents don’t do that!” Well guy, or gal, it’s time to wake up. They do that. They do that and they can and they will. They will beat you. They will threaten you. They will carry out those threats to get your passphrase.
The point I want to make is this, good housekeeping with your keys, means that you will revoke them from time to time, you will use keys that expire, you will delete and overwrite data that you don’t need to leave sitting around.
This includes full hard drives, single files, slack space, free space, emails, email attachments, etc.
The Anti-Forensics project will be going through some changes, we may change CMS and ISP. Up to this point the project has been more of a side-project of mine, but it is more important than that, more important than a side project with shitty hosting (which has served its purpose up to this point) and a shitty content management system. I won’t let some idle (at this point) threats of seizure, shutdown, etc. stop the project.
Over the next few months, with the passage of the new NDAA 2012 bill imminent, and domain seizures being carried out by the Department of Homeland Security, I will be attempting to move data to a non-CMS system, and an ISP based somewhere outside of the Fascist American state. I also believe (maybe I am naive to some extent) that by diversifying the TLD through multiple countries that SOME threats can be rendered moot.
A consequence of this may mean that the open forum system that is currently in place (I know, no SSL/TLS) may be changed or removed forever. I will maintain this content and provide it to the public however.
Regardless, those of you who have put in hard work with me and simply through your own research, will be preserved to the best of my ability on the “open Internet.” I don’t want to move data to a darknet, most of this data exists out there on onion, freenet, and other projects. It needs to be available to the system used by the majority of Earth.
So in closing, I want to reiterate the main point of this news update. Ensure that you have kept up on your housekeeping chores. Revoke old keys. Update that revocation in public systems, so that it is known, practice good data deletion, data maintenance, etc. Do not use your unencrypted hard drive, an obviously encrypted digital device, or software device as your filing cabinet. Do not use your email account as a filing cabinet. If you have old communication that you do not require to hold, wipe it, get rid of it.
You don’t need it.
To be honest, if I was really worried, I'd wipe all hard drives and re-install because hey, I picked up the newest miley virus and heard that was the only way to get rid of it. I'd then proceed with my normal Internet activities and play the My Little Pony MMORPG. I'd then browse on over to Government Propaganda Online by You're a Slave Media Productions for all of the latest and greatest news and tips on how to turn your neighbor in at the Department of Homeland Security for being different than everyone else.
Read MoreDid you know that a real ninja was once employed by the Defense Computer Forensics Laboratory or DCFL for short? During Nick's employment at DCFL, he coded "dcfldd", an enhanced version of the "dd" program found in GNU Core Utilities (GNU coreutils). dcfldd is still used quite often when imaging digital evidence.Not only is it used by DCFL and other alphabet soup but by individuals working in the private sector.
Read MoreThe Silk Road is an anonymous hidden service that you can access via the Tor network. It allows people to sell mind altering chemicals and plants in a more private and safe marketplace. In light of this coming legislation, you will likely not be targeted by computer forensics initially. This is because of the transaction and network technologies used to make the purchases. Now, this could be different if you use the same Bitcoin address publicly on your beanie-baby website that you do to receive heroin payments.
Read MoreDid you know that by putting your computer into "hibernation" mode you are essentially creating a snapshot of the contents of your computers RAM? Learn the risks of using Windows Hibernation mode and how to disable the hiberfil.sys on a Windows system. Learn this anti-forensics technique and more.
Read More
Another presentation by The Grugq and his knowledge and contributions to the anti-forensics community during his computer forensic and anti-forensic research. The video below is a presentation The Grugq performed at Hack in the Box 2007 security conference.
The Grugq covers anti-forensics techniques as well as the HASH or hacker shell which he developed.
The thumbs.db file on a Windows XP system can be a treasure chest of 96 x 96 pixel artifacts. By default, in the standard Windows XP home and professional editions, a thumbs.db file is created in folders viewed in the thumbnail view which contain jpegs, bitmaps, GIFs, PNGs and other files.
Read More
setupapi.log log file
This article covers the USBSTOR registry key and the setupapi.log file and methods to delete them. These two artifacts can contain data regarding USB devices that have been plugged into a system. There are other things you should be aware of as well which are covered in the article. Sometimes just deleting a registry key or file is not enough.
Read More
First Sector
It seems that there are still many people who do not understand what happens when a hard drive is wiped once with a single pass. There were many comments left about my last article on other websites where people were still spreading the myth that a single pass is insufficient. So I've created yet another article, this time with screenshots.
Read More