Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] round and round they go

from [Jay] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] round and round they go
Date: Fri, 22 Feb 2008 13:40:00 -0500 
I would think a more realistic scenario might be a person working at an airport 
shutting their system down then getting it stolen vs a forensic examiner 
yanking the cord on purpose. Just an observation.

----- Original Message -----
From: matthew wollenweber [mailto:mwollenweber@gmail.com]
To: lists@datenritter.de
Cc: full-disclosure@lists.grok.org.uk
Sent: Fri, 22 Feb 2008 09:57:55 -0500
Subject: Re: [Full-disclosure] round and round they go

I found the article interesting, but I wonder about it's practicality. If
you have physical access to the box you never really need to power down the
box in the first place and generally if the box is already on, I think most
people would prefer to attack a service to get on the system directly. But
there are some special cases where these techniques will likely be very
useful.

For me, I've always disliked the practice of doing live forensic discovery.
I'd much rather get a clean disk dump than to poke around on the system
first, but losing RAM sucks. Maybe now IR/Forensic guys can get the best of
both worlds? They can yank the power to save the disk state and dump memory
by using the techniques described in the article. :)


On Fri, Feb 22, 2008 at 8:32 AM, niclas <lists@datenritter.de> wrote:


http://blog.wired.com/27bstroke6/2008/02/researchers-dis.html


(cooling down DRAMs keeps their contents for longer time, even during
reboot.)

well, this shows how important mechanical security still is, even with
all the crypto-stuff out there. if you e.g. just *glued* your RAM
modules into your motherboard, the option left would be booting a
malicious OS. a BIOS-password might put delays on that.

so, if it is really secret put your PC in a locked steel box!

as a dircet countermeasure you might as well consider a simple
temperature sensor next to your DRAMs, releasing [evil self-destruction
hack] when temperatures drop below 0?C.

thermite does a good job on destroying HDDs but it's very dangerous.

it's probably more easy to use this device then:
http://www.wiebetech.com/products/HotPlug.php

looking at these two methods, i notice how "they" (whoever) seem to aim
not only on physical access but also more and more on surprising the
crypto-user. "they" might use the methods mentioned above or just hit
you with a flashbang, so you can't press the lock key anymore. this
worries me more than any it-related security flaw. i don't want the
police to behave like that.

n.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
Matthew  Wollenweber
mwollenweber@gmail.com | mjw@cyberwart.com
www.cyberwart.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] round and round they go, keys in ram are ripe for picking..., Michael Holstein
Next by Date:  Re: [Full-disclosure] round and round they go, keys in ram are ripe for picking..., coderman
Previous by Thread:  Re: [Full-disclosure] round and round they go, matthew wollenweber
Next by Thread:  Re: [Full-disclosure] round and round they go, niclas
Indexes:  [Date] [Thread] [Top] [All Lists]