Re: Disk wiping -- An alternate approach?

[T Biehn <tbiehn () gmail com>]

Bipin.
I am familiar with LUKS (DMCRYPT), SecurStar's DCPP, TrueCrypt, PGP
Desktop, Windows EFS and all manners of configurations of those
products, including the hidden container features of DCPP and TC.

I am familiar with computer forensics, computer forensic methods, and
anti-forensics. Furthermore I have working knowledge of the various
one-way hashes, symmetric and asymmetric encryption algorithms.
Working knowledge of the various block-cipher modes and what the
differences are between them.

> From firsthand experience with the courts I am familiar with their
tool dependence and what they can and cannot grab and why.

> From simple logic it is plain to see that filling a drive with content
from wikipedia, some n-gram algorithm or other source would be
worthless. A waste of time and effort.

This is because a drive full of zeros, a drive full of random bits and
a drive full of random word garbage are equivalent.

Some obfuscating filesystem that does -not- use encryption is as
worthless as a generic F-S. If the content on your drive is worth
grabbing the investigating authorities can and will reverse engineer
it.

As everyone has told you, encrypt with a FDE product from the start or
simply wipe your drive to nulls or garbage.

If you are very paranoid use my solution of a hidden container
containing a VM that you use for anything 'private.' Make sure your
host OS has a ream of malware running on it preferably pointed to
non-existent C&C channels, or using PKI where which nobody has the
private key.

-Travis

On Wed, Jan 27, 2010 at 11:18 AM, Bipin Gautam <bipin.gautam () gmail com> wrote:
> Really? How much do you know of computer forensics? Care to Double
> clicked a few forensic tools first............
>
> I bring up this issue here because as you can see the laws are
> different in different country and at places just "possession" of a
> questionable content is a crime, without much analysis from where did
> it come from. Such a logic doesnt hold much water from a technical
> prospective, that is what i was trying to discuss. (but you were so
> much concerned about my english lol )
>
> We were talking on a NEW topic, But if truecrypt is all you know, then
> download truecrypt and add a "custom cascade of ciphers" to your
> truecrypt source code... so that your truecrypt hidden volume will be
> very hard to bruteforced with off the self tools (which is what most
> forensic examiners do, they are tool dependent).....
>
> (i  wish to make fun of you, but maybe another email! ;)
>
>
> -bipin
>
>
> On 1/27/10, T Biehn <tbiehn () gmail com> wrote:
> > You made the argument against youself; apparently you didn't comprehend the
> > points made in 90% of the on-topic responces to this thread.
> >
> > On Jan 27, 2010 9:34 AM, "Bipin Gautam" <bipin.gautam () gmail com> wrote:
> >
> > McGhee & T Biehn !
> >
> > Thankyou for putting up your "best" argument.... sadly that is the
> > BEST technical thing you happen to pick............. in this topic to
> > comment about........
> >
> > -bipin
> >
> > On 1/27/10, McGhee, Eddie <Eddie.McGhee () ncr com> wrote: > and also lol @
> > maybe USELESS, try making ...
> >
> > > <bipin.gautam () gmail com<mailto:bipin.gautam () gmail com>> wrote: > > Enough
> > noise, Lets wrap up: > >...



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/