Law enforcement uses anti-virus software to recover suspect's web history

https://www.csoonline.com/article/3...software-to-recover-suspects-web-history.html

 

And then there's Bitdefender: https://www.europol.europa.eu/newsr...tivities-after-globally-coordinated-operation

 

Good read but it isn't really too surprising is it? Ten years ago when I was coding with TC and other digital encryption products I was testing by doing forensic analysis to examine which parts of the drive platter were giving stuff away. We concluded that short of complete device encryption there was simply no way to block access to the data tracks on the drive. NONE! So then what is the answer? You'll have to decide for yourselves but complete device encryption is a must for me. That presents a legal "enigma" because a seized device and a court order to open it puts YOU in the crosshairs. I have been patiently waiting for the first REAL password case to make it to the Supreme Court and then receive an official ruling on the 5th amendment, with respect to this issue. We have had a few cases get close but they never quite make it through, which would set the precedent. If you are afraid (and who wouldn't be) to rely on that premise then you could run RAM based stuff, but its inconvenient as hell and lacks persistence. I elect to use a linux host that never sees workspace and bridges to VM's whereafter the machines are snapshot'd back to virgin followed by Bleachbit just to make sure. When or IF the time comes I need to decide whether or not to take a stand on the 5th or open the drive at least I know the VM's are virgin and the host is clean as can be. Hope it never comes to that.