Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Disk wiping -- An alternate approach?
From: "Thor (Hammer of God)" <Thor () hammerofgod com>
Date: Wed, 27 Jan 2010 17:31:08 +0000

This topic has pretty much run its course.  You shared what you thought was an interesting idea, and most of the 
responses have been along the lines of "interesting, but it does nothing to support your goal."  You are free to hold 
onto your ideas, but there is no reason to continue to try to make others agree with you.  I run into this all the time 
- one should just speak one's mind and move on.  You've spoken your mind, now move on ;)

Your pretense of "without much analysis to where it came from" is incorrect.  People are not (typically) arrested and 
jailed for garbage on their drives; if they are, there is probably some ulterior motive on the part of LE.  If you look 
at the cases where people are serving time, particularly in child pornography cases, the prosecution has a volume of 
evidence against the accused, and it is typically accompanied by other physical evidence (photos, toys, magazines, 
etc).  Having crap on your drive does not give you plausible deniability.  Period.  Wipe zeros and be done.  

T. Biehn's recommendation to TC's hidden drive feature is spot on. It is a very functional feature, and I use it all 
the time, particularly when travelling to other countries.  In some countries (like the UK) if you DON'T give up your 
keys, you will be arrested on that basis alone.  With a hidden volume within an encrypted volume, you can give up your 
phrase to the one volume and it is impossible to know of the existence of the other.   Trying to position TC as being 
weak in some way via your "very hard to brute force with off the shelf tools" is silly - as if it's NOT very hard with 
"super secret gov brute force tools."  A properly created TC drive would take a billion years (with today's tech) to 
brute force (or whatever the actual time is). 

The fact that you've been on FD talking about how you want to attempt to create an environment of plausible deniability 
has done far worse to weaken your position than anything else you could have done.  When you cry "it wasn't me, it was 
the one armed man!" while on the stand, the prosecutor will simply hand over all these publically available emails 
where you've gone on about how you are explicitly trying to cover illegal activity with Wiki-blithe and the next thing 
you know you'll be singing "doot doot doot, lookin' out my back door" in prison.  


-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-
disclosure-bounces () lists grok org uk] On Behalf Of Bipin Gautam
Sent: Wednesday, January 27, 2010 8:19 AM
To: T Biehn
Cc: McGhee, Eddie; full-disclosure
Subject: Re: [Full-disclosure] Disk wiping -- An alternate approach?

Really? How much do you know of computer forensics? Care to Double
clicked a few forensic tools first............

I bring up this issue here because as you can see the laws are
different in different country and at places just "possession" of a
questionable content is a crime, without much analysis from where did
it come from. Such a logic doesnt hold much water from a technical
prospective, that is what i was trying to discuss. (but you were so
much concerned about my english lol )

We were talking on a NEW topic, But if truecrypt is all you know, then
download truecrypt and add a "custom cascade of ciphers" to your
truecrypt source code... so that your truecrypt hidden volume will be
very hard to bruteforced with off the self tools (which is what most
forensic examiners do, they are tool dependent).....

(i  wish to make fun of you, but maybe another email! ;)


On 1/27/10, T Biehn <tbiehn () gmail com> wrote:
You made the argument against youself; apparently you didn't
comprehend the
points made in 90% of the on-topic responces to this thread.

On Jan 27, 2010 9:34 AM, "Bipin Gautam" <bipin.gautam () gmail com>

McGhee & T Biehn !

Thankyou for putting up your "best" argument.... sadly that is the
BEST technical thing you happen to pick............. in this topic to
comment about........


On 1/27/10, McGhee, Eddie <Eddie.McGhee () ncr com> wrote: > and also
lol @
maybe USELESS, try making ...

<bipin.gautam () gmail com<mailto:bipin.gautam () gmail com>> wrote: > >
noise, Lets wrap up: > >...

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]