ISIS Encryption Opsec

Tidbits from the New York Times: The final phase of Mr. Hame’s training took place at an Internet cafe in Raqqa, where an Islamic State computer specialist handed him a USB key. It contained CCleaner, a program used to erase a user’s online history on a given computer, as well as TrueCrypt, an encryption program that was widely available at… Continue reading ISIS Encryption Opsec

Samsung SSD 850 EVO. Best way to protect personal data against thiefs

I’m wondering what is the best way to protect my personal data stored on Samsung SSD 850 EVO in Linux?

I did some research and found this.

To set an ATA password, simply access the BIOS, navigate to the
“Security” menu, enable “Password on boot” and set an “HDD Password.”
Administrators also have the option of setting a “Master Password,”
which can allow a lost user password (“HDD Password) to be recovered.
The “Master Password” may also be used to unlock and/or erase the
drive (depending on the settings), effectively destroying, and thus
protecting, the data but allowing the drive to be reused.

(http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/whitepaper/whitepaper06.html)

I steal your laptop. You have a password set on the hard drive. Oh
well looky here i have another PC that support this kind of hard drive
password encryption (Not all do and most desktop’s don’t support it
except for business class like the dell optiplex which is what i did
all my testing on). I go into my BIOS. I set an Admin password on my
BIOS. I turn off my PC, plug in your drive, turn it on, go into BIOS.
But you are thinking WAIT! it ask for the hard drive password before
you can even get into the BIOS! Errrr WRONG! I use MY admin password
for your hard drive and I am in my BIOS. Now i go to the hard drive
password, and change it using MY ADMIN PASSWORD AND THE CURRENT
PASSWORD, and then either set no password or changed it. I reboot, I’m
in, your files are mine.

(http://www.tomshardware.co.uk/answers/id-2813442/encryption-samsung-840-ev0-ssd.html)

In other case I can use additional OPAL software msed (https://vxlabs.com/2015/02/11/use-the-hardware-based-full-disk-encryption-your-tcg-opal-ssd-with-msed/) or use software based encryption utilities like TrueCrypt and accept all performance issues.

In other words
– is it really so easy to decrypt Samsung EVO 850 hard drive password?
– will msed usage be more secure in my case or TrueCrypt is the only solution?

Continue reading Samsung SSD 850 EVO. Best way to protect personal data against thiefs

Acquiring Memor(ies) from 2014

2014 is extremely volatile. Any minute now, it will be gone. Thus, we wanted to take a minute and preserve some of the more exciting memories. Specifically, we wanted to summarize how the memory forensics field and Volatility community has progressed t… Continue reading Acquiring Memor(ies) from 2014