Comments on: The Hidden Shadow

By: a

Wed, 25 Nov 2009 02:44:06 +0000

BitLocker isn’t flawed. Any machine with physical access can be compromised. COFEE can be used if the machine is still online before it is turned off to try and extract the encryption keys. And TrueCrypt FDE can be broken if someone can get an Evil Maid onto it, last I heard. These are just acceptable risks.

By: Tomasz

Tomasz — Mon, 23 Nov 2009 12:14:04 +0000

There is a way to exclude certain folders by means of a fairly obscure registry setting. I will cover this in my mini-FAQ on Volume Shadow Copy, which I’ll be writing tonight. VSC is a pretty cool feature from a technological point of view.

By: daveyt

daveyt — Mon, 23 Nov 2009 09:31:01 +0000

Did someone just tamper/interfere with the computer? oops, that laptop just became inadmissable.

By: Mark

Mark — Mon, 23 Nov 2009 05:40:53 +0000

@Paul: BitLocker is flawed. lol It can be hacked using Microsoft’s own COFEE tool.

Also, you can disable volume shadow copies manually ;)

By: Infestedtassadar

Infestedtassadar — Mon, 23 Nov 2009 03:36:13 +0000

To start off with, why wasn’t he using FDE (full disc encryption, that truecrypt offers) vs a file container and the machine turned OFF? They cant force you to give the password (see the 5th amendment.)

Ether way, the contents of his laptop more then likely wont be admissible in court, as the data on the machine is in a state of modification once the machine receives power. The officers should of performed a dump of the data in ram and pulled the power to the machine.

By: Paul Whitaker

Paul Whitaker — Mon, 23 Nov 2009 03:07:22 +0000

Why not just encrypt the entire drive with Bitlocker?

By: tony

tony — Mon, 23 Nov 2009 02:19:32 +0000

haha. This is good story-stelling, although I like this feature (seems like a semi VCS), but there should be a wait to disable some folders or files if not, that is a lot of waste of disk space for every folder and file.