Can i lock and unlock entire disk drives

Discussion in 'privacy technology' started by majorpain, Feb 24, 2017.

  1. majorpain

    majorpain Registered Member

    Joined:
    Jul 22, 2016
    Posts:
    32
    Location:
    tennessee
    I was wondering ok you know how if a hard drive is taken out of the computer it can be read and written to mainly written to or if a drive containg a boot partition or os is put in the computer the drives in that computer can be accessed by say a rouge disk or rouge usb or whatever was wondering because someone copuld easily then copy a virus or somthin to the computer right? so I was wondering

    is there a way to lock the drive so that only when I sign on can any of the drives be written to. also I have a Samsung 960 nvme / m.2 drive how would I secure that from such attack.
    now while not all that important I was curios about this, after looking for a new hard drive to purchase I ran across a drive on newegg that said something like Seagate secure. not sure if I can post the newegg link here or even if there is an affordable self encrypting drive that denies being written to accept when logged in or whatever. is this model number really a self encrypting drive Seagate BarraCuda ST1000DM010 does self encypting drives have reduced speed?
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,353
    I am going to avoid opening a "can of worms" on your request ignoring the hardware side of technology. That is another discussion than what follows. There is a software approach that will accomplish what you request (in essence), and it gives you more predictable control since the best cryptography is open sourced. Let me give you the perspective of a forensic examiner, so go ahead and borrow "those" eyes as you visualize this. Take your hard drive and use FDE (every sector is encrypted other than the MBR (512 bytes). A quality encryption product hides anything inside the data package while closed, and removes even recognition of the internal filesystem from external analysis. If you attempt to examine such a hard drive (assuming its constructed properly) you will receive an echo of RAW/unrecognized by examining tools. Lets take that and apply it to what you are wanting to do. Now I Mr. Examiner cannot introduce new data into this locked package because I cannot speak the language it understands. I would need the encryption keys to speak/communicate with the data package. So, what are my options? Do nothing if I intend to maintain stealth of drive analysis. Or, I could manually destroy the encryption block by forcefully creating a new filesystem and then writing data to the previously encrypted platter space. I am pretty sure that would stick out like a "sore thumb" and obviously upon your next boot attempt the entire system would fail. Certainly the password would render the most obvious response to such an invasion of its data package, because it would FAIL.

    This approach is predictable and in my view more fullproof than using anything hardware lock based. Those applications require TOO much trust and are in their infancy, with scary stories about backdoors and such.

    I further backup the "virgin" MBR file, which is the only thing un-encrypted on the hard drive, and I run a checksum on it BEFORE opening my encrypted drive. Using a grub4dos flash I can easily confirm nothing in that MBR file has changed so I know that it remains "pure" before I use my log in credentials. You may not need the approach I am proposing here, but it is very easy to maintain and use once set up. The hardware version is controlled by the drive mfg's and you'll need to decide if that is for you. Its not for me.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.