This might make lif...
 
Notifications
Clear all

This might make life interesting

19 Posts
10 Users
0 Likes
1,165 Views
whitecap
(@whitecap)
Posts: 16
Active Member
Topic starter
 

http//hosted.ap.org/dynamic/stories/H/HARD_DRIVE_SECURITY?SITE=WIRE&SECTION=HOME&TEMPLATE=DEFAULT

 
Posted : 13/03/2007 2:39 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

How so?

http//windowsir.blogspot.com/2007/03/forensic-challenges.html

 
Posted : 13/03/2007 3:30 pm
hogfly
(@hogfly)
Posts: 287
Reputable Member
 

It's still the same war, just different terrain.

 
Posted : 13/03/2007 4:19 pm
whitecap
(@whitecap)
Posts: 16
Active Member
Topic starter
 

If it's anything like flagstone - we ain't getting in it! (

 
Posted : 13/03/2007 4:55 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

I have to agree with Hogfly…it's the same question with the same answer, just a different target.

This issue doesn't differ from OS- or application-based drive encryption. The fact remains that the "forensic purist" approach is what makes this an issue, not the technology itself. A "forensic purist" believes that "computer forensics" begins when power is removed from the system and the drive removed for acquisition.

Drive encryption, RAID, etc., all present the same challenge if you're not willing to consider live response and acquisition as a solution.

And you're right…the purists aren't getting it!

 
Posted : 13/03/2007 6:37 pm
whitecap
(@whitecap)
Posts: 16
Active Member
Topic starter
 

Hmm not really my point.

I do not regard myself as a 'Purist', I raised the issue to highlight the fact that as more and more 'Data Security' mechanisms are put in place it requires 'us' (the computer forensic community), to change our attitudes. Live acquisition is now a 'must have' capability.

In the case of RAID etc. particularly in a business environment, live acquisition is the standard.

A Laptop with pre boot protection and hard drive encryption is a different matter,no one is getting 'it' if the machine is off at the time of seizure.

Unless you know different keydet?

D

 
Posted : 14/03/2007 12:31 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

> …it requires 'us' (the computer forensic community), to change our attitudes

Exactly my point. I wasn't saying that you were a "purist".

> In the case of RAID etc. particularly in a business environment, live acquisition is the standard.

Yeah, well…it should be. I've had a good share of incidents where the systems are powered completely off *before* I get the call.

> Unless you know different keydet?

No, my experience is bearing that out as well.

H

 
Posted : 14/03/2007 2:45 pm
hogfly
(@hogfly)
Posts: 287
Reputable Member
 

I have to actually hand it to microsoft. i think they are managing to force the live response issue with Bitlocker. I think we will see a shift, and relatively soon.

Like you Harlan, I've had that experience an awful lot. In fact a directive from some groups has been to pull the plug and sequester the machine, unless business continuity forces the system to stay up.

 
Posted : 15/03/2007 7:46 am
(@annodomini1969)
Posts: 10
Active Member
 

All US encryption (or made by US companies) must include a backdoor. All it will take is a subpoena. The courts have also stated that passwords are not protected under the 5th amendment unless the password itself is incriminating. Other countries prob have similar laws. I guess people should create incriminating passwords???

It’s just a bump in the road. Wait until hackers figure out a way to bypass it anyway and then just copy their methods. In a year after its release it will be business as usual. Just one more step added onto a task.

 
Posted : 24/03/2007 7:58 pm
 ddow
(@ddow)
Posts: 278
Reputable Member
 

All US encryption (or made by US companies) must include a backdoor.

Uh, can you provide a source for that?

 
Posted : 24/03/2007 8:06 pm
Page 1 / 2
Share: