| email@example.com wrote:
|>> When a whole drive is encrypted, or just a partition, to access that data
|>> it is necessary to first enter a passphase that decrypts a random bit
|>> array, or is the seed to generate one. After that is done, it is used
|>> to decrypt the data on the disk. But the key itself is only stored in
|>> RAM. If the machine is shutoff, the key is lost and the entry of the
|>> passphrase must be repeated. By taking the machine in its running state,
|>> the opportunity exists to examine the drive contents while the decryption
|>> is still active.
|> If the drive is "opened" when they sieze it, why not just copy the
|> data right there?
|> In real life guys like the FBI and NSA can crack just about any
|> encryption with minimal effort. I know a guy who works in that arena
|> and he has a tool that broke the IBM encryption on my laptop in about
|> 5 minutes.
| With 500+GByte disks household items these days - it can take quite a
| while copying the data off - even presuming a police officer was present
| who knew how to do it and had enough USB drives with him to do it.
| Whilst many encryption algorithms are easily breakable, MS Word springs
| to mind, others are a challenge - even for the NSA. The advantage of
| getting hold of a computer which has the suspect still logged in, is
| that a lot of encrypted stuff is available en clair - whilst that user
| is logged in. All this kit does is keep the computer in that state. Why
| spend (expensive) time and effort breaking encryption, when the stuff is
| available, unencrypted?
Ideally, do a RAM dump, and see if you can grab the buffered key. If the
computer is in a state it can continue to decrypt disk contents, capturing
that state itself is precious.
| Plus, it is possible to set up computers to run with no hard disk at
| all. They boot from the network and load their operating system from the
| network - into RAM. From a server that could be in another juristiction,
| or even on a different continent. Lose power and there is absolutely no
| evidence left to analyse. However, if someone has gone to the trouble of
| setting up a computer like this, for less than honest reasons, he is
| probably going to take a few more precautions, too*.
Which you will excuse me for not going into.
Yeah, it's off topic for this group. These things are frequently discussed
on various software related groups.
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
Click to see the full signature.