So here I was relaxing and watching Friends…when suddenly one of my old and almost forgotten ideas popped in my head. The problem context is as follow:
Let’s say you image(or you just want to search) a harddisk and want to know if the person has any crypto containers on his/her harddisk? How would you go about this?
So you got your harddisks encrypted and feel totally secure? Think again.
Investigators have got some nifty devices which are capable of moving your pc without disconnecting it. Effectively bypassing FDE/WDE encryption if you are not used to lock your computer. Although locking doesn’t seem to be the answer nowadays with all those firewire hacks. So what’s left to do?
First of all disable firewire and make sure you always lock your pc. In the strange case that you do not lock your pc I made some easy yet (this hasn’t been tested in a real life situation) effective code to frustrate the investigator. This is just some quick POC (forgive me the messy code) I wrote. In a lab environment this works, so don’t blaim me if this doesn’t work in a real life situation.
DiabloHorn 