Build Your Own Digital Forensics Lab

Security, malware, viri--you've got to keep your eyes open

Build Your Own Digital Forensics Lab

Postby bob » 07/23/09, 10:59 pm

Fun stuff here:

Secret Service's Best Practices For Seizing Electronic Evidence, Pocket
Guide for First Responders
http://www.forwardedge2.com/pdf/bestPractices.pdf


How to Build Your Own Digital Forensics Lab, Cheap
http://www.computerworld.com/s/article/ ... onomyId=17
WYSIWTF
bob
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
 
Posts: 7565
Joined: 12/03/01, 12:00 am
Location: St. Louis

Postby Gerry » 07/25/09, 11:19 pm

Awesome info Bob. Great for those among us who are rightly paranoid :)
Gerry
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
 
Posts: 5727
Joined: 12/04/01, 12:00 am
Location: Perth, Western Australia

Postby Gerry » 07/27/09, 6:55 pm

Right, so if I wanna be a crim I gotta make sure to have an internal power backup (probably doesn't even have to be a UPS, as some of the higher end power supplies will give you a few seconds of backup power) that will auto encrypt all data upon removal of external power.
Gerry
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
 
Posts: 5727
Joined: 12/04/01, 12:00 am
Location: Perth, Western Australia

Postby bob » 07/28/09, 2:54 pm

Are you sure that encryption could be done in a couple seconds? Sounds like heavy duty disk and processor action. Also would depend on how much needs to be encrypted -- a whole hard drive? Forgedaboudit....
WYSIWTF
bob
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
 
Posts: 7565
Joined: 12/03/01, 12:00 am
Location: St. Louis

Postby Gerry » 07/28/09, 4:59 pm

bob wrote:Are you sure that encryption could be done in a couple seconds? Sounds like heavy duty disk and processor action. Also would depend on how much needs to be encrypted -- a whole hard drive? Forgedaboudit....


You're right encryption couldn't be done in a few seconds, I wrote that wrong. It would have to be already done as would be the case in "On-the-fly encryption"

http://en.wikipedia.org/wiki/On-the-fly_encryption

Basically the only place that contains unencrypted data is the RAM. The disk could be unmounted in probably about 1 second and removing the power from the system clears the ram. So yeah "Forgedaboudit" :)
Gerry
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
 
Posts: 5727
Joined: 12/04/01, 12:00 am
Location: Perth, Western Australia

Postby bob » 07/28/09, 5:37 pm

The disk could be unmounted in probably about 1 second and removing the power from the system clears the ram


Wait a second--what about Windows' ram cache...? You'd definitely want that wiped (or turned off before even putting any secret data on the machine).
WYSIWTF
bob
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
 
Posts: 7565
Joined: 12/03/01, 12:00 am
Location: St. Louis

Postby Gerry » 07/28/09, 7:04 pm

I don't use a windows system to do anything that needs security, so I'm not quite sure what you are referring to. I really have no idea how a windows system works as it's all closed and that's a problem as it prevents me from seeing when something isn't right or understanding why every change is made. I boot into windows for playing games, but that's it.

Are you talking about the swap file? If so then that's a very good point, your swap file needs to be encrypted on the fly too.

http://www.truecrypt.org/docs/?s=system-encryption
Gerry
BIG GIANT HEAD I Get Free Beer
BIG GIANT HEAD I Get Free Beer
 
Posts: 5727
Joined: 12/04/01, 12:00 am
Location: Perth, Western Australia


Return to Protect Yourself

Who is online

Users browsing this forum: No registered users and 1 guest

cron