--=-JKs4tS4Wvh8wbux4AuVc
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Mon, 2003-08-04 at 21:20, Ernest Baca wrote:
> I am a computer forensic examiner here in Phoenix. I use Linux as a tool=
=20
> for the examination of suspect computers. The one thing that is very=20
> important for evidentiary reasons is that the state of the drive does not=
=20
> change when you examine it. Basically the md5 hash before examination mu=
st=20
> match the hash after examination. I have made a bootable CD distro based=
on=20
> KNOPPIX to assist examiners in the live preview of suspect computers.
I think there is already a bunch of good replies to your questions, but
I kinda have a different question.
Now, I don't have government chasing me, nor do I plan to. But I think
that thieves of my hard drive (by stealing my laptop) would use many of
the same techniques to get data off my hard drive (they probably
wouldn't be as careful though). What do you find the hardest? Do you
just give up on encrypted volumes? Is there a particular encryption
that is more difficult? Any funny stories about people using encryption
and then having the passwords stored plain text on the hard drive?
--Ted
--=-JKs4tS4Wvh8wbux4AuVc
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA/L9C3LE335pRPGp0RAkakAJ9GmNFP9GLjhAzp66VTPQy9m4m9KQCfTrQ1
wbM+tfHA0juZFxWs/zqKlyE=
=PCdL
-----END PGP SIGNATURE-----
--=-JKs4tS4Wvh8wbux4AuVc--
(text/plain)