Silk Road forums

Discussion => Security => Topic started by: 1100101 on January 03, 2013, 10:42 pm

Title: Another Tech Question :)
Post by: 1100101 on January 03, 2013, 10:42 pm
My PC is fairly modular with quick access to the hard drives (open the side, remove SATA/power cables and take HDD from sliding drawer).

What I do is take my OS hdd and remove it any time I am expecting a package and put in a safe off site location.  I  leave my game drive (ssd) and storage drive (storage drive is mechanical and also boots to win) connected.   I also remove the SATA and power cord from my PSU (modular as well).

I only order personal amounts of mary jane, so it's nothing too heavy.  But, I was wondering with the main os hdd removed and leaving the game/storage drives connected, how much information about what I do will they be able to get from my pc should it ever be seized?  Not that I am expecting that to happen, but just out of curiosity!

Thanks!
Title: Re: Another Tech Question :)
Post by: astor on January 04, 2013, 01:23 am
with the main os hdd removed and leaving the connected

Leaving the? You left out the most important words.

If you meant leaving the game or storage drives connected, then there's probably nothing they can figure out.
Title: Re: Another Tech Question :)
Post by: 1100101 on January 04, 2013, 02:02 am
with the main os hdd removed and leaving the connected

Leaving the? You left out the most important words.

If you meant leaving the game or storage drives connected, then there's probably nothing they can figure out.

D'Oh!!! Yep, I did mean leaving the game and storage drives connected.  The PC will boot off of the storage drive (I intentionally put win 7 on it).  I just didn't know what they could figure out from what might be stored on those drives and on the RAM.

Thanks Astor, +1 to you.
Title: Re: Another Tech Question :)
Post by: Christy Nugs on January 04, 2013, 04:04 am
how big is your memory?

wipe memory with memtest 86+

prolly not needed unless ur on sr right before u pull boot drive
Title: Re: Another Tech Question :)
Post by: SelfSovereignty on January 04, 2013, 04:21 am
I think astor's response is probably right (as usual), but there's more to it than that.  Since you sound like you're asking out of curiosity and not irrational paranoia, there's a few things: for one, Windows can be configured to keep the swap file on any drive -- I generally keep mine on a different physical hard drive than the OS runs on, for instance (so loading a program and loading something from swap can both get the full I/O of the disk if it comes to it).  Unless you play with the settings manually though, I think it'll be on the same drive as the OS installation is.

Operating systems are massive beasts though, and there's a whole lot that they do.  I mean a whole lot.  File indexing for faster drive searches (which includes some kind of content indexing that I have no clue about, BTW) is just one thing.  I don't know where that data is stored.

The volume shadow copy service comes to mind -- I was never clear on exactly wtf that really does, but it sounds like it could have fragments scattered throughout drives.  The Windows registry is actually stored in fragments of different files all over the place, but I should think that would be almost entirely on the boot partition or the one Windows is installed to.

You call one your "game drive."  That means you install programs directly to it?  I have no idea if that means Windows keeps fragments on that drive.  If it's formatted as NTFS though, there's data it stores in a normally non-accessible location on the disk (non-accessible from Windows that is).  I don't know what that data is or how incriminating it could be, but it's there.  Basically the problem is that almost nobody knows everything Windows is doing anymore -- including a lot of the guys who helped write the thing -- so there's almost always something to find if you dig deep enough.  The idea behind physically damaging the drive is to make it absolutely impossible to recover.

Nobody knows everything, and everyone makes mistakes: if you don't make your plans to be resilient to the little mistakes you're *going* to make, then they could easily get you fucked if you're selling.  But you're not, so you personally would be a waste of time and money to do serious disk forensics "against."  If they wanted to prove you use Silk Road though, I'm willing to bet someone they pay very well could get enough data from your system to testify that you do.  I have no real idea how *I* would go about doing that, but it's what these people do, ya know.