Quote from: xx138xx on January 04, 2012, 04:34 pmWhile the value of making sure your Vm is secure can't be understated, I'd like to call your attention to another aspect some people might wish to look into. The cost is a bit steep at first but keep in mind it would be less than the retainer for a lawyer should you be prosecuted. Even with disk encryption, if they want to crack it they will. Most of the time frame quotes you here about encryption like "it would take them over a thousand years to brute force that" are bullshit. Those time scales estimations are routinely based on trying to crack the encryption using cpu power. While this does get the job done eventually, the future is in using GPU computing(using your video card's processing power). It's the same hashing method used in the bitcoin protocol itself. When people solve a block, all they have done is generate hashes until one of them matched the transactions that were being verified. Anyone who has ever mined bitcoins can tell you how much faster a GPU can do this when compared to a CPU. Depending on the encryption scheme and the efficiency of the hashing code, it can cut the time needed to crack an encrypted volume by several orders of magnatude. This makes encryption just one part of a layered defense scheme. To rely on it alone is foolish.This brings me to my original point. VMs have their image files running off of the hard drive most times, so once the volume is decrypted, they can just load the VM up in its normal software and have access to everything in it. Even worse is that you can manipulate the data in a VM's image file without loading it up and completely bypass all access controls and system permissions. So knowing this, what I did was invest in a device called a ramdisk. How does this help? Well RAM don't hold data after the power cuts out. If you VM is stored and run from a ramdisk, when the police show up, you just pull the plug and no more data for them to screw you with. I have my rig interfaced with a garage door remote on my keyring. One button push and my rig cuts off and all the data in the ram disk goes bye bye. There are software ramdisks available but they are often limited to a size that's not really useful for holding what I would need unless you buy the professional versions of them. I personally went another route and actually bought a hardware ramdisk card that accepts regular computer ram and resides inside my case.With as cheap as Ram is these days, i threw 16GB of ram in the card for less than 60 bucks. The card itself set me back about 300 when I bought it. This might seem expensive until you realize that most lawyers are going to ask for a few thousand dollars as a retainer to even take your case.Sorry but you are wrong. RAM does store data after it is powered off for a period of time depending on the type of RAM. It has been demonstrated in PoC's years ago.See: http://en.wikipedia.org/wiki/Cold_boot_attackBasically LE could simply swipe your ramdisk and drop it in a bucket of nitrogen and preserve the data on it for hours and extract your keys when they are ready.No LEO is gonna spend the time to bruteforce crack an encrypted hard drive unless maybe you are a terrorist. They will simply bug your computer at the bootloader level and keylog all your passwords and bypass the encryption entirely.There is also new kernel patches that allow for storing the encryption keys within the CPU registers itself, therefore when it is powered off the key is wiped immediately as the CPU does not hold data for near as long as RAM after a power off, therefore mitigating a cold boot attack. Still won't matter if you are bugged.