Comments on: Using Just Full Disk Encryption is Not Enough http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption Rendering computer investigations irrelevant Fri, 05 Mar 2010 05:55:34 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Timy http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-197 Timy Sat, 27 Feb 2010 18:37:55 +0000 http://www.anti-forensics.com/?p=240#comment-197 I've always wondered too, if you use sleep mode, what is stopping them from disconnecting your LAN and plugging it into their own laptop/rogue AP? I know assigning a static IP would somewhat defer this..however, it could be a true problem. Also, what if the had a USB->Ethernet dongle? After which plugging it in, the OS automatically installs/uses it, and gets a new DHCP lease through it, allowing for our new friends to poke around wherever assuming they can get past your firewall.. So many possibilities! I’ve always wondered too, if you use sleep mode, what is stopping them from disconnecting your LAN and plugging it into their own laptop/rogue AP?

I know assigning a static IP would somewhat defer this..however, it could be a true problem.

Also, what if the had a USB->Ethernet dongle?
After which plugging it in, the OS automatically installs/uses it, and gets a new DHCP lease through it, allowing for our new friends to poke around wherever assuming they can get past your firewall..

So many possibilities!

]]> By: dubanks http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-168 dubanks Tue, 29 Dec 2009 05:28:53 +0000 http://www.anti-forensics.com/?p=240#comment-168 Hello Nice article. Say I have a 8G flash drive, If I encrypt entire drive then it comes up as unformatted drive in windows. So someone might just format the whole darn thing. What I would like to do is to be able to disguise this 8G drive as 4G drive and the remaining 4G should remain invisible to unsuspecting user. Using TC I should be able to detect the hidden partition. For noraml windows it should appear like a 4G drive. Is it possible? TIA Hello
Nice article.
Say I have a 8G flash drive, If I encrypt entire drive then it comes up as unformatted drive in windows. So someone might just format the whole darn thing.
What I would like to do is to be able to disguise this 8G drive as 4G drive and the remaining 4G should remain invisible to unsuspecting user. Using TC I should be able to detect the hidden partition. For noraml windows it should appear like a 4G drive.
Is it possible? TIA

]]> By: Rob http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-122 Rob Fri, 08 May 2009 08:29:28 +0000 http://www.anti-forensics.com/?p=240#comment-122 Nice post - really like the keyfile tip in the comments as well. Double layers of security like this are vital (or if your keyfile is on a biometric USB drive, triple layers!) <a href="http://www.peopleperhour.com/quotes/freelance/Programming" rel="nofollow">Freelance programmer</a> Nice post – really like the keyfile tip in the comments as well. Double layers of security like this are vital (or if your keyfile is on a biometric USB drive, triple layers!)

Freelance programmer

]]> By: JOJO http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-79 JOJO Tue, 21 Apr 2009 20:43:14 +0000 http://www.anti-forensics.com/?p=240#comment-79 How can I WHOLE-DISK encrypt a hard-drive with a dual-boot situation ? (IE: Linux/Windows) Anyway? How can I WHOLE-DISK encrypt a hard-drive with a dual-boot situation ? (IE: Linux/Windows) Anyway?

]]> By: Anonymous http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-56 Anonymous Sat, 28 Mar 2009 14:16:18 +0000 http://www.anti-forensics.com/?p=240#comment-56 You can completely circumvent the impact of keyloggers by using they XP on-screen keyboard to type your password. This can be found at Start/Programs/Accessories/Accessibility. If you find it too time consuming to do it this way you can just type a portion of it this way. Just make sure it's always the same portion so they can never record that missing fragment with the logger. You can completely circumvent the impact of keyloggers by using they XP on-screen keyboard to type your password.

This can be found at Start/Programs/Accessories/Accessibility.

If you find it too time consuming to do it this way you can just type a portion of it this way. Just make sure it’s always the same portion so they can never record that missing fragment with the logger.

]]> By: Yar http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-32 Yar Tue, 17 Mar 2009 21:07:35 +0000 http://www.anti-forensics.com/?p=240#comment-32 All great tips. Especially about updating software and disabling services you don't need. I do not use TrueCrypt volumes with a keyfile as I know I'm just going lose it ;) but very good tip. All great tips. Especially about updating software and disabling services you don’t need.

I do not use TrueCrypt volumes with a keyfile as I know I’m just going lose it ;) but very good tip.

]]> By: John Doe http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-27 John Doe Tue, 17 Mar 2009 19:19:14 +0000 http://www.anti-forensics.com/?p=240#comment-27 Don't forget to be logged in as user and not as admin. This creates another security layer since it might affect some rootkits and viruses from installing correctly. For Truecrypt it might be a smart move to use a keyfile besides a strong password. Then an attacker needs to get hold of both your password and keyfile. Watch out for Mantech's MDD, it can make a complete memory dump. Might reveal keys, passwords of Truecrypt (did not have time to test this). Will discover Windows hashes for sure. See a nice article on: http://taosecurity.blogspot.com/2009/03/using-forensic-tools-offensively.html Offensively Don’t forget to be logged in as user and not as admin. This creates another security layer since it might affect some rootkits and viruses from installing correctly.

For Truecrypt it might be a smart move to use a keyfile besides a strong password. Then an attacker needs to get hold of both your password and keyfile.

Watch out for Mantech’s MDD, it can make a complete memory dump. Might reveal keys, passwords of Truecrypt (did not have time to test this). Will discover Windows hashes for sure. See a nice article on:
http://taosecurity.blogspot.com/2009/03/using-forensic-tools-offensively.html Offensively

]]> By: m0rebel http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-24 m0rebel Fri, 13 Mar 2009 22:59:56 +0000 http://www.anti-forensics.com/?p=240#comment-24 Great post! I also want to add, update your system and all your software! So many Windows users seem to not prioritize updates, but that's the #1 way people end up hacking your computer. There's always a new Windows file sharing bug, or web browser bug, or Flash player bug, or PDF reader bug, and the only way to be much safer is to promptly install updates. And speaking of Windows file sharing: only have it enabled if you have a really good reason for it, and make sure that only authorized people are allowed to view your shares. It doesn't matter if your disk is encrypted if you're sharing your documents with others over the network. Great post! I also want to add, update your system and all your software! So many Windows users seem to not prioritize updates, but that’s the #1 way people end up hacking your computer. There’s always a new Windows file sharing bug, or web browser bug, or Flash player bug, or PDF reader bug, and the only way to be much safer is to promptly install updates.

And speaking of Windows file sharing: only have it enabled if you have a really good reason for it, and make sure that only authorized people are allowed to view your shares. It doesn’t matter if your disk is encrypted if you’re sharing your documents with others over the network.

]]> By: Yar http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-20 Yar Fri, 13 Mar 2009 16:20:40 +0000 http://www.anti-forensics.com/?p=240#comment-20 hiddenillusion, great article at diablohorn. I did leave out having a secure passphrase. I myself use at least a 15 character passphrase on all encrypted volumes and disks. The best you can do is to make a long passphrase, substitute letters in it for numbers and symbols. Then at the end, beginning or maybe between words add symbol combinations that are easy to remember. This will make for a very difficult password to brute. hiddenillusion, great article at diablohorn. I did leave out having a secure passphrase. I myself use at least a 15 character passphrase on all encrypted volumes and disks.

The best you can do is to make a long passphrase, substitute letters in it for numbers and symbols. Then at the end, beginning or maybe between words add symbol combinations that are easy to remember. This will make for a very difficult password to brute.

]]> By: hiddenillusion http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-19 hiddenillusion Fri, 13 Mar 2009 15:49:17 +0000 http://www.anti-forensics.com/?p=240#comment-19 interesting article, I see you post a lot about Truecrypt, might want to check this out to go along with your articles. http://diablohorn.wordpress.com/2009/01/01/truecrypt-variety-of-bruteforcing-options/ interesting article, I see you post a lot about Truecrypt, might want to check this out to go along with your articles.

http://diablohorn.wordpress.com/2009/01/01/truecrypt-variety-of-bruteforcing-options/

]]>