If we forget the hammer to evidence, and opening the disk, and not powering down first, we still lose volatile evidence incl keys.
-
-
Replying to @hacks4pancakes
oh. it was powered on? I take everything back.
1 reply 0 retweets 0 likes -
Replying to @tehjh
The guy is working on a live system, trying to retrieve an encryption key.
1 reply 0 retweets 0 likes -
Replying to @hacks4pancakes
why is it a live system? in the story, the laptop was unused for three months before they figured out they need data from it
1 reply 0 retweets 1 like -
Replying to @tehjh @hacks4pancakes
the guy is typing on the right laptop, the woman smashes the left laptop with a black screen
1 reply 0 retweets 0 likes -
Replying to @tehjh
Because nothing else makes sense in context. If he were examining a drive, the point would be moot.
1 reply 0 retweets 0 likes -
Replying to @hacks4pancakes
the "logic bombs" could be in harddisk firmware, explaining why she took the harddisk apart
1 reply 0 retweets 0 likes -
Replying to @tehjh
You don't do disk forensics with a cable plugged into a powered off laptop.
1 reply 0 retweets 1 like -
Replying to @hacks4pancakes
but if the drive was already out of the laptop, there would be even less of an excuse to have the hammer in the scene
1 reply 0 retweets 0 likes -
Replying to @tehjh
We are definitely getting into shark jumping territory...
1 reply 0 retweets 2 likes
(last tweet I send about this.) btw, there's more in the episode. shodan to find cameras, Tor to hide VoIP call origin
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.