Are there encrypted hard drives that forensics cannot read?
I read in a comment that it would be possible to read a hard drive using an electron scanning microscope and thus bypass its encryption.
Is something like that possible? I mean, the data is actually encrypted. What's the point if I can read the data without understanding its purpose? It's not like you put some kind of lock in the beginning and then the data is written down normally. And something like that would only be possible with an outdated HDD. With SSDs, the storage blocks are electronic. How you get to them is a mystery to me.
Is there a bomb-proof encryption that even the NSA can crack?
(2 votes)
Loading...
That’s all bullshit. The reading of hard drives with such a microscope is theoretically feasible. Practically, no one would do that. 1 million euros and reading would take months. Then you need to reassemble the data and clean it up as sectors not only contain the data but also markers and ECC information.
Apart from this, HDDs store data in cylinders. Say you have to separate the individual traces of the individual gastric discs and then rearrange the data.
This is because switching between the heads is faster than a track change!
So no one is running the effort because we are talking about working hours of 6-digit costs per HDD…
There was once a prototype of such a machine. However, since defective heads can be replaced more simply and cheaper, this would be only an option for scratched or broken gastric discs. But then it is questionable whether you find the data you are looking for. Therefore, the device was a commercial flop because no laboratory wanted to buy it.
But even if the data were still encrypted and you would have to crack encryption.
I use hashcat or passware in the lab to crack passwords. If the password is too good, I can’t go on.
The difference to larger laboratories is the available computing capacity. In the case of passwords, this means that for each additional location, cracking becomes harder by a factor of 80-100.
So if I want to crack a place more in the same time, I would have to buy 79-99 more at my RTX2060 or even less RTX 4090er, etc.
So I would have to increase my computing capacity by 80-100 times…
On the subject of backdoors for authorities I don’t want to speculate around here. However, you also have quite different problems than “just” the encryption of the plate once the NSA wants to your data and secrets – e.g.:
They can also quickly install devices into your keyboard to monitor your inputs: https://www.keelog.com/forensic-keylogger/
Similar devices are available for networks – e.g.: https://shop.hak5.org/products/packet-squirrel-mark-ii
Here are the built-in variants that you could get into a computer not sold freely like the Squirrel and I also did not find a picture. The Squirrel shows the principle very well and I already used such devices at Pentests. Even in companies, the thing has not been discovered for the Pentest over the entire two weeks…
What works great with this is the Keylog cable! It had already been subverted by some employees and then finally picked up the inputs by WLAN…
yes there is, but have forgotten the name of the program and is already older but therefore not worse. It would take many years to decrypt it with immense computing capacity
Hello,
With encryption, you will naturally strive to prevent all external access, forensics or not, and this will also be impossible to achieve in a human life at 256Bit.
Disk Encryption | Windows 10 | Secure Device | IT Security | Email and Internet | Communication, Information, Media Center (KIM) (uni-konstanz.de)
LG
Harry
If the data is stored encoded on the hard drive, you can’t start anything without a key, whether you can read it.
AES-256 is considered to be a secure encryption standard, for which it takes centuries to crack the key. But can become uncertain when quantum computers work.
Hope that has helped;)
can I take this for my Linux system plate? does that bring added value to hacking security? I use asl additional protection for my Linux(Ubuntu) a Yubikey.
Hackers crack your password – the most secure encryption does not use anything if your password is easy to crack. Here, for example, a list of passwords I extracted from zig different data leaks: https://sourceforge.net/projects/wordlist-collection/
Right. But do you have MFA in encryption? What I wanted to do is that the safest combination does not help if you use Maxi123! as a password at the end.
But with a YubiKey you need both. Even if your password is cracked, you still need the physical key. It is also more relaxed because you only need to touch the YubiKey for Sudo commands.
On an FP, whether SSD or HDD, the data is available only in the form of 0 and 1, and not in, for people, readable form.
You just need some exercise. I look at many in Hex editors as a forensic. These calculate only from 8 zeros or A 2-digit alphanumeric representation for more compact display:
The documentation of the respective file format or file system next to it and you can decode everything by hand. So does a program make much faster.
For example, if you want to check if a program works correctly, you need to check by hand if it is true.
if it has been encrypted, there is always the possibility to decrypt it, it only depends on how good the one is sitting there.
What do you think of these techniques?
Military…
I’m just saying enigma. Encryption does not exist only since World War II….