Path: news.nzbot.com!spool1.sonic-news.com!news-out.sonic-news.com!not.news-service.com!not.alt.net!not.highwinds-media.com!s02-b21!textbe01-phx!hwmnpeer02.phx!hw-filter.phx!hwmnpeer01.phx!hwmnpeer01.lga!news.highwinds-media.com!news.glorb.com!border1.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!novia!novia!sequencer.newscene.com!not-for-mail
From: +Grant <+Grant@grant.grant>
Newsgroups: alt.fan.utb.naughty-boy
Subject: Re: meat plow you are such a retard
Date: 13 Mar 2008 01:48:03 -0500
Organization: .
Lines: 106
Message-ID: <Grant-me-that-1203081@Grant.Grant>
References: <4cqbt3dd0ns5tn6hduu4if6dbltt3a5ktm@4ax.com> <47d62592$0$13891$8f2e0ebb@news.shared-secrets.com> <1n33b6.cf7.17.1@news.alt.net> <47d79044$0$13871$8f2e0ebb@news.shared-secrets.com> <1n5pnu.5ra.17.1@news.alt.net> <fr9rdo$ti0$1@aioe.org> <ipfht3h51jc91jtn7vvm13iq8b77md35oq@4ax.com>
Reply-To: +Grant
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 8bit
X-No-Archive: yes
X-Original-Bytes: 5192
Xref: news.nzbot.com alt.fan.utb.naughty-boy:1298
X-Received-Date: Sat, 17 Oct 2009 21:02:00 UTC (s02-b21)
In article <ipfht3h51jc91jtn7vvm13iq8b77md35oq@4ax.com>, HMS Victor
Victorian <VictorVictorianREMOVE@hushmail.com> wrote:
> On Thu, 13 Mar 2008 02:09:59 -0500, floppy <floppy@flop.com> wrote:
>
> >On Wed, 12 Mar 2008 13:34:18 -0400, Meat Plow wrote:
> >
> >>
> >> I took a college credit on computer forensics as part of my training.
> >> I already knew a lot of it so it was a bit hard at first
> >
> >My guess is you know dick about shit.
> >
> >Standard LEA pc forensic tools such as EnCase can be found on p2p
> >networks, if people would like to learn to use these to check their hard
> >drives for recoverable data they'll find out what can be found via
> >prosaic methods. Last time I used it it's not really much different to
> >ordinary file recovery tools, so you could use those instead, except it
> >offers the ability to freeze and label a snapshot image of a drive and log
> >all investigator actions for court evidence purposes. There are training
> >materials for EnCase around. A snapshot of ram contents can be taken but
> >that's not going to be any good unless the pc was on when seized, or
> >very recently shutdown. A recent paper showed recovery from ram was
> >possible, but they were only "momentarily" interrupting power. Another
> >EnCase feature is there are available hashes of known CP images which
> >can be used to search for same. They might have added some other
> >capabilties in the last few years.
> >
> >Data can be recoverable from swap if swap wasn't encrypted.
> >
> >Sure, there are more sophisticated data recovery tools eg magnetic force
> >microscopy (MFM) and magnetic force scanning tunneling microscopy (STM)
> >that recover data that has been overwritten several times. This was
> >easy to do with very old drives, which were easy to extract overwritten
> >data from - some companies claimed to be able to recover data that had
> >been overwritten 12 times. For these, a "Guttmann wipe" is the
> >recommended security measure, or better, destroy the drive. But for recent
> >high density hard drives, a "good random scrubbing" is as good as anything
> >else according to Peter Guttmann.
> >
> >AFAIK if a drive has been heavily scrubbed, it will be expensive to try to
> >recover data and there is no guarantee of success. Try getting a quote
> >for recovery of data from a trashed drive.
> >
> >The weakest privacy point is the Windows operating system, which leaks
> >information all over the place via temp files and other means. Some say it
> >might as well be spyware.
> >
> >Finally, hard drive data recovery technology means *nothing* if the data
> >was never written in plaintext to a drive in the first place, but was
> >securely encrypted on the fly.
> >
> >Solutions: Encrypt the entire drive containing your operating system
> >applications, and data, especially if using Windows. Google for more
> >information.
> >
> >
> Fantastic, Floppy!
>
> A quick perusal of this wonderful synopsis provided me with more
> information than either "whatshisface" or "youknowwho" were able to
> digest in an entire semester of "computer forensics" at Nodd Agshully
> Community College.
>
> Good show!
>
> Or should I bellow, Tally HO?
>
> All my best,
>
> Victor V.
> (lay me down in sheets of Lennon)
>
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> God Save Her Majesty the Queen.
> God Preserve the Prince of Wales.
> Rule Britannia!
I want to add just one thing here because it happened to me. Whole
encrypted drives are not fault tolerant. You get one small glitch in
the file system that can be fixed real easy in unencrypted drives and
your out of luck. Could be it can't be fixed. You loose everything and
have to start over.
Heres what I do on Win computer. I have just Win and some big programs
on the encrypted boot drive that I imaged (Norton Ghost) when it was
all freshly setup so I can restore it when it goes bad. I don't store
any files on it and I download directly to another hard drive to
encrypted containers and run programs that can be run entirely in the
containers that might be doing what could interest LEA. If you make the
containers just large enough to fit on a DVD you can back them up very
easy.
On a Mac I encrypt the home directory and the swap file and use
containers even for email. TrueCrypt is cross platform.
--
Grant
|
|