[nothxbro]

Question-

I had a idea about how to make this type of punishment non feasible.

Replace the standard truecrypt bootloader with one of a design that has a 'self destruct'

What I mean by that is, when you turn on your computer and the boot loader is initialized it actually deletes its keyfile from disk and only keeps it in ram. If you dont enter the correct password in xxx minutes or if you restart the computer, that data is lost and restoring it becomes impossible.

There could be another option as well, a 'extra' unlock code that you could not prove the existence of, which could overwrite the deletion of the above.

Basically its a way to say "The FBI turned on my computer without asking me for instructions and destroyed my data- Its not possible for me to restore it, but this WAS my password"

[zizee]

In reality, forensic data people tend to just pop the drive out of the machine and connect it to a specialized machine that can clone the drive, whilst ensuring there is no write capability, so it is guarenteed to not modify the drives contents. This is done to preserve the "chain of custody", so the investigators can't be accused of fiddling with the evidence.

I think that the only way to do it would be to have something like a fully RAM disk, that is erased when power is lost. But this is problematic because of power outages, so you would be tempted to use battery backups or something, which would in turn make the system transportable, and more likely to not be deleted.

I guess in the case of the article, it was TSA agents, so your proposed system could do the trick with incompetants.

[gizmo686]

As shitlord mentioned, this is a mistake waiting to happen, (although a random USB/CD somewhere with a copy of the key could resolve that issue). The bigger problem is that I doubt the FBI are that stupid. My guess is they clone the harddrive before doing anything on it.

Even on a 'normal' computer, there is likely minimal benifit to booting normally as a first step; because you will likely run into an OS password. The simplest thing (I guess) is that they routinely remove the HD, clone it, and look at it on another computer, then probably remove the user password and boot it to see what the user would see.

[shitlord]

In reality, that would end up being a disaster. What if a friend or family member turned on your computer to check their email or print their airplane flight pass? They'd give up after seeing the password prompt, and if they don't tell you about it, then all of your data is gone forever.

[prodigal_erik]

You'd probably need to hide custom firmware in the drive to stop them from simply copying the whole thing. And if that became common they'd just start pulling out the platters and reading them in another drive.

[gte910h]

They take the computer and mirror the drive. This doesn't help