undefined | Better HN

0 pointsSimucal14y ago0 comments

These "wipe the drive" decoy password scenarios would never work in real life unless their forensics team was really inept.

There would be copies made and the drive that has the encrypted volume would likely be accessed with a "Write Blocker" forensic device, or in a virtual environment, etc.

This technique would only tip your hand that the volume contents changed after entering the password.

0 comments

slowpoke14y ago

A technical solution to this might be a form of encryption the requires a writable disk to actually decrypt anything. I don't know if that is possible, but it would effectively prevent these safeguards to work. And remember, you don't need to wipe the entire drive. Changing a few random bits in the decryption key would already forever turn the drive contents into unreadable garbage.

fmx14y ago

Even then, there would be nothing stopping an adversary from making a bit-for-bit copy of the data and attempting to decrypt the (writable) copy.

j / k navigate · click thread line to collapse