http//
How so?
http//
It's still the same war, just different terrain.
If it's anything like flagstone - we ain't getting in it! (
I have to agree with Hogfly…it's the same question with the same answer, just a different target.
This issue doesn't differ from OS- or application-based drive encryption. The fact remains that the "forensic purist" approach is what makes this an issue, not the technology itself. A "forensic purist" believes that "computer forensics" begins when power is removed from the system and the drive removed for acquisition.
Drive encryption, RAID, etc., all present the same challenge if you're not willing to consider live response and acquisition as a solution.
And you're right…the purists aren't getting it!
Hmm not really my point.
I do not regard myself as a 'Purist', I raised the issue to highlight the fact that as more and more 'Data Security' mechanisms are put in place it requires 'us' (the computer forensic community), to change our attitudes. Live acquisition is now a 'must have' capability.
In the case of RAID etc. particularly in a business environment, live acquisition is the standard.
A Laptop with pre boot protection and hard drive encryption is a different matter,no one is getting 'it' if the machine is off at the time of seizure.
Unless you know different keydet?
D
> …it requires 'us' (the computer forensic community), to change our attitudes
Exactly my point. I wasn't saying that you were a "purist".
> In the case of RAID etc. particularly in a business environment, live acquisition is the standard.
Yeah, well…it should be. I've had a good share of incidents where the systems are powered completely off *before* I get the call.
> Unless you know different keydet?
No, my experience is bearing that out as well.
H
I have to actually hand it to microsoft. i think they are managing to force the live response issue with Bitlocker. I think we will see a shift, and relatively soon.
Like you Harlan, I've had that experience an awful lot. In fact a directive from some groups has been to pull the plug and sequester the machine, unless business continuity forces the system to stay up.
All US encryption (or made by US companies) must include a backdoor. All it will take is a subpoena. The courts have also stated that passwords are not protected under the 5th amendment unless the password itself is incriminating. Other countries prob have similar laws. I guess people should create incriminating passwords???
It’s just a bump in the road. Wait until hackers figure out a way to bypass it anyway and then just copy their methods. In a year after its release it will be business as usual. Just one more step added onto a task.
All US encryption (or made by US companies) must include a backdoor.
Uh, can you provide a source for that?