Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How Can I Protect a Hard Drive From Entry and Forensics?


  • Please log in to reply
16 replies to this topic

#1 hazy123

hazy123

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 22 September 2012 - 10:12 PM

Hi guys, I have been browsing the forums lately and I see that most of the posters seem to be professionals who really know what they are talking about. I am looking for a way to completely lock out all unauthorized access from a specific hard drive. I thought bitlocker would be enough so I encrypted the disk using the bitlocker program. Now I have found that it is not completely secure, especially without a TPM, which I don't have. I have been looking for days now and can't seem to find a clear cut secure solution anywhere. How can I protect my drive from even the most professional hacker/security expert/forensics?

BC AdBot (Login to Remove)

 


m

#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:16 PM

Posted 22 September 2012 - 10:37 PM

There's no such thing as perfect protection short of locking your drive in a safe, unused, for all eternity. There's an old computer security saying: "If someone else can touch your computer, then it's not your computer anymore."

If you're worried about protecting confidential data on your machine then an encryption solution is your best bet. You mentioned Bitlocker which is one option; My personal favorite is Truecrypt. Just remember that encrypting your drive does put a chance out there that you could lose access to your own data in a worst case scenario.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 hazy123

hazy123
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 23 September 2012 - 01:03 AM

Thanks for the info. I guess the chance of losing your data is the price you must pay for true protection. Now how do I circumvent the fact that I don't have TPM? I have read that their are ways to bypass bitlocker and truecrypt.

Edit: Deleted unnecessary quote, to be more dialup friendly, and reduce forum post clutter. ~ Animal

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:16 PM

Posted 23 September 2012 - 01:35 AM

There are ways to bypass any encryption software. There are people who make careers out of figuring out how to do it. TPMs can only take you so far.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 AM

Posted 30 September 2012 - 03:25 PM

How can I protect my drive from even the most professional hacker/security expert/forensics?


You'll have to provide us more info so that we can help you. What attack scenarios do you want protection for?
Examples:
someone steals you disk?
someone has access to your computer with the drive while is is powered on?
...?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 MDD1963

MDD1963

  • Members
  • 663 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 08 October 2015 - 02:35 AM

Assuming you have your data backed up, and simply want to prevent brute force attacks in the event your drive or computer is stolen, you could set up additional encryption at the folder level that destroys the data (or entire folder) if the wrong password is entered "x" amount of times....

)

(In fact, that option is available in the encryption/security tab of the free version of Glary Utilities.)


Asus Z270A Prime/7700K/32 GB DDR4-3200/GTX1060


#7 sAyer

sAyer

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:16 PM

Posted 21 November 2015 - 11:52 PM

I will suggest using VeraCrypt to encrypt the drive. Beneath that I suggest encrypting your most senstive data on the drive with Kruptos2 professional as a second layer of protection. Kruptos2 is not free so if your looking for a something free then look at Kryptelite. If you don't mind spending the money Kruptos2 is hands down the best file/folder encryption software available. After that just to tidy up the drive download and run Privazer cleaning the free space with the option set to the 7 pass Bruce Schneier's method. Then follow up with a complete defrag. You can also set a hardrive password in your BIOS for just another step of protection.

 

http://www.snapfiles.com/get/veracrypt.html

 

http://www.kruptos2.com/kruptos2.html

 

http://privazer.com/

 

http://www.freewarefiles.com/Kryptelite_program_95701.html



#8 MDD1963

MDD1963

  • Members
  • 663 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 10 June 2016 - 07:02 PM

There is no easy way to 'bypass' Bitlocker or Truecrypt/Veracrypt....

 

Use a decently long/random password/passphase, and, your data will take centuries to break into by bruteforce attack....


Asus Z270A Prime/7700K/32 GB DDR4-3200/GTX1060


#9 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 11 June 2016 - 05:28 AM

There is no easy way to 'bypass' Bitlocker or Truecrypt/Veracrypt....

 

Use a decently long/random password/passphase, and, your data will take centuries to break into by bruteforce attack....

Indeed but...

Since Windows 10 there's a great chance (by default) that your "password" is backed up in the cloud and accessible by M$...  :wink:

 

Greets!



#10 JohnC_21

JohnC_21

  • Members
  • 20,493 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 11 June 2016 - 12:07 PM

I don't know of anybody that can crack a Veracrypt encrypted hard disk with AES-Twofish-Serpent Encryption and a long password.

 

https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/

 

In other words, if an attacker knows that you are using a seven-word Diceware passphrase, and they pick seven random words from the Diceware word list to guess, there is a one in 1,719,070,799,748,422,591,028,658,176 chance that they’ll pick your passphrase each try.

At one trillion guesses per second — per Edward Snowden’s January 2013 warning — it would take an average of 27 million years to guess this passphrase.

 

 



#11 SafetySteve

SafetySteve

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California.
  • Local time:07:16 PM

Posted 15 October 2016 - 02:55 PM

I realize that this is an old post, but the topic continues to be relevant.  

 

I believe in a layered defense.  Such as:

 

1.  Many laptops and some desktops geared towards business have settings in BIOS that allow you to set a hard drive password.  By hard drive password I mean a password that is enforced at the hard drive level, not the computer level.  The BIOS is simply communicating the setting of the password state and communicating the password to the hard drive device.  Once the hard drive is password protected, unless you enter the correct password the hard drive acts as if it is dead.  Even moving the hard drive to another computer will not allow the reading or writing to the hard drive.  Yes, I do know that there are services and devices that can bypass this protection.  But it is a good lock in that it will keep most people from being able to read or write to your hard drive.  

 

2.  Encrypt the entire hard drive.  There are numerous products that do this.  Research them.  Realize that encryption by itself is not enough.  There are ways of compromising encryption.  Such as having a camera that watches you type in your passwords.  The simple camera trick has been successfully used by law enforcement and others many times.

 

3.  Deny access to the computer.  As another poster has said, if someone can touch your computer, they can own it.  Do not leave your computer unattended or unsecured.  Putting a laptop in a safe when not in use is a great idea.  Keeping it in a locked room or container of some sort is a good idea.  Limit the number of people who have access to it.  Make access much more difficult.

 

4.  Practice exceptional computer security practices.  Once you are logged into the computer if someone can trick you into running their program, your encryption can be bypassed.  

 

5.  Use tools that monitor SMART status of your hard drive.  Keep track of how many power on cycles and hours are on your hard drive.  If you come back to your computer and notice that your hard drive has another hour of run time and an additional power on cycle than what you expect, you must assume that your hard drive has been cloned.  

 

6.  Only use your computer in sterile/secure areas.  Once again, if someone can capture your passphrases with a camera or over shoulder surfing, then your data can be accessed.  If someone can grab your computer once you are logged in, same thing.  That has happened in some high profile cases.

 

7.  You must never allow an untrusted device to plug into your computer.  Your friend's USB drive should never be plugged into your computer.  

 

8.  Know the laws for your jurisdiction and where you travel.  Understand under what circumstances your device can be searched.  Understand what the consequences can be for not unlocking your device.  Understand that your biometric thumb print can be compelled easier than something you know like a passphrase.

 

9.  Learn how to hide data not just lock it up.  

 

10.  Use encryption regularly. 

 

11.  Learn how to use security hardened Linux Distros for more control over your machine and data.

 

12.  Remember the nut in front of the keyboard is the weak link.  

 

There is even more.  But the above will get you started down that path.  The above will make your device and data a much harder target.



#12 MDD1963

MDD1963

  • Members
  • 663 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 20 October 2016 - 05:57 PM

I don't know of anybody that can crack a Veracrypt encrypted hard disk with AES-Twofish-Serpent Encryption and a long password.

 

https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/

 

In other words, if an attacker knows that you are using a seven-word Diceware passphrase, and they pick seven random words from the Diceware word list to guess, there is a one in 1,719,070,799,748,422,591,028,658,176 chance that they’ll pick your passphrase each try.

At one trillion guesses per second — per Edward Snowden’s January 2013 warning — it would take an average of 27 million years to guess this passphrase.

 

 

Veracrypt and Truecrypt can require not only a very long password/passphrase, but, also linked to a random keyfile, which absolutely must be correct to decrypt the container.


Asus Z270A Prime/7700K/32 GB DDR4-3200/GTX1060


#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 AM

Posted 21 October 2016 - 10:40 AM

 

I don't know of anybody that can crack a Veracrypt encrypted hard disk with AES-Twofish-Serpent Encryption and a long password.

 

https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/

 

In other words, if an attacker knows that you are using a seven-word Diceware passphrase, and they pick seven random words from the Diceware word list to guess, there is a one in 1,719,070,799,748,422,591,028,658,176 chance that they’ll pick your passphrase each try.

At one trillion guesses per second — per Edward Snowden’s January 2013 warning — it would take an average of 27 million years to guess this passphrase.

 

 

Veracrypt and Truecrypt can require not only a very long password/passphrase, but, also linked to a random keyfile, which absolutely must be correct to decrypt the container.

 

 

FYI: this is not the case for TrueCrypt, the keyfile must not be absolutely correct. TrueCrypt reduces the keyfile with a CRC-32 hash. This is not a cryptographic hash, it's just 4 bytes long. So your key-space for the keyfile is 4 bytes, and not the size of the keyfile.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 RolandJS

RolandJS

  • Members
  • 4,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:01:16 AM

Posted 21 October 2016 - 11:42 AM

As Quietman7 would probably say:  you, the end-user, are the most important, the most responsible, part of security.


Edited by RolandJS, 21 October 2016 - 11:43 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (sevenforums)

Clone or Image often! Backup, backup, backup, backup... -- RockE (Windows Secrets Lounge)


#15 batman9

batman9

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 30 May 2017 - 07:08 AM

This is all good advice as far as my knowledge goes. I learned a lot. Accessing someones encrypted hardware and especially knowing in time if our hardware is accessed before you use it again seems to be the weak spot. Being able to change passwords in time. There are good solutions for that , not mentioned here.

 

Preventing access is good but knowing if a device is handled or tampered with before starting it up is probably more important. Often there is no access to a good safe and not every harddisk, camera-storage-card or other device can be well encrypted. Sometimes I want to know if someone has snooped confidential papers (non digitized ones). Most safes can be broken into quick and even unnoticed with the right resources (especially hotel safes); that is easier than breaking encryption and if you do not know that and keep using that now compromised encryption...

 

Want certainty if someone handled, copied, infected or otherwise accessed your stuff?

Put the stuff in an envelope. Simply use one you use to post a letter, or you can use sheets of paper or a newspaper (cheap and harder to duplicate).

In the length an width put a loop of tape around it. Use simple fabric based tape that stretches a bit when pulled (pharmacy or supermarket / DIY store). If you do not have tape that stretches when pulled on, as lesser alternative you could use tape that damages when tampered with or office tape.

Where the four ends meet put your signature with a pen or permanent marker or another (for you identifiable) mark. The mark has to be across the four ends where they meet AND the paper.

Try to open that and put it back together without leaving a well visible trace.

That makes it an absolute art to be done unnoticed if not impossibel, and absolutely impossible if it has to be done in a certain time frame.

Quick, cheap and you will have certainty if someone accessed your stuff.

 

I give encrypted backups to friends to keep them safe for me. When I exchange them for new ones I know in one glance if my data and password are not compromised.

 

Use bubble wrap and tape around your electronics this way when traveling and nobody will think anything about it in terms of security. Also gives you an argument: I will not open it and let you look at my electronics because I have nothing to re-wrap it with.

 

What screen saver type of protection do you use to prevent access when you are called away for a minute?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users