Re: Can someone just remove my hard disk and copy the contents?



John Hyde wrote:
on 1/25/2006 4:49 AM Winged said the following:

blackhat wrote:
<SNIP>


They can't install a key logger on an encrypted disk

I would not bet on this. A number of hardware keyloggers exist. There are also key hardware keyloggers that can be set inside of laptops. Desktops are no issue to bug. Some devices exist that just plug into the keyboard wire, that do not require pc disassemble (desktop). These can be place on a system in under 10 seconds and in my exp "never" noticed. Some devices exist where you do not even need to touch the device, once in place, just get in close proximity to the device to collect data. The proximity devices are powered by the PC in question and are extremely difficult to detect even if one happens to actually open the pc in question and see the device.


Well, I don't see why it matters whether the keylogger is hardware or software. What matters is where the logged info is stored pending retrieval.

I assume that the for a hardware device the logged info is kept in the device's flash memory? If it needs to be saved to the HD, then it gets encrypted with everything else.

Of course, if you have a remote retreival (any type of wireless will do) then all you have to do is wait for the user to unlock the door for you. As long as the OS treats the drive transparently when logged in . . ..

JH
Disk encryption password prompts typically come up before software keyloggers are effective. Once you have the disk encryption password, everything on the device is typically open.

Hardware has some advantages over software and software loggers have different advantages over hardware. Depends what is needed.

Winged
.