plausible deniability idea ?

Hi whacky and silly idea, but was just thinking while we have work around methods like true crypt hidden os and tc containers within more containers.

How about this idea.....

just create a ram drive, create the vm virtual hdd file within a Ram drive.

Install whatever windows or linux under VM running under the Ram drive, delete or close ram drive when done, or create a safety snapshot with all software/config setup.

This way no evidence of encryption software/use or passwords or why no o/s installed, or why hdd filled with 0s and 1s, no questions asked at all from an adversary this way.... provided you remove the VM or cut the power to the pc?

 

Never use plausible deniability, it requires that the other party cares about your opinion. If we say its there, its there and you have to prove otherwise,

 

So my idea is sound then ?

As in no mention or evidence or partitions, hdd with 0s, passwords, encryption, hidden os etc .....

 

The one thing missing with your plan is to wipe RAM at power shutdown - like Tails does, and keep the safety snapshot on an external device like a USB flash drive.

Have you explored how much RAM you will need to support this idea in a prototype?

-- Tom

 

There's no reason to wipe the RAM at shutdown unless you're looking at an unrealistic cold boot attack scenario.

The real issue is how you're going to boot into the RAM drive (memory resets at shutdown) and save the snapshots.

 

You never know.

 

Your idea is interesting, but I see no real advantage over using a LiveCD that doesn't store any data on your HDD...

 

Just for jollies, suppose your computer has been tagged and 'they' are knocking at your door out of oh, let's say politeness instead of breaking down the door? What are you going to do without wiping RAM in that situation - plead plausible deniability?

-- Tom

 

The key to that conundrum would be to store the data elsewhere!

-- Tom

 

My idea which I did not mention was to run it from within windows 7/8
and use softperfect ramdisk to create say a 4gig ram drive, one can then use a portable firefox with security/privacy addons or portable Tor, or whonix with tor or another linux distro, you also have an added benefit to add a 2nd VPN either on host or linux distro for an extra paranoia layer.


Did they not already prove once a Pc is shut down within 10 seconds 80-90% of data is pretty much gone, and a further 1-2 minutes being powered off then recovery is almost impossible.

Not too fussed with Ram being cheap and one can usually install up to 16gig.

LiveCd is great, however lets face it with a live cd you cant do much, your gpu/sound will never run as good as it would on Windows software, half your pc features wont even be there, your 1080p mkvs may not even run as smooth or look as good, at least with my idea you can use your pc as normal just keep your other private "activities" in the Ram drive which can be shut down afterwards.

Regarding snapshot, why not take a snapshot with just the basics all setup, ie updates and config all setup but nothing actual started ie uttorent installed with 20 linux distros qued, take the snapshop with just utorrent installed, this way no worry or matter or evidence... its just a snapshot ain't it?

Yes about the data, key is to not store it so accessible, full disk encryption only on drives perhaps externally or via nas/network drives, am thinking drives brought off ebay for better plausible deniability Then again an adversary could manipulate the files or add data to it, but more easier for you to prove otherwise....

Guess my thinking was its more easier to setup and run then installing true-crypt or dc and then perhaps having that whole plausible deniability factor or trying to explain what is there, these adversaries would probably assume the worst or say its there if not plant it themselves, so why trust that scenario !

If my ideas pants its cool I just like to get different takes on it.

 

Shutdown and stall them of course. Even pulling the plug will work. If they want your data, how likely is it they'll wait for you to wipe the RAM? If they do, how likely will wiping be necessary? In fact, it'll arouse more suspicion if they see you doing that instead of just closing the computer.

There are far too many attack vectors to worry about than wiping RAM, even someone like me finds that unnecessarily paranoid.

 

I run all of my machines from one 3 KW UPS. There's a Big Red Button <-http://en.wikipedia.org/wiki/Big_red_button-> for said UPS on my desk, a few inches from my touchpad. I don't have kids

 

I would hate to imagine the worst case scenario mirimir, dozens of adversaries leaping towards your red button of impending doom

I was looking for a link someone once gave me regarding recovery on ram, certain myths around on the net make concern but are not true, in this link these guys froze the ram units itself and then conducted several test showing data recovery from the ram units and within 10 seconds pretty much nothing was showing, within 5 seconds some parts of the jpeg pictures were found.

Perhaps its super paranoia to think an adversary will be that highly equipped to start freezing your ram and checking other files which can maintain data. Course why chance it hence my ram drive idea, after all we want to show anyone your a normal upstanding citizen and your C drive and windows is normal, its just anything else could be in a virtual box ram drive.

 

Just use the regular Hidden OS from TC. It's the best you can do.

 

I'm thinking ...

NSA: Yes good. Use Truecrypt The most trusted and secured open source full disk encryption.

 

I had a friend in college, a rather dour physics major.

He wanted a Big Red Button attached to a 10 megaton device in his closet

... like that Eskimo dude in Snow Crash ...

And OMG, a movie with Emma Watson as Y.T. <-http://www.geek.com/news/snow-crash-movie-to-be-written-and-directed-by-joe-cornish-1496727/->

 

That could be said of *any* software. The DiskCryptor guy could be cooperating, and so could (and there is more to worry about with this company, and it's owner/founder) DriveCrypt Plus Pack. Etc...

Barring proof, or at least serious questions, I don't worry. We know the binaries hash out to the same as compiled from source...do we even have that from the other products?

PD

 

I agree on the other party not caring, but PD *may* get you out of there, where as a straight up encrypted anything leaves no other option. We haven't devolved into totalitarian rule yet. I believe we have a member here, who used PD successfully (a Linux version of it), IIRC.

The other party would be talking to my barrister if it got that far, I'd say nothing.

Take this example: Airport Checkpoint -

"Turn on your computer so that we can see that it really works and isn't just for carrying something bad"

1. Computer boots to the TC encryption screen.

2. Computer boots to decoy Windows and you give them the log on password so they can root through your stuff.

Which one runs a greater risk of further investigation?

I take the opposite track - Use PD for *everything*...you always have the option of breaking it...which puts you in the exact same place as if you didn't use it, IMO. But at least you have the option.

This reminds of the "tip" to actually use a hidden volume, and place one text file in there to show that you aren't using hidden volumes. Well since there is no distinguishing a decoy volume from a regular one (both say "Normal" if hidden volume protection isn't used) - How can you prove a regular volume doesn't contain a hidden one, if you are a non-pd advocate? You can't.

PD isn't something to worry about, to the point of avoiding it, IMO.


PaulyD

 

thats all nice and great , but theres an even easier way , just use tc with its hidden os option and in conjunction with shadow defender , make sure to activate said SD and make sure it caches to the ram not the hdd , youve got

full lite vitualization , meaning not even sectors change cause all activites that change a sector get done in ram not hdd , its like running a live cd or for that matter a volatile ram disk, much more convenient and you dont loose everything youve been working on only what youve been working on while full virtualization was active and uphold plausible deniablity if youve fd up PD then youve done something wrong that you shouldnt have , use some common sense people , and of course youll need abit more ram than usual

and yes as ive mentioned before any ram starting from 2008 aka ddr3 erases in less than a minute tops if not seconds , theres been links to it many times over , just make sure youre case uses non conventional mounting and is able to withstand a angle grinder for more than a minute or located in such a manner that it would take them atleast a couple minutes to get to your rig and your good to go, sure we can all go crazy and use one time use laptops since where all just bathing in money or use jbweld to permanently mount our rams to the slots , mind you its a real bitch to replace once faulty ,lols and then theres the good ol magnesium trap , will burn right through your ram and hdds that should take care of any totalitarian country not happy with you using encryption for any other "normal" country the above should more than suffice