Reply to post: Re: Defeating Draconian laws

Brit broke anti-terror law by refusing to cough up passwords to cops

Cynic_999 Silver badge

Re: Defeating Draconian laws

This is an older one, but there are others:

https://hal.inria.fr/hal-01056376/document

also this has some brief summary:

http://www.forensicswiki.org/wiki/TrueCrypt#Hidden_volumes

The first is interesting, but assumes that the decoy OS contains "restore points" that has copied parts of the encrypted data of the hidden volume. This is in fact pretty unlikely seeing that the decoy OS will quite possibly not have any restore points, and if it has there is no reason to believe that any restore point would copy data from a part of the HDD that the decoy OS sees as free space. It in any case assumes that the OS is Windows Vista or later, and the best choice for a dummy OS would definitely be Windows XP.

The second is complete nonsense, as it depends on the hidden OS writing data to the decoy OS while it is running, when in fact the hidden OS has no access to the decoy OS so applications running on the hidden OS could never write "e.g. filenames" to the decoy OS.

The thing I was thinking of is that a dummy OS would (a) have a FAT32 file system and (b) not have any recognisable file fragments beyond the limit of a fairly low sector of the HDD. While a HDD that has both these attributes would raise suspicions, they are far from being proof that a hidden OS exists. At best they show that a hidden OS *could* exist

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019