+- AiOwares (https://www.aiowares.com)
+-- Forum: Cyber & Forensics (https://www.aiowares.com/forumdisplay.php?fid=65)
+--- Forum: Cyber Crime Investigation (https://www.aiowares.com/forumdisplay.php?fid=67)
+--- Thread: The importance of the computer being on (/showthread.php?tid=1523)
The importance of the computer being on - Bl4ckCyb3rEnigm4 - 12-17-2019
It's important during an arrest of a cybercriminal that the computer is powered on. That because the cybercriminal can have installed a program that decrypt the disk at startup only by inserting a password or because you want the login credential to a site. An example of a program that encrypt the disk is VeraCrypt. VeraCrypt infact is able to encrypt the disk with a password and decrypt it at startup, that means that if the computer is shutted down the only way to do forensics over it is to know the password. You can try to do a dictionary attack(trying common used passwords) to decrypt the disk, but if the cybercriminal chose a good password, there is nothing you can do. If someone of you want a thread about how to use these programs, let me know. Here the link for the interesting article about disk encryption.(I suggest you to first read this post https://www.aiowares.com/showthread.php?tid=1446 to understand how that can be possible)
Code:
https://www.zdnet.com/article/cryogenically-frozen-ram-bypasses-all-disk-encryption-methods/RE: The importance of the computer being on - Cerberus - 12-17-2019
Very interesting...please share.
RE: The importance of the computer being on - underdoq - 09-06-2021
Really interesting, is it true that authority's can get all data that was ever on storage media. I guess they can access it with some software that works on deeper levels then ordinary user have access to.