So you've installed full disk encryption using TrueCrypt. You also remembered from a previous article on here that contained in the TrueCrypt boot loader is the string "TrueCrypt Boot Loader" which is a dead giveaway to the fact that you are using encryption software. In response to this you have also performed the simple disk modification to get rid of the identifiable string with a hex editor like in this article. Now your hard drive is free from unwanted tampering and access without your permission, right?
Read More
Western Digital HDD
I've dug around a bit and found some older examples of software that will detect whether or not the current system is being run in a virtual environment. The main purpose here is to trip up the examiners. Make them waste their time, their clients time and everyone elses. Make the costs of a computer forensics examination even more expensive.
Read More