Mutt
Professional
- Messages
- 1,459
- Reaction score
- 1,105
- Points
- 113
Greetings to all, a short article about two methods of protection in case of forensic examination
Disk encryption is just one step towards security. As a rule, the special services act as follows: they wait for the victim so that she does not have time to turn off the computer before the arrest. Even a lockscreen will not save you, because the encryption keys can be extracted with special devices from RAM when the OS is loaded with special devices, having physical access to USB ports. This problem is solved by the USBkill script.
https://github.com/hephaest0s/usbkill
In the script, you can specify a whitelist of your USB devices, and a constantly running process monitors the USB ports and if it encounters an unknown device, it turns off, reboots, or hibernates your computer (optionally, set in the script). Thus, forensic examination can be avoided. Of course, provided that the computer's hard drive is pre-encrypted.
There is an equally interesting project on a similar topic - swatd, which allows you to configure sensors with events.
https://github.com/defuse/swatd
Disk encryption is just one step towards security. As a rule, the special services act as follows: they wait for the victim so that she does not have time to turn off the computer before the arrest. Even a lockscreen will not save you, because the encryption keys can be extracted with special devices from RAM when the OS is loaded with special devices, having physical access to USB ports. This problem is solved by the USBkill script.
https://github.com/hephaest0s/usbkill
In the script, you can specify a whitelist of your USB devices, and a constantly running process monitors the USB ports and if it encounters an unknown device, it turns off, reboots, or hibernates your computer (optionally, set in the script). Thus, forensic examination can be avoided. Of course, provided that the computer's hard drive is pre-encrypted.
There is an equally interesting project on a similar topic - swatd, which allows you to configure sensors with events.
https://github.com/defuse/swatd
