Hacker News new | ask | show | jobs
by heyoni 996 days ago
Normally you unplug the drives and take them to a lab. Never let the host operating system continue running with those disks!
1 comments
jstarfish 996 days ago
Maybe in the 90s. Unplugging the drive is how you kick FDE in now. The drive only has value while mounted and running on the host OS.

Even cellphones...you want them running decrypted, but inside a Faraday cage of some kind to block remote wipes.

link
heyoni 996 days ago
I don’t know how FDE works so thanks for the correction. I’ve read stories about feds pulling out drives and asking for keys later.

But to run dd wouldn’t you need root access? And couldn’t you use that to dump the FDE keys from memory?

link