Educause Security Discussion mailing list archives
Re: Deepfreeze - Why not?
From: "Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
Date: Thu, 17 Nov 2011 22:17:59 -0500
I wonder if it would be worthwhile to tie this thread into thought discussions on the large scale relatively undiscovered theft and siphoning off of intellectual property from IHE’s. I guess what I am really stuck on and trying to figure out is whether or not we continue to make decisions of convenience to/for IT when those decisions may be ones that make it easier for the bad guys to access data and infrastructure that we don’t want them to access? I’m not saying that this is happening but my gut tells me that it’s worth taking a good hard look at. However, if forensic tools and carving still work on a DeepFreeze machine then most of my arguments and concerns are moot. Would anyone on the thread who uses DeepFreeze be willing to run an image through FTK or send me an image to run through FTK so we could see what results we get? - Kevin Kevin L. McLaughlin, CISM, CISSP, GIAC-GSLC, CRISC, PMP, ITIL Master Certified Assistant Vice President, Information Security & Special Projects University of Cincinnati 513-556-9177 The University of Cincinnati is one of America's top public research institutions and the region's largest employer, with a student population of more than 41,000. [cid:image001.gif@01CCA576.4C2E52D0] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rich Graves Sent: Thursday, November 17, 2011 9:56 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Deepfreeze - Why not? A skilled, motivated forensicator can recover data from a DeepFrozen machine. I've seen it done. Civilians would have to resort to file carving, but the company is willing to assist help enforcement understand how data is written. In incidents of sufficient severity, security cameras and witnesses may be more important than digital evidence in placing a particular person at a particular keyboard. -- Rich Graves http://claimid.com/rcgraves Carleton.edu Sr UNIX and Security Admin CMC135: 507-222-7079 Cell: 952-292-6529
Current thread:
- Re: Deepfreeze - Why not?, (continued)
- Re: Deepfreeze - Why not? Heath Barnhart (Nov 17)
- Re: Deepfreeze - Why not? Gibson, Nathan J. (HSC) (Nov 17)
- Re: Deepfreeze - Why not? Rob Whalen (Nov 17)
- Re: Deepfreeze - Why not? Mclaughlin, Kevin (mclaugkl) (Nov 17)
- Re: Deepfreeze - Why not? Michael Sana (Nov 17)
- Re: Deepfreeze - Why not? Schoenefeld, Keith P. (Nov 17)
- Re: Deepfreeze - Why not? Ryan Hiebert (Nov 17)
- Re: Deepfreeze - Why not? Dave Koontz (Nov 17)
- Re: Deepfreeze - Why not? Mclaughlin, Kevin (mclaugkl) (Nov 17)
- Re: Deepfreeze - Why not? SCHALIP, MICHAEL (Nov 17)
- Re: Deepfreeze - Why not? Rich Graves (Nov 17)
- Re: Deepfreeze - Why not? Mclaughlin, Kevin (mclaugkl) (Nov 17)
- Re: Deepfreeze - Why not? Tim Doty (Nov 18)
- Re: Deepfreeze - Why not? Rich Graves (Nov 17)
- Re: Deepfreeze - Why not? Heath Barnhart (Nov 18)
- Malware forensics Nevin, David (Nov 18)
- Re: Malware forensics Mclaughlin, Kevin (mclaugkl) (Nov 18)
- Re: Malware forensics Brian J Smith-Sweeney (Nov 20)
- Re: Malware forensics Nevin, David (Nov 28)
- Re: Deepfreeze - Why not? Mclaughlin, Kevin (mclaugkl) (Nov 18)