|
Posts: 52255
Posted: Thu May 14, 2020 9:30 am
And the US just got a little less free.
|
Posts: 35270
Posted: Thu May 14, 2020 9:49 am
DrCaleb DrCaleb: And the US just got a little less free. Give them more guns and they won't even realize it. ![Wink :wink:](./images/smilies/icon_wink.gif)
|
Posts: 65472
Posted: Thu May 14, 2020 10:04 am
DrCaleb DrCaleb: And the US just got a little less free. It did. And some of us are using non-US encryption these days. So fuck the FBI.
|
Posted: Thu May 14, 2020 10:30 am
BartSimpson BartSimpson: DrCaleb DrCaleb: And the US just got a little less free. It did. And some of us are using non-US encryption these days. So fuck the FBI. Sadly wouldn't help. Your browser history is stored on your system if you use encryption, incognito mode, or delete search history. It's recoverable, I learned how to do it in forensic training. Only way to stop it from being discovered is to forensically wipe a drive. Part of why when anyone on my team goes to the U.S. (especially to hacking conferences) they use a forensically wiped machine with a bone stock image of whatever OS, set up what they need in the U.S., and then wipe and re-image before coming back over the border. Now looks like we might to run with flash drives that will wipe drives on boot.
|
Posts: 52255
Posted: Thu May 14, 2020 10:36 am
Tricks Tricks: BartSimpson BartSimpson: DrCaleb DrCaleb: And the US just got a little less free. It did. And some of us are using non-US encryption these days. So fuck the FBI. Sadly wouldn't help. Your browser history is stored on your system if you use encryption, incognito mode, or delete search history. It's recoverable, I learned how to do it in forensic training. Laptops at my work are encrypted from boot up. No password, no boot. Still recoverable? Tricks Tricks: Only way to stop it from being discovered is to forensically wipe a drive. Part of why when anyone on my team goes to the U.S. (especially to hacking conferences) they use a forensically wiped machine with a bone stock image of whatever OS, set up what they need in the U.S., and then wipe and re-image before coming back over the border.
Now looks like we might to run with flash drives that will wipe drives on boot. I would never take an electronic device to the US. Even though it's been found to be illegal to copy devices, I'd bet they do it anyhow. https://www.npr.org/2019/05/02/71933735 ... ic-devices
|
Posted: Thu May 14, 2020 10:41 am
DrCaleb DrCaleb: Laptops at my work are encrypted from boot up. No password, no boot.
Still recoverable?
At the border, yeah. They can force you to input your password and unlock it or deny you entrance into the country. $1: I would never take an electronic device to the US. Even though it's been found to be illegal to copy devices, I'd bet they do it anyhow. https://www.npr.org/2019/05/02/71933735 ... ic-devicesWe don't really have a choice when travelling to a hacking conference. It's kind of necessary to have a system there.
|
Posts: 52255
Posted: Thu May 14, 2020 10:49 am
Tricks Tricks: DrCaleb DrCaleb: Laptops at my work are encrypted from boot up. No password, no boot.
Still recoverable?
At the border, yeah. They can force you to input your password and unlock it or deny you entrance into the country. Which is why I'd never take a device there. I'd also put my cache on a ramdrive or in /proc somewhere. Right now using a read-only virtual image is my go-to. If you haven't tried Oracle Virtualbox, I recommend it. (even though its from Oracle) Tricks Tricks: $1: I would never take an electronic device to the US. Even though it's been found to be illegal to copy devices, I'd bet they do it anyhow. https://www.npr.org/2019/05/02/71933735 ... ic-devicesWe don't really have a choice when travelling to a hacking conference. It's kind of necessary to have a system there. I've often wondered if you could courier it to your hotel, or use Dropbox for the data that isn't standard image.
|
Posted: Thu May 14, 2020 10:58 am
DrCaleb DrCaleb: Which is why I'd never take a device there.
I'd also put my cache on a ramdrive or in /proc somewhere. Right now using a read-only virtual image is my go-to.
If you haven't tried Oracle Virtualbox, I recommend it. (even though its from Oracle)
ramdrive might help, putting it anywhere on long term storage won't. Because OS's are stupid, they don't properly over write deleted data, they just delete the links to it. So the hex values can be recovered an dumped back into full functional files. Read only image could work, but again, while doing stuff like CTF events, we're having to often install/grab software on the fly. $1: I've often wondered if you could courier it to your hotel, or use Dropbox for the data that isn't standard image. I'd just have a vpn credential to a home server to grab software needed. Veracrypt a flash drive with a duress partition if forced to unlock it. Might be able to do that with a full system drive, I've never tried to run a full system veracrypt with a normal and duress partition, both running an OS. Might give that a shot now.
|
Posts: 52255
Posted: Thu May 14, 2020 11:10 am
Tricks Tricks: Because OS's are stupid, they don't properly over write deleted data, they just delete the links to it. So the hex values can be recovered an dumped back into full functional files. Read only image could work, but again, while doing stuff like CTF events, we're having to often install/grab software on the fly. OS's always have done that. I remember writing ROM BIOS routines to find the 'deleted' file chains and restore them, back in the 80s. Trivial code. Much faster to delete the FAT entry and let it get overwritten naturally rather than scrub it. Tricks Tricks: $1: I've often wondered if you could courier it to your hotel, or use Dropbox for the data that isn't standard image. I'd just have a vpn credential to a home server to grab software needed. Veracrypt a flash drive with a duress partition if forced to unlock it. Might be able to do that with a full system drive, I've never tried to run a full system veracrypt with a normal and duress partition, both running an OS. Might give that a shot now. I always have some sort of VPN back into my NAS at least, for when there is something I need when I'm not at home. It's saved me hours of time more than once. That's also why I suggest a virtual image. Easy to store in free cloud storage (IBM offers the largest, 20GB IIRC) and you can use freely downloadable software to run the image from a standard build machine.
|
Posts: 19875
Posted: Thu May 14, 2020 12:07 pm
Now I’ll just wait for the Gadsden Flag, gun waving crowd to go protest this...
|
Posted: Thu May 14, 2020 1:29 pm
DrCaleb DrCaleb: OS's always have done that. I remember writing ROM BIOS routines to find the 'deleted' file chains and restore them, back in the 80s. Trivial code. Much faster to delete the FAT entry and let it get overwritten naturally rather than scrub it. Right, the problem is with older drives, they were small, and it would get re-written relatively easily. For your average user, they may never write 1 tb worth of data to their drive, and the system won't re-write over deleted content until it reaches the end of the drive. Makes forensics easy. $1: I always have some sort of VPN back into my NAS at least, for when there is something I need when I'm not at home. It's saved me hours of time more than once. That's also why I suggest a virtual image. Easy to store in free cloud storage (IBM offers the largest, 20GB IIRC) and you can use freely downloadable software to run the image from a standard build machine. Except now you're trusting IBM. I'd rather just build one. ![Laughing :lol:](./images/smilies/icon_lol.gif)
|
Posted: Fri May 15, 2020 9:38 am
Oh thank you Bernie Sanders for defending the 4th Amendment privacy rights BY VOTING..... oh wait. Controlled Opposition, paid in full. No refunds, bitches. ![Twisted Evil :twisted:](./images/smilies/icon_twisted.gif)
|
Posted: Fri May 15, 2020 10:06 am
Martin15 Martin15: Oh thank you Bernie Sanders for defending the 4th Amendment privacy rights BY VOTING..... oh wait. Controlled Opposition, paid in full. No refunds, bitches. ![Twisted Evil :twisted:](./images/smilies/icon_twisted.gif) Ah yes, the majority of Republicans voted the wrong way, but it's Bernie's fault. One guy should be the one who is responsible for this failing, and not all the pieces of garbage who voted to not ban this.
|
Posts: 35253
Posted: Fri May 15, 2020 1:23 pm
Martin15 Martin15: Oh thank you Bernie Sanders for defending the 4th Amendment privacy rights BY VOTING..... oh wait. Controlled Opposition, paid in full. No refunds, bitches. ![Twisted Evil :twisted:](./images/smilies/icon_twisted.gif) He was afk but has some 'splaining to do: Kyle makes a great point thou. The vote is called in advance and even if the 4 who didn't vote did there was a 100% chance that enough of people who did vote against would have flipped creating the same result. It's creepy, it's crazy and it is exactly the reason why so many people have unplugged from the whole process.
|
|
Page 1 of 1
|
[ 15 posts ] |
Who is online |
Users browsing this forum: No registered users and 20 guests |
|
|