Hacker News new | ask | show | jobs
by sumtechguy 996 days ago
The likelihood of them showing and doing that is low. However, the likelihood of them showing up with a set of USB drives and just running rsync/cp/dd is higher.
1 comments
heyoni 996 days ago
Normally you unplug the drives and take them to a lab. Never let the host operating system continue running with those disks!
link
jstarfish 996 days ago
Maybe in the 90s. Unplugging the drive is how you kick FDE in now. The drive only has value while mounted and running on the host OS.

Even cellphones...you want them running decrypted, but inside a Faraday cage of some kind to block remote wipes.

link
heyoni 996 days ago
I don’t know how FDE works so thanks for the correction. I’ve read stories about feds pulling out drives and asking for keys later.

But to run dd wouldn’t you need root access? And couldn’t you use that to dump the FDE keys from memory?

link