Re: [Full-disclosure] Disk wiping -- An alternate approach?



Bipin.
I am familiar with LUKS (DMCRYPT), SecurStar's DCPP, TrueCrypt, PGP
Desktop, Windows EFS and all manners of configurations of those
products, including the hidden container features of DCPP and TC.

I am familiar with computer forensics, computer forensic methods, and
anti-forensics. Furthermore I have working knowledge of the various
one-way hashes, symmetric and asymmetric encryption algorithms.
Working knowledge of the various block-cipher modes and what the
differences are between them.

From firsthand experience with the courts I am familiar with their
tool dependence and what they can and cannot grab and why.

From simple logic it is plain to see that filling a drive with content
from wikipedia, some n-gram algorithm or other source would be
worthless. A waste of time and effort.

This is because a drive full of zeros, a drive full of random bits and
a drive full of random word garbage are equivalent.

Some obfuscating filesystem that does -not- use encryption is as
worthless as a generic F-S. If the content on your drive is worth
grabbing the investigating authorities can and will reverse engineer
it.

As everyone has told you, encrypt with a FDE product from the start or
simply wipe your drive to nulls or garbage.

If you are very paranoid use my solution of a hidden container
containing a VM that you use for anything 'private.' Make sure your
host OS has a ream of malware running on it preferably pointed to
non-existent C&C channels, or using PKI where which nobody has the
private key.

-Travis

On Wed, Jan 27, 2010 at 11:18 AM, Bipin Gautam <bipin.gautam@xxxxxxxxx> wrote:
Really? How much do you know of computer forensics? Care to Double
clicked a few forensic tools first............

I bring up this issue here because as you can see the laws are
different in different country and at places just "possession" of a
questionable content is a crime, without much analysis from where did
it come from. Such a logic doesnt hold much water from a technical
prospective, that is what i was trying to discuss. (but you were so
much concerned about my english lol )

We were talking on a NEW topic, But if truecrypt is all you know, then
download truecrypt and add a "custom cascade of ciphers" to your
truecrypt source code... so that your truecrypt hidden volume will be
very hard to bruteforced with off the self tools (which is what most
forensic examiners do, they are tool dependent).....

(i  wish to make fun of you, but maybe another email! ;)


-bipin


On 1/27/10, T Biehn <tbiehn@xxxxxxxxx> wrote:
You made the argument against youself; apparently you didn't comprehend the
points made in 90% of the on-topic responces to this thread.

On Jan 27, 2010 9:34 AM, "Bipin Gautam" <bipin.gautam@xxxxxxxxx> wrote:

McGhee & T Biehn !

Thankyou for putting up your "best" argument.... sadly that is the
BEST technical thing you happen to pick............. in this topic to
comment about........

-bipin

On 1/27/10, McGhee, Eddie <Eddie.McGhee@xxxxxxx> wrote: > and also lol @
maybe USELESS, try making ...

<bipin.gautam@xxxxxxxxx<mailto:bipin.gautam@xxxxxxxxx>> wrote: > > Enough
noise, Lets wrap up: > >...





--
FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/