[ISN] Full-disc encryption is too good, complain CSI teams

From: InfoSec News <alerts_at_private>
Date: Mon, 21 Nov 2011 03:48:41 -0600 (CST)
http://www.newscientist.com/blogs/onepercent/2011/11/digital-csi-teams-foiled-by-fu.html

By Paul Marks
senior technology correspondent
New Scientist
18 November 2011

Full-disc encryption is good at keeping your computer secure. So good, 
in fact, that it's got digital CSI teams tearing their hair out.

Computer security engineers, including a member of the US Computer 
Emergency Response Team, are complaining in a research paper this week 
that crooked bankers, terrorists and child abusers may be getting away 
with crimes because it is proving impossible for digital investigators 
to unlock their encrypted hard drives. As New Scientist related in 
February, full-disc encryption is a major consumer security leap. It 
scrambles everything on a drive when you turn off your computer, time 
out or log out. But the flipside, of course, is consternation for some 
crime fighters.

The authors of the paper say they face four major problems. First, 
forensics don't always realise FDE is running on an evidence-carrying 
computer and turn it off - so all is lost. Second, when officers copy a 
disc for analysis not realising it is FDE-encrypted, teams waste hours 
of valuable crime lab time trying to make sense of gobbledegook. Third, 
plugging in analysis hardware can trigger a trusted-hardware-only rule 
to encrypt everything. Fourth, some US suspects plead the fifth 
amendment and refuse to give their passphrases, while others lie and 
give the wrong one, claiming the FDE had failed or that they must have 
forgotten the passphrase.

To cope with the FDE era, the US CERT-led team want improved 
scene-of-crime routines and better preparation of search warrants. Their 
conclusion is somewhat hopeless however:

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Mon Nov 21 2011 - 01:48:41 PST

This archive was generated by hypermail 2.2.0 : Mon Nov 21 2011 - 01:55:13 PST