Silk Road forums
Discussion => Off topic => Topic started by: noodle on April 27, 2012, 07:10 pm
-
If your computer was seized do you think they could recover stuff from your hard drive after doing a drive wipe?
-
If you did a 3 pass wipe (i hear 1 is probably enough) just before doing a full reinstall i would have thought it would be fine. There is another thread discussing how how to clean a HDD i think, i recommend you look there for further inspiration
-
I use CCleaner all the time, whenever I start feeling paranoid I run it to clean everything off my computer, I used to use BCwipe but CCleaner is more user friendly.
-
If you did a 3 pass wipe (i hear 1 is probably enough) just before doing a full reinstall i would have thought it would be fine. There is another thread discussing how how to clean a HDD i think, i recommend you look there for further inspiration
I'd do a NSA overwrite just to be sure (7 passes) or a Guttman to really get it gone.
-
If using it to clear history and stuff make sure you go into settings and change it to 'Everything' because it defaults to saving a week and deleting everything before that. Also have to change it to overwrite instead of regular deletion.
As for wiping your hard drive CCleaner will clean all the data but not bad blocks or other splintered data that could contain encryption keys, GPG information or something else sensitive. You need special program for that: http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml
-
Thanks for that Derp:)
-
I am a fan of CCleaner, I was turned onto it by my IT bro in law.
CHeers
-
I prefer bleachbit. I don't trust CCleaner for some reason. :)
BTW what about full disk encryption and hidden volumes...no need to clean up then.
-
^this
Encrypt every fucking thing you can. If I could encrypt my screen, I would.
-
If your computer was seized do you think they could recover stuff from your hard drive after doing a drive wipe?
Short answer is no. Any sectors that are overwritten by CCleaner, even once, will be unrecoverable using any means known to the public. Perhaps the NSA has some way of restoring overwritten data, though no law enforcement agency is known to have this capability. Even if such a capability comes into existence tomorrow, it probably won't be refined enough to produce forensically-sound evidence that can be used against you in court. They would probably save it for "national security" matters when they need information without having to prove its integrity.
Make sure you also enable MFT free space clearing so that deleted file names and whatnot is wiped as well. You may also want to use Eraser or a similar program to wipe slack space (unused space at the end of each data cluster on your HDD), as CCleaner does not have such a feature ATM.
BTW what about full disk encryption and hidden volumes...no need to clean up then.
All FDE is vulnerable to cold boot attacks. All "they" have to do is reboot your computer and quickly read the contents of your RAM--which contains the master keys to all your volumes--with a special boot disk. Even if you have a CMOS password set or something, they can spray the RAM with cooling liquid and bring it to a lab, or throw into portable data acquisition stations if you're a big enough deal for them to bring that along.
I would advise everyone to wipe free space on all their encrypted volumes, at the very least. Create traditional encrypted containers to store blatantly illegal material and immediately dismount them when you physically leave the computer, even for a minute.
tl;dr wiping data once is enough to destroy it, full disk encryption is vulnerable to physical attacks so keep sensitive data unmounted when you aren't present, and be ready to flip the power switch the second anyone bangs on your door.
-
If your computer was seized do you think they could recover stuff from your hard drive after doing a drive wipe?
No, not if you did a proper drive wipe (overwrite the entire thing with zeros). You'd have to do this with DBAN or something similar, since at the filesystem level there is reserved space (ext4 keeps 5% reserved space,etc).
Part II:
First of all, I don't think Cold boot attack has been used in court yet.
Way to avoid / mitigate cold boot attack:
1) Use a lesser-known but secure crypto algorithm like Serpent , Blowfish, or Twofish.
(The current Cold Boot attack software only works on AES key schedule. This is not a permanent solution, but I don't trust AES anyway )
2) Also , make sure that in Truecrypt you are not 'cacheing' keys in RAM.
3) Use Truecrypt keyfile located on small USB dongle. In case of emergency, wipe the keyfile.
4) Set your BIOS to do a 'RAM check' on boot if this option is possible. This will wipe your RAM on reboot.
5) Close and unmount your truecrypt volumes whenever you leave your computer, even for a minute. In case of emergency, unmount/close your encrypted volumes, and/or simply power off the computer. If you have time and BIOS RAM wipe is enabled, power it back on so your BIOS do a RAM wipe, then power it off and unpplug it.
6) If your BIOS doesn't do RAM wipe, in an emergency, your best bet is to power off the computer and hide it. The longer it takes before they get to it, the more the RAM will decay.
TLDR: If you can buy yourself 3 to 5 minutes of time where your laptop is powered off and no one has sprayed the RAM with liquid nitrogen, then cold boot attack against encryption keys becomes almost impossible.
-
They have successfully pulled encryption keys from memory just look up Iceman from Cardersmarket. CCleaner works, BUT if the cops find it on your system they charge you with evidence tampering or obstruction of justice. Yes for reelz.
Solution is encrypt everything, using Twofish-Serpent so they can't get at that info in the first place
-
One pass is enough. I also would use a hardware drive wiper called HAmmer.
-
cccleaner will not irreparably erase things. It will do a good enough job to stump small time officers and what not, but the military or other groups with infinite money could theoretically recover the information.
-
if yall use linux, Tails has a function where one click on the powe icon shuts down immediately and then does a ram wipe, even video ram.
it's a nicely set up portable os too.