Comments on: Using Just Full Disk Encryption is Not Enough http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption Rendering computer investigations irrelevant Wed, 01 Sep 2010 22:00:29 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: albert http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-264 albert Mon, 12 Jul 2010 09:01:06 +0000 http://www.anti-forensics.com/?p=240#comment-264 other very good esential software are: superantispyware / spyware doctor / trojan remover and kaspersky virus removal tool. for prevent malicius code in autorun from pendrives, mp3, mp4, phones, ipod, etc. I use mx one, usb doctor or sokx pro. ofcourse also is a good choice disable autorun in you desktop pc, netbook, notebook, etc. other very good esential software are: superantispyware / spyware doctor / trojan remover and kaspersky virus removal tool.
for prevent malicius code in autorun from pendrives, mp3, mp4, phones, ipod, etc. I use mx one, usb doctor or sokx pro.
ofcourse also is a good choice disable autorun in you desktop pc, netbook, notebook, etc.

]]> By: Max (Admin) http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-249 Max (Admin) Sat, 12 Jun 2010 01:09:47 +0000 http://www.anti-forensics.com/?p=240#comment-249 <blockquote>What do you mean “bomb threat”? No need for that type of language at all, I mean what the **** are you even mentioning that for???? We’re not even talking about hiding illegal activity, don’t you think that language is a bit rash and disrespectful to people who have been killed by bombs?</blockquote> Not really, nope, and are you on medication yet for being far too sensitive?

What do you mean “bomb threat”? No need for that type of language at all, I mean what the **** are you even mentioning that for???? We’re not even talking about hiding illegal activity, don’t you think that language is a bit rash and disrespectful to people who have been killed by bombs?

Not really, nope, and are you on medication yet for being far too sensitive?

]]> By: Padraig http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-248 Padraig Fri, 11 Jun 2010 13:22:33 +0000 http://www.anti-forensics.com/?p=240#comment-248 What do you mean "bomb threat"? No need for that type of language at all, I mean what the **** are you even mentioning that for???? We're not even talking about hiding illegal activity, don't you think that language is a bit rash and disrespectful to people who have been killed by bombs? What do you mean “bomb threat”? No need for that type of language at all, I mean what the **** are you even mentioning that for???? We’re not even talking about hiding illegal activity, don’t you think that language is a bit rash and disrespectful to people who have been killed by bombs?

]]> By: storm http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-215 storm Fri, 09 Apr 2010 18:28:27 +0000 http://www.anti-forensics.com/?p=240#comment-215 Dear illegal visitor, can you tell me how did you assign a batch file to your laptop key? I'm looking for workarounds but no info at all. Dear illegal visitor,

can you tell me how did you assign a batch file to your laptop key? I’m looking for workarounds but no info at all.

]]> By: illegal visitor http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-214 illegal visitor Wed, 07 Apr 2010 12:08:36 +0000 http://www.anti-forensics.com/?p=240#comment-214 Hi there, Good article! I am playing around with TC as well and know the risks we still face. I am wondering about the ram copy issue. I do own a laptop with 1 GB of RAM, suppose I am working on it and they seize my laptop. Would it be adequate to let the machine reboot so the ram is cleared and overwritten? Not sure how much chance there is that my encryption key resides in the memory after a reboot. It would halt however on the truecrypt pw screen so there might not be a lot of memory overwritten. I wrote a little batchfile btw to make things more difficult :) I did bind it to an unused laptop key. When I press that key my screen is instantly locked, after a 2 second delay my TC volumes are forcefully dismounted and the laptop will proceed to reboot. Batchfile content: @ECHO OFF BREAK=OFF rundll32.exe user32.dll, LockWorkStation "C:\TC\Sleep.exe" 2 "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q /d /f "C:\TC\Sleep.exe" 2 shutdown -f -r EXIT Hi there,

Good article! I am playing around with TC as well and know the risks we still face. I am wondering about the ram copy issue. I do own a laptop with 1 GB of RAM, suppose I am working on it and they seize my laptop. Would it be adequate to let the machine reboot so the ram is cleared and overwritten? Not sure how much chance there is that my encryption key resides in the memory after a reboot. It would halt however on the truecrypt pw screen so there might not be a lot of memory overwritten.

I wrote a little batchfile btw to make things more difficult :) I did bind it to an unused laptop key. When I press that key my screen is instantly locked, after a 2 second delay my TC volumes are forcefully dismounted and the laptop will proceed to reboot.

Batchfile content:

@ECHO OFF
BREAK=OFF

rundll32.exe user32.dll, LockWorkStation

“C:\TC\Sleep.exe” 2

“C:\Program Files\TrueCrypt\TrueCrypt.exe” /q /d /f

“C:\TC\Sleep.exe” 2

shutdown -f -r

EXIT

]]> By: Timy http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-197 Timy Sat, 27 Feb 2010 18:37:55 +0000 http://www.anti-forensics.com/?p=240#comment-197 I've always wondered too, if you use sleep mode, what is stopping them from disconnecting your LAN and plugging it into their own laptop/rogue AP? I know assigning a static IP would somewhat defer this..however, it could be a true problem. Also, what if the had a USB->Ethernet dongle? After which plugging it in, the OS automatically installs/uses it, and gets a new DHCP lease through it, allowing for our new friends to poke around wherever assuming they can get past your firewall.. So many possibilities! I’ve always wondered too, if you use sleep mode, what is stopping them from disconnecting your LAN and plugging it into their own laptop/rogue AP?

I know assigning a static IP would somewhat defer this..however, it could be a true problem.

Also, what if the had a USB->Ethernet dongle?
After which plugging it in, the OS automatically installs/uses it, and gets a new DHCP lease through it, allowing for our new friends to poke around wherever assuming they can get past your firewall..

So many possibilities!

]]> By: dubanks http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-168 dubanks Tue, 29 Dec 2009 05:28:53 +0000 http://www.anti-forensics.com/?p=240#comment-168 Hello Nice article. Say I have a 8G flash drive, If I encrypt entire drive then it comes up as unformatted drive in windows. So someone might just format the whole darn thing. What I would like to do is to be able to disguise this 8G drive as 4G drive and the remaining 4G should remain invisible to unsuspecting user. Using TC I should be able to detect the hidden partition. For noraml windows it should appear like a 4G drive. Is it possible? TIA Hello
Nice article.
Say I have a 8G flash drive, If I encrypt entire drive then it comes up as unformatted drive in windows. So someone might just format the whole darn thing.
What I would like to do is to be able to disguise this 8G drive as 4G drive and the remaining 4G should remain invisible to unsuspecting user. Using TC I should be able to detect the hidden partition. For noraml windows it should appear like a 4G drive.
Is it possible? TIA

]]> By: Rob http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-122 Rob Fri, 08 May 2009 08:29:28 +0000 http://www.anti-forensics.com/?p=240#comment-122 Nice post - really like the keyfile tip in the comments as well. Double layers of security like this are vital (or if your keyfile is on a biometric USB drive, triple layers!) <a href="http://www.peopleperhour.com/quotes/freelance/Programming" rel="nofollow">Freelance programmer</a> Nice post – really like the keyfile tip in the comments as well. Double layers of security like this are vital (or if your keyfile is on a biometric USB drive, triple layers!)

Freelance programmer

]]> By: JOJO http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-79 JOJO Tue, 21 Apr 2009 20:43:14 +0000 http://www.anti-forensics.com/?p=240#comment-79 How can I WHOLE-DISK encrypt a hard-drive with a dual-boot situation ? (IE: Linux/Windows) Anyway? How can I WHOLE-DISK encrypt a hard-drive with a dual-boot situation ? (IE: Linux/Windows) Anyway?

]]> By: Anonymous http://www.anti-forensics.com/youre-still-not-safe-using-just-full-disk-encryption/comment-page-1#comment-56 Anonymous Sat, 28 Mar 2009 14:16:18 +0000 http://www.anti-forensics.com/?p=240#comment-56 You can completely circumvent the impact of keyloggers by using they XP on-screen keyboard to type your password. This can be found at Start/Programs/Accessories/Accessibility. If you find it too time consuming to do it this way you can just type a portion of it this way. Just make sure it's always the same portion so they can never record that missing fragment with the logger. You can completely circumvent the impact of keyloggers by using they XP on-screen keyboard to type your password.

This can be found at Start/Programs/Accessories/Accessibility.

If you find it too time consuming to do it this way you can just type a portion of it this way. Just make sure it’s always the same portion so they can never record that missing fragment with the logger.

]]>