DiskCryptor guides? Not sure if I can do this...

Discussion in 'privacy technology' started by TheCatMan, Oct 24, 2013.

Thread Status:
Not open for further replies.
  1. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    Hi I tried looking on the main website and even googling for some user guides on using DiskCryptor, but it seems like there are none around ?

    I would like to ask is it possible to encrypt the entire full hard drive with windows 7 and use a bootloader via a pen or cd to load up the encrypted windows 7, but to also ask for a password. So a bootloader and password just to boot the encrypted os.

    Is this possible?

    If so would appreciate a guide or some guidance thanks
     
  2. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    259
    Yes.

    Go to "Volumes", select "Encrypt Volume", carefully read instructions on the screen and select Install boot loader in USB or CD (your choice).

    The boot loader is not a keyfile so of course you will still need a password when you boot.
     
  3. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    Sure. The way I do it everything is encrypted except linux partitions (decoy OS) and the 100 MB boot partition. If I have no flash drive/CD/ISO with diskcryptor boot loader inserted, then the computer boots the linux system. If the flash drive is inserted, it asks for password and if password is correct boots the encrypted Windows 7 partition and also automatically mounts other encrypted partitions. You can also use a keyfile instead of or in addition to the password - the idea is you can use a shorter password, or just have the flash drive or cd include the keyfile and load it automatically, but no password, so the computer boots to the encrypted system automatically when that drive is inserted, but without it cannot be booted (naturally you may want to change the BIOS boot order settings to boot from flash drive or cd before the hard drive). As for the 100 MB boot partition (if you use it), it should not have any references to your encrypted system. You can use it to boot linux or other OS, but then also have the boot files in your encrypted Windows partition (normally C: ) to load Windows once unlocked by the flash drive or cd with the DiskCryptor bootloader on it.

    Anyway, before you encrypt your system for real, you can do it first to a VM to test it out. Just make the VM small so it doesn't take a long time to encrypt it and give it the features your real system will have such as extra paritions, decoy system, boot partition and so forth if applicable and then try to boot it the DiskCryptor bootloader ISO.
     
  4. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    thx for help guys

    I like the idea of FDE of the entire hdd, if I was to use pajenns excellent idea would it not have an element of risk ie an adversary may work out from the partition sizes that one os has a linux and what happen to the rest of the size of the hdd ?

    Going FDE obviously the question would be how were you using a pc with a blank os, or we have logs you used it only 2 days ago ?

    I find it tricky to get that balance and plausible deniability side right !
     
  5. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    Also more questions before I try it out. I have backed up just in case so if worst comes to worst ill spend a few hours reloading it all !

    Can I encrypt with my os/data already on the drive ?

    Also when I have a System Boot partition and also my C drive Windows partition, do I encrypt both and System boot first ?
     
  6. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    With encryption, it is usually recommended to go the advanced partitioning route, and just have a "C" partition for Windows...none of that 100MB partition stuff. If you present the Windows installer with an un-formatted partition, it will want to create the 100MB one. If you just give it an already formatted partition, it will install everything there.

    If you are using an SSD, I would use Mini-Tool Partition Wizard to both make one partition *and* align it for SSD use. It is free. Make the bootable one on CD or USB.

    This of course, requires a fresh install.

    PD
     
  7. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163

    The problem with trying to use the "Oh I just wiped that partition" tactic for plausible deniability, is the possible existence of info on that partition in the partition table, as well as the disk signature bytes. If that info is anywhere on the "decoy", or on the encrypted partition, you are hosed.

    Search the TC forum for a topic called something like cd/usb bootloader. It explains the details. Now, toward the end, it *looks* like if you use the method of TC hidden OS *but* don't finish the process and just run an un-encrypted decoy - that "wiping" ploy *may* work, because all Windows sees upon re-install, is a raw partition = can't be used. And what I liked better is that one guy mentioned that instead of saying "wiping", you just say you encrypted to an unknown key = same as wiping :D As a last resort, you just open the outer volume and are still protected by the hidden volume. Of course, your *barrister* should be relaying all this info, LOL.

    But - all that is TC specific. You'll have to investigate on the DiskCryptor forums I would imagine - to see if the same thing can be attempted. I've never used DC.

    PD
     
  8. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    Never mind the barrister relaying it, he would have already walked out upon mentioning tc :D

    I still like your idea of FDE and bootloader via iso or off the sd card idea.

    I feel the hidden os and structures, missing space is a dead giveaway and as you said any data or info could still be stored on the decoy os or partition...

    With FDE, one could say I wiped it with dban cd or formatted it due to Viruses, while suspicious no other way to prove otherwise, but what would happen if the bootloader is discovered :eek:

    I think the story is critical

    The line about saying I encrypted to an unknown key

    Maybe fatal, your giving away too much information as in your able to perform and understand encryption and it shows your tech savvy to delete possible criminal activity.

    Remember its a war against the illegal thought adversaries ;) Someone on here suggested it well and that was to always act dumb hence perhaps best to be keep it simple and few words as in I wiped it with a software.
     
  9. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    Yeah my boot partition is my pcs recovery iso/ I would need a clean full copy of windows to do what you mentioned. I see many folk getting thrown off with the windows 100meg partition or that recovery partition drive, one C drive partition is easier, will try your format partition method first.

    I also have another silly idea perhaps but not sure...

    2 hdds in one machine

    1st hdd: Linux ubuntu Distro as Main os, for family and general surfing
    (One could put some fancy wallpaper and fill it once a week with pictures/docs)

    2nd hdd: FDE, requiring bootloader and then perhaps one can still press F12 for quick boot off 2nd hdd ?

    This way anyone would think its just an empty hdd, no word or mention of encryption, any questions asked why its empty.... since I only use linux os and other drive is empty.

    No idea if this is the best of both worlds though....
     
  10. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    my thinking was that if I have to boot my laptop at customs or someone boots it without my knowledge, for example, then it'll boot normally to linux with nothing private in there. if they take a closer look they'll notice the "unformatted" partitions and may guess they contain an encrypted system, but I can always deny it and say I cleaned them recently because I'm about to update to Windows 8 or something. at the very least it's pausible deniability. for me that's enough. unless you are a secret agent or something i wouldn't try to over do it.
     
  11. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    With DiskCryptor at least you can encrypt your OS and data partition or even external hard drives without destroying the data. However, it may take a long time so you probably have to leave your computer running over night to do it and it cannot lose power or experience a shutdown while being encrypted or you might lose everything.

    The reason I kept the 100 MB boot partition unencrypted was so that I could edit the boot files on it with EasyBCD and easily add recovery disks or other media to the boot menu that can be loaded from the boot partition itself or another unencrypted partition. Obviously it should have no references to the encrypted OS or the DiskCryptor bootloader. but you could put linux SliTaz iso (~35 MB) or Damn Small Linux iso (~50 MB) in there and make it bootable, or make the boot partition bigger and put other bootable ISO in there. in the end though it may be better to get rid of the 100 MB boot partition altogether as others have suggested and just to boot recovery or anti-malware systems from flash drives and CD's.
     
  12. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Plausible D requires *some* knowledge of encryption. You know about secure wipes, how to install Linux, etc... but not encryption? :D IMO, it's a lot more plausible to open an outer volume with a hidden container inside, than try the "D-ban" excuse of a single/plain encrypted partition. And if they don't believe you (proof not D-ban; partition table/disk signature bytes), where do you go from there? It's either decrypt the real goods or jail. TC hidden OS with unencrypted decoy offers 3 levels of Plausible D: 1. Boot unencrypted decoy. 2. Encrypted 2nd partition to unknown key. 3. (After being hit with a wrench) Open outer container.

    Also, you can delete criminal activity all you want, it's only after you've been notified that you can be charged with obstruction. Also, "possible" means nothing, they have to *prove* criminal. YCMV (Your Country May Vary).

    PD
     
  13. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    oh if it just where that simple pauly , ok so how in hell would this be any different from just using the regular tc hidden os setup both offer the same level of plausible deniability hell if not alot less imo , not to mention you remove layers of plausible deniability once they find out youve got found out running an encrypted tc volume and why you would want to hide that fact by not having the tc bootloader on the os drive, aka having two partitions as described per tc tut over at the homepage , just saying

    i quote >


    entire above quote in one word , to have your important data like family pics/work data seperate from your OS thats why youd need a 2nd partition , why run an unencrypted os decoy but an encrypted volume for important data , makes no sense from a security standpoint and for people that actually employ real plausible deniability aka having IRL data stored on the decoy is not an option or shouldnt be, but wheve had this kind
    of conversations several times over ;)

    when it comes to true plausible deniability, your plain unencrypted decoy without IRL data would thwart but only the most braindamaged of agency that doesnt know theyre way around the basics of plausible deniability nor how a average person goes about his daily workings wich in both cases would be highly unlikely , not to mention if your afraid of evil maid attacks make use of bios password , that way youll know if your password has been changed or why your bios is booting without the password all of the sudden , that will be one indication of your system being breached of unauthorized access or of course physical manipulation , always check your system for manipulation if it hasnt been with you 24/7 , considering your in a hotel , food for thought


    so very true indeed , youd be surprised what innocent people can be charged with without any apparent "evidence" , as if it where so difficult for any sophisticated entity to "prove" your "guilty" in court, apparently you and i live in different worlds or just dont know how corrupt the system actually is , laws and proof are things that can be bent to will depending on need and interest in you as too has been repeated over and over and with a little research theres a ton of information out there , but im sure you already knew about all this :ninja:
     
    Last edited: Oct 26, 2013
  14. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Because all my interaction with agents, has been "turn this on". I'd rather boot a "normal" Windows, than a "Enter Passphrase:_" That's just me, do what your comfortable with.

    PD
     
  15. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    sure shall do so , just putting it out there ;)
     
  16. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    pajenn: thx good to hear you can encrypt away with your os/files already on the drive with dc

    paul d:

    Yeah the wipes bit is tricky, but if possible to always act dumb and just say it was formated and it took ages so you gave up ? :)
     
  17. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    I guess am still trying to find that perfect setup I still like the hidden os tc method but I guess I prefer the dc method of FDE with bootloader.

    So next question is can TC also do FDE and boot from a bootloader ?


    Also another wild n wacky idea (maybe stupid!)

    C drive : Linux os (set to bootable)

    D drive : FDE with bootloader required


    Better idea? Cos to me it feels the best of both worlds, but it could be a bad idea.
     
  18. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Yes, search GRUB4DOS on TC forum. bob7 gave a method to put your rescue.iso on a USB/SD drive. You then get rid of the disk bootloader, and that depends on how you did FDE - Normal or Hidden OS.

    PD

    P.S. Your method depends - Modified Hidden OS, or Normal? If Hidden, yes. If normal, I'd say it's weak. Partition table and sector bytes could give away normal setup. And then what? With hidden, you then open the outer volume...there is nothing saying there is a hidden OS in there. JMO.
     
  19. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    thanks will check tc forums for the info.

    Was thinking more 1st hdd - C drive linux or windows, 2nd hdd - D drive full disk encryption with bootloader+password to access it (with real os)

    So this way anyone switches it on gets C drive linux or windows... D drive is empty or not accessible.

    forensics have no evidence of tc or dc or encryption, a scan on D drive will show its clean or empty or filled with 0s, 1s at most.

    No good ?
     
  20. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I'm not qualified to answer if it's good or not, but going by what the gurus on the TC forum say, the only way that you *might* get away with saying "I don't know what that is"...is a modified Hidden OS setup. All it is then, is just a completely encrypted partition...no partition table, no signature bytes, nothing.

    The OS reinstall on "C" will see it as a raw partition, and unusable until formatted.

    Your backup is that it is actually a container, and you can mount the outer volume to show whatever...the OS remains hidden.

    Use Linux if you want, that'll work too. But from what I could find only a Hidden OS setup will give you what you seek...a "normal" TC install leaves info that that disk actually *is* something.

    Oh, and the partition will be random data, not 1's and/or 0's.


    PD
     
  21. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    thanks pd

    always good to hear different wilders opinions, there is most likely more then one way to skin a cat as always.

    I think ill post on tc forums and see if anyone else things am barmy lol
     
  22. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    Yes you are right, its random data.

    Now I see why you were suggesting earlier I used encryption to wipe it and just bashed on the keyboard with a random unknown password to start the process :D

    Tc forum guys are hardcore they pretty much take a long time to respond and even when they did they suggested there is kinda no plausible D since an adversary will believe in what they "want" and your already a criminal !

    One guy suggested a good excuse to finding a FDE with random data is
    I used shredding software with random numbers for future use.

    But not too sure about that one either lol, is there even a software that does shredding to random data?

    any other smart reasons why a hdd has random data ?
     
    Last edited: Oct 31, 2013
  23. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    I have to bump this thread, I have read tc documentation on hidden os and read it a few times and now understand it much better, although not complete but better then before!

    I have noticed on other forums, paulyd's method of unencrypted os and booting C drive is popular......seems many others have that notion to not reveal tc existence like myself ! in this case random password encryption for hidden os is the only sound excuse.... but then this could work against you.

    happyyarou666's plan I believe is right out of tc documentation, and offers even better plausible deniability and explanation of why 2 partitions exist, os is for a quicker performing encrypted partition and other encrypted partition (outer) is more heaverly encrypted and slower but more secure for personal data and all per recommended via tc program, your I think suggesting no point in having a bootloader separately since it shows your hiding something and worse opening the outer layer they may wonder why you did not just encrypt the main os then, so your perhaps still hiding something or another partition like the hidden os ?

    If am mistaken please correct me on the above :argh:

    I guess its assumptions they get this far or are smart enough to grasp even the basics of plausible deniability, but it does appear many others have the plausible deniability "excuse" not figured either, some are leaning on either methods or variations of it while others just do what is comfortable and perhaps if they are confident there excuse of PD will actually work...

    I guess with happyyarou666s method if it reached right to the end... no way to prove your not wrong you got explanations of 2 partitions if it gets that far and with paulys you may get suspicions, then again you may not if they just switch it on and see nothing wrong.

    I will do much more reading on tc forums, already seeing some arguing and debating regarding the methods we mentioned ;)
     
  24. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    People get hung up on the "what to tell them". I don't - I just say "am I free to go, or am I being detained?" If the latter, I say "Lawyer". YCMV (Your Country May Vary).

    PD
     
  25. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    To answer the questions you posed regarding shredding (erasure) using random data.

    The short answer is that numerous different softwares allow the user to select overwriting with random data, as opposed to overwriting using all zeros or all ones. The reason is that overwriting with random data has been believed to be a more secure method of preventing recovery of so called residual data remaining on the HDD even after overwriting.

    The possibility of remaining residual data is based on the physical construction and workings of a HDD drive. Although the drive reads the HDD surface as though it is a series of digital zeros and ones, the real world drive surface isn't that simple. In reality, magnetic charges on the HDD surface are considered to be zeros or ones depending on whether they are less than, or greater than a predetermined threshold. Moreover, the allowed surface location of each charge reading isn't precise to the level of specific atoms.

    The above factors lead to a theoretical possibility of residual data remaining on the HDD surface even after data is overwritten. More specifically, different places on the drive that are read as identical zeros may have non-identical magnetic charge parameters that are simply ignored by the HDD magnetic heads. Moreover, it is theoretically possible that at the atomic level, some of the atoms in each bit area, or sector, aren't overwritten as thoroughly as other atoms in the same sector (atoms at the sector edges, or example).

    It has been proposed that any residual magnetic data might be recoverable and readable using sophisticated magnetic imaging instrumentation that is significantly more sensitive than the normal HDD read/write heads. According to the theoretical possibility, one would 'subtract' the magnetic charge added by the overwriting step, from the actual magnetic charges of all atoms of each sector of the HDD surface. This in turn could theoretically reveal the magnetic state of the HDD sector prior to the overwrite process, allowing recovery of the overwritten data.

    In the case of overwriting with all zeros, the data added by the overwrite process is known and is uniform for each sector, so the process of subtracting the overwrite magnetic data from the actual surface magnetic data would give a substantially better data recover possibility as compared to overwriting with random data since data changes are non-uniform, and in the case of multiple random data overwrites, it wouldn't be known what random data was written prior to the final overwrite.

    Its obviously complicated, and these days, conventional wisdom is that any overwrite should essentially eliminate the possibility of residual data - HDDs put more data into much smaller spaces, etc. No reports in literature have ever convincingly demonstrated substantial recovery of residual data AFAIK and a recent study reported that researchers were unable to recover any useable data following a single overwrite.

    Still analytical instrumentation can vary widely and it's not necessarily clear that even an extremely good test is representative of all analytical instrumentation, or that future analytical techniques will have the same limitations as current techniques -- and government labs in particular might have test equipment and processes unknown to the public.

    Hope this helps.
     
    Last edited: Nov 5, 2013
Loading...
Thread Status:
Not open for further replies.