A Small Treatise On Computer Anti-Forensics - Part One======================================================"...All the world will be your enemy, Prince with a Thousand Enemies, and when they catch you, they will kill you; but first... they must CATCH you."R. Adams, Watership Down, 1978By An. Onee. MoosePart 1 : A Mighty Fortress Is Your Computer-------------------------------------------Preface-------Who am I? That's not important, except that I am quite skilled in IT security. So you can assume that I more or less know what I'm talking about. Keep in mind that I am by far not the only one with this kind of experience... see the excellent Fosdick article, which is appended below my own.It is a reasonable assumption, incidentally, that certain minor characteristics of the document below, have deliberately been altered to make it difficult for the authorities to trace the origin of the document back to myself. So if you're someone from the Home Office, CIA, NSA, FSB or MI5, trying to find out who the nasty bloke is that's helping the "perps" hide their secrets, well, sod off on my behalf.You won't find me, at least not by deconstructing this document. Go do some real police work, as opposed to enforcing a police state.Why Am I Writing This?----------------------Many reasons. You will see and hopefully understand some of them, in the material that is listed below. But above all, it's because I want to restore the balance between the state (well-funded, powerful, ruthless, all-encompassing) and the individual (poor, 'playing by the rules', isolated), at least insofar as this concerns the area of safeguarding the privacy of individuals.Oppressive governments, and also other sinister organizations such as the American media industry, have finally become wise to the fact that gaining unauthorized access to the digital information kept on storage media like hard drives, flash memory devices and so on, is a perfect way for them to build the "evidence" needed to harass and punish individuals for "crimes" that should really not be "crimes", in the first place. There are untold examples of this, and what is particularly disturbing about it is, whereas in the past, it was really quite difficult for an intruder to "build a case against you" (typically it would involve actual physical access to storage cabinets and so on), now, you can be arrested, tried, convicted and possibly even jailed or executed, all because of someone disapproving of the content stored on your hard drive. The possibilities for abuse of this power, if held unilaterally by governments, intelligence agencies and groups like the RIAA and MPAA, are practically unlimited.I mean to even out that balance and give you a few weapons to use against your local constabulary, as they come knocking at your door to arrest you for "possessing subversive computer files". In most places of the world, they can't convict you if they can't find anything. I want to stop them from even KNOWING that you have anything "interesting" on your PC.What is Computer Forensics?---------------------------First of all, we have to define "forensics" to define what the opposite of it is."Forensics" (basically) is, "the art and science of finding things that aren't obvious, particularly, the art and science of finding things that were deliberately hidden". The term "forensics" orginated in the law enforcement world in which forensics experts would, for example, check a strand of hair found on a murder scene with the DNA of a suspected murderer, would check the characteristics of a bullet with a gun that the murder suspect owned, and so on.Fair enough -- if we are to have even the semblance of law and order, or a marginally safe society (to say nothing of convicting only people who actually committed a crime, as opposed to anyone that the police happen to pick up off the street), ordinary forensics has a legitimate place in doing this.Now, COMPUTER forensics is often, deliberately confused and conflated with conventional "crime scene" forensics, but in fact, although the two disciplines do share a few superficial similarities (namely, "looking for hidden things"), they are in fact substantially different, so much so in fact that I am going to argue that on balance, computer forensics are a BAD thing, not a GOOD thing. For example:* "Normal" (conventional) forensics, are almost exclusively used in circumstances in which there is no reasonable doubt that a crime -- usually a serious one like murder, rape etc. -- has already occurred. (The presence of that bullet-holed body lying on the floor in a pool of blood, is usually a pretty good indicator that a crime has happened here.)With computer forensics, as often as not, the purpose is to determine if a "crime" (see below for why this is a problematic concept) has even occurred in the first place. In other words -- the fact that a computer is sitting there, connected to the Internet, by itself proves nothing. It is how it is _used_, that defines the "crime" (if any) that the computer has been used for. This is a deeply troubling concept if you think through its implications.* Here we get to the real issue: virtually ALL "computer crimes" deserving of forensics investigation, are crimes not of social consensus, but of subjective definition and discretion on the part of "the authorities" -- usually, of an average police officer, sometimes by a secret police thug.What do I mean by this?Well, it's actually a pretty simple idea. When, for example, we see a body shot full of bullet holes, lying on the ground in a pool of blood, there is a universally consistent consensus among all but a tiny fringe element that "shooting and killing other people is a bad crime for which the perpetrators should be punished". We don't need debates about "what counts as a bullet hole" or "how much should the victim have been bleeding for it to count as a crime". Everyone intuitively KNOWS that murder has to be a crime for society to keep functioning.Nothing could be less true of the vast majority of "computer crimes", such as the ones that I will be trying to show you how to cover up and conceal, later in this document. Nothing even remotely similar to the "body lying in blood" situation applies to the collective consensus on the criminality, if any, of these types of computer activities. In a vast range of activities for which PC users might want to conceal "incriminating" data from the authorities, if you asked ten people on the street, "is having this kind of data on your computer, a crime for which someone should be punished and go to jail", you couldn't get two or three people to understand and agree, let alone ten out of ten.There are untold infamous examples of this, but let me just quote one. From time to time, we see media stories about people being hauled into court and in some cases severely punished, with their reputations always ruined by sensationalistic tabloid media headlines, such as "FATHER CHARGED WITH CHILD PORNOGRAPHY", "INTERNET KIDDY PORN RING BUSTED, POLICE SAY".Sound good to you? I mean, surely you're for protecting kids from perverts... aren't you?But, you see, in fact...In the first case, a father took a few pictures of his own 3 year old daughter splashing around, happily nude, in the family's backyard wading pool. He took his digital camera in to a photo shop to have some prints made, one of the technicians at the shop decided that this was "child pornography", called the police, and the next thing that the poor man knew, he was dragged into court with his name and reputation totally ruined by having his mug shot published in the local newspaper, along with wildly misleading charges of "distributing kiddy porn" that were, of course, all quietly dropped later when the police and prosecutors had to provide some real evidence of criminal intent to the magistrate. Too late, I'm afraid; the damage is done and there's no way to undo it.In the second case, a bunch of teenagers, adolescent hormones raging, started sending nude pictures of each other (girlfriends and boyfriends) back and forth, not only directly over their camera-equipped cell phones but also over a social networking site (the pictures involved were never made publicly available, they were only stored on the "perpetrators'" own private storage spaces).Now, the problem here was, some of the young people involved were under the legal minimum age for sex, in their part of the world. So, the crusading local prosecutors and police charged ALL of them with "distributing child pornography"... that is, the police wanted to humiliate and jail these teenagers for distributing "indecent" photographs OF THEMSELVES. On top of this, the youthful "perverts" in this case have now all been put on American "sex offender registries", a Mark of Cain that will destroy their ability to get a job, a loan, or anything, for the rest of their lives. (Like the notorious U.S. "No-Fly List", once you get put on one of these sex offender blacklists, there's no way to get off of it. You're screwed, forever.)You mean you didn't know that in some American jurisdictions, if you are under age, and you take a nude picture of yourself, and you post it only in your own private section of a social networking site (or you have it only on your own cell phone), that means you're subject to the same punishment as a pervert who rapes 5 year old children in front of streaming video? You mean you thought that the wise lawmakers of this U.S. state, might have been a bit more discriminating in drafting the law that currently sweeps both types of "kiddy porn distributors", in the same dragnet?Silly you.The larger point in all of this is, when we start to get into the realm of "crimes of definition", we're talking about "crimes" that are only that, because either conservative lawmakers, or the police, or some noisy special interest group, have a narrow agenda, usually endorsed only by the general public because of the latter's vast ignorance of the details that are really involved, wants the activities involved, to be criminalized.The classic example of this is homosexual literature, which was for years in Western countries (still is, in much of the Third World) routinely labeled "filthy unnatural pornography" and for which you could go to jail if you were caught possessing it. But there are many other examples and the theme that you see consistently running through it is that the authorities have a tendency to make these rules up as they go, simply because they need a convenient excuse to crack down on sexual, political, social, religious, cultural or other minorities that either the police or the conservative authorities just want to harass and humiliate.In otherwords, the police and the authorities define some activity that you could never get a real social consensus as a "crime", as such, then they go about what policemen love doing, that is, getting a power rush by harassing, beating and humiliating people who just want to be left alone. One of the prime tools for doing this, is computer forensics, because it allows the police to rummage through their victims' private digital histories, hoping to find some sliver of "evidence" that they can use as "proof of having committed a crime". The police may not know what they're looking for, when they start out, but they'll take anything that shows up, as long as it helps them get a scalp and a conviction.All of this is far different from the "body lying in the pool of blood" scenario mentioned above. Society clearly IS threatened, by people being murdered; it clearly is NOT, by fathers taking innocent pictures of their children in a swimming pool or by teenagers showing off their bodies to other teenagers. Yet the police would far prefer to prosecute the latter type of crime over the former, simply because going after ordinary people who have no idea or intent of doing something really anti-social, is much easier and satisfying to the authoritarian nature of the police, than is the difficult, highly work-intensive job of going after an experienced, hardened, real criminal. The crying, confused, bewildered teenagers that the police haul into court won't shoot back at the cops. The guy who murdered the other gangster, will. The police know that, and they pick the easy job.MY job, is to make that "easy" job of harassing those "guilty" of "crimes of definition", as hard as possible for the police. And to do that, I intend to give you the knowledge to defeat their forensics experts.But Aren't You Just Helping "The Bad Guys" Evade Righteous Justice?-------------------------------------------------------------------I can't tell you how much contempt I have for this stupid argument, which comes up all the time whenever ordinary (read: "ignorant") people ask me about why I help people on the Internet -- e.g., people who I've never met and therefore have no idea if they're good or evil -- to hide data.The standard bogeymen, who are inevitably trotted out to justify any and all government spying on private communications (and, by inference, any and all restrictions on private use technology designed to thwart that spying), are:* Child pornographers / paedophiles / sexual minorities of various types;* International terrorists (hello, Usama!);* Drug dealers;* Cyber-criminals of various types (for example East European fraudsters);* Crooked businessmen (hooray for Enron); and* Anybody that the local authorities think the population hates or distrusts.The most famous way of putting this fatuous belief is, "If you don't have anything to hide, then you shouldn't be afraid to let the police see everything that you're doing."There are so many good rebuttals of this line of "reasoning" that I won't list them here, except to say that I simply don't believe the assertion that "the state" (meaning, "the police, who enforce the demands of 'the state'") has ANY RIGHT WHATSOEVER to its citizens' private data. None, zilch, null set, call it what you want -- the evidence of history is painfully clear here, that governments will inevitably expand the envelope of what they consider a "legitmate" reason to spy on individuals, until (recent example), the jaunty old Home Office RIPA Act (which was passed "to give Scotland Yard the tools they need to break the encryption being used by Islamic terrorists) has been used by local councils to spy on married couples "suspected of registering their children in the wrong district school".The point here is that governments, and the police -- even those of so-called "liberal democracies" such as the U.K. and the U.S. -- will INEVITABLY abuse any power they get, to spy on their citizens. THEY CAN'T HELP IT, THE TEMPTATION TO ABUSE THEIR POWER IS IMPOSSIBLE FOR THEM TO RESIST. SPYING ON, ABUSING AND OPPRESSING CITIZENS IS SOMETHING THAT COMES NATURALLY TO THE POLICE. IT'S WHAT THEY DO. IT'S WHAT THEY WANT TO DO, AND WHAT THEY LIKE TO DO.You can no more expect a policeman to "refrain from unjustified surveillance of legitimate dissent" than you can expect a wolf or tiger to pass up that juicy fresh steak that just got dropped inside their cage. Sinking its teeth into that blood and flesh is as innate to the carnivore, as is the urge to spy, to listen in on, to oppress and punish, to a cop or intelligence agent. That's what they do. That's what they're all about. No amount of nice talk or promises "not to do it again", is going to work. They are what they are, and you're kidding yourself if you let yourself get convinced that they're ever going to change.This being the case, you need a weapon to fend off the police and their willingness to ruin your life for activities that you have every right to undertake.I aim to give you that weapon.But Surely You're Not For "Kiddy Porn", Are You?------------------------------------------------This is the "nuclear weapon" that advocates of pervasive government (and private sector) spying inevitably fall back on, whenever someone like me points out the terrible track record that large institutions have on respecting individual privacy and shoots down all their other weak excuses for leaving people at the mercy of police snooping."But", plead these supposedly well-meaning types, "If you show everyone how to hide data on their computers so the police can't get at it, aren't you just giving paedophiles and child molesters the ability to abuse children and escape being caught and prosecuted for their perverted, nefarious deeds? Why, doing that makes you JUST AS BAD as the paedophiles themselves! You MONSTER, you!"I could spend hours on this topic, but let me just touch on the most important and obvious refutations of this tiresome red herring argument:-- No, providing a tool to hide evidence of a crime (all assuming, of course, that this activity IS a crime -- more on that in a minute), is NOT the same as commiting a crime. If it was, throwing a tarpulin over a getaway car would be the same as holding a gun and shooting someone dead. This assertion, therefore, is simply and demonstrably false, and I hugely resent the implication that I'm somehow "complicit in child abuse" by providing people with the security tools they need to keep themselves safe from oppressive governments. How dare these self-righteous busybodies accuse me of that. Drop dead, fuck off, but DON'T call me a "child molester". If I catch you doing it to my face, I'll punch you in the nose; then I'll kick your fucking head in. I MEAN IT.-- Furthermore, is "looking at child pornography just as bad as molesting children"? Here again, most people are afraid of stating the obvious (lest they immediately be slandered as "a paedophile sympathiser"), which is that it obviously isn't. As a parent, would you rather the pervert down the street stay at home, masturbating over naked pictures of little boys, or would you rather they physically anally rape your 8 year-old son? Not a hard decision, is it?-- Do I get excited (in any sense of the word) by those few images of naked children that I have occasionally stumbled across, in my years of using various types of computers? No, I don't, and frankly I don't really understand the psychology of those who do.But here we have to keep a sense of proportionality. While some kinds of sexually explicit literature, pictures and multimedia involving children undoubtedly DO cause the unfortunate young victims of these practices some degree of psychological harm, it is wild hyperbole to assert that "it's worse for a child to be sexually abused than for him / her to be killed" or "this is the worst crime that human beings can inflict" (both of these statements are encountered very frequently when this subject is "discussed" -- I use the quotes because there is never a rational discussion of the topic, only an escalating series of one angry writer trying demand yet more severe punishments for the "perverts" than the next).Use your brains, fellow citizens; no responsible parent would prefer to have their child murdered, or maimed, over having them be introduced to sex at an inappropriately early age.Is child molestation a "bad" thing? Of course it is, just like any number of other "bad" things affecting children, for example poverty, economic exploitation (both of which are frequently the cause of child sexual exploitation), disease and so on.Personally, based on first-hand testimony -- the nature and source of which I'm obviously not free to discuss here -- I believe that the impact of most kinds of casual sexual relationships between adults and children, while clearly not something that should be encouraged or tolerated, is far less than the alarmist propaganda always trumpeted by the police and the media, would have you believe. Like many other negative childhood experiences, someone encountering this kind of inappropriate contact as a child can either be strong and get on with their life, or use it as an excuse for a lifetime of self-pity and emotional failure. But ending up in bed with "Wicked Uncle Ernie", in my opinion, is a far less traumatic experience than, say, being constantly bullied at school, having one's parents divorce, or, worse, losing a parent at an early age. The notoriety that society attaches to this kind of sexual activity, perversely, makes its impact much worse than if it was merely acknowledged as "something you shouldn't do until you grow up" and then left at that. Elevating this activity to a level of seriousness that it doesn't deserve, simply makes for bad policy in every sense of the word.-- But by far the most important thing to consider about child pornography in the context of data hiding is, BY THE TIME THAT A SEXUALLY EXPLICIT DOCUMENT HAS MADE ITS WAY ON TO THE INTERNET, THE "DAMAGE" (if any) TO THE CHILDREN INVOLVED, HAS ALREADY OCCURRED, AND CANNOT BE UN-DONE.Stop to think about this, for a second. Suppose that we could wave a magic wand and miraculously eliminate each and every last piece of "kiddy porn" on every hard drive, CD-ROM and memory chip in the entire world (leaving aside the obvious question of "what counts as 'kiddy porn'"). This magical act would have no effect whatsoever on the fact that the children who had been involved in the creation of these media, would STILL have been molested... the fact that there is, or is not, a picture or movie depicting the molestation, would change the child's situation, and the damage (whatever it might be) to their psychological or sexual development, not one whit.It is this that is the immensely nonsensical thing about the fevered campaign to "rid the world of child pornography", because all of the pictures, movies and other media showing children being abused are the symptom, not the cause -- the cause is, of course, the original molestation itself. Eliminate the gangs of East European, Southeast Asian and South American organized criminals that profit from this activity, eliminate the terrible poverty that drives parents into prostituting their own children into this activity, and you'll eliminate child pornography along with the molestation that causes it. Trying to wish child molestation away by throwing people with kiddy porn collections on their hard drives into jail, will be as effective as King Canute ordering the sea to go its merry way.In summary, I have no sympathy whatsoever for the very weak claim that "giving people the ability to defeat forensics, is just helping paedophiles". By the same logic, you could argue, "giving people the ability to delete files from their hard drives, is just helping paedophiles", or "giving people the ability to wipe a hard drive of their private tax information, is just helping paedophiles", or "giving people the ability to view a .JPG image on their computer screen, without it always being permanently written to a built-in, unremovable DVD-R disc, is just helping paedophiles".When properly deconstructed, what all of these arguments all really come down to is, "we need to set up a pervasive, Orwell-like surveillance society and remove all computer users' rights to manage their own computers, as they see fit, completely eliminating the privacy, liberty and security of 99.9999% of everyone else, so we can (theoretically) catch the paedophiles that make up the other .00001%". Undoubtedly, if you work for the Iranian or Chinese governments, MI5, the NSA (or the motion picture or recording industries), such a model of society might be to your benefit; luckily, however, so far these entities don't (completely) run the world or the Internet... yet.In this document, I am giving you a set of security tools. How you use it, and what you use it for -- good, bad or indifferent -- is up to you, and the responsibility for what you do with your computer rests with YOU, not with me.First, Some General Comments----------------------------Regardless of what computer or operating system that you use, there are some basic principles of secure operations that are universally applicable to ALL systems. If you don't appreciate, and implement, these, you have little chance of resisting even a casual attack, let alone the expert types of attacks that I will be describing below.The most important single thing that you need to understand is that by far the single most important element in keeping your PC secure, is YOU. No amount of security technology will protect your sensitive data from stupidity or carelessness on your part. If you use the technologies and methodologies that I will describe below properly AND CONSISTENTLY, they will virtually never let you down. But slip up, forget to do something that you should EVEN ONE TIME, and you are leaving yourself wide open, no matter how good your encryption is. It only takes ONE slip-up, ONE file, ONE picture, ONE URL, ONE anything, for really bad things to happen to you. This is the truth, whether or not you want to deal with it.It takes considerable mental discipline to become, and stay, secure and private, particularly if (see below) you are working in a context in which your information assets may be specifically targeted by an attacker who is singling you out for "special attention".The second thing to remember is, "computer security is a moving target". While you don't necessarily have to be totally paranoid and scan the security related Websites on the Internet every day for details of the latest exploits, the hard reality of the situation is that new ways to compromise the security and confidentiality of your Internet connection, your PC, your cell phone and your confidential data, are unearthed on a continuous basis. Most of these are just variations on a common theme -- for example, while there are new types of attacks found all the time against Microsoft's badly flawed "ActiveX" browser plug-in architecture", the general fact that this architecture is very vulnerable has been known for years, so each successive attack isn't really "new", strictly speaking -- but occasionally, a new attack will surface that can have dramatic implications for the confidentiality of your data.A good example of this was the Columbia University "RAM chip chilling" attack, which proved that under certain conditions, a RAM memory chip pulled from a physically compromised PC and then "frozen" with a can of compressed air, could be made to reveal its data far longer than when the conventional wisdom claimed that the chip's memory circuits were supposed to have discharged and replaced all "real" data (like your encryption keys!) with random, static-like patterns. If you aren't up to date on this kind of exploit, and (obviously) if you don't take appropriate precautions to prevent or mitigate it, then you may be rendered wide open when the secret police come to call.Remember, an intelligent human opponent (see below) will ALWAYS attack the weakest point of your defences. If he knows of a weak point that you haven't kept up to date on, you're at a significant disadvantage. So scan the security news sites and mailing lists, every so often; I'd recommend at least once per week, more if your data is highly confidential.You're Under Attack -- By Someone Damn Smart--------------------------------------------I will assume, for purposes of this discussion, that your PC will be attacked by a sophisticated opponent (e.g. a computer forensics expert) who is in physical possession of your PC, in a situation in which you had little if any time to prepare for this calamity. The main point here is that if the measures undertaken can protect you against this, extreme kind of attack, they can certainly protect you against weaker types of attacks.But there is another, more subtle implication of this, namely the well-known computer security saying that "owning the hardware is 99% of owning its security". What this means, basically, is that someone who is in physical possession of your computer -- whether that's a thief who stole your laptop at the airport, or a cop who broke down the door and arrested you in the middle of your favorite daily Web surfing session, or a jealous spouse who sits down in front of your PC while you're away at work -- has recourse to a huge array of snooping and spying techniques that a remote intruder or attacker would never be able to undertake.For example, even if you turned off your PC in a panic when the jack-boots of the SWAT team broke down your door, would it surprise you to know that if they have the right expertise and tools, they can just attach one of their own computers to a FireWire cable, connect it to the FireWire port on your PC and then download all of the RAM memory image that you thought had "disappeared" when you turned off the power, on to their own hard drive for subsequent use to break all the encryption keys that you had in your PC's RAM memory at the time?Just THINK of all the juicy, "confidential" data that you THOUGHT you had erased, that they now can use to put you away for a long, long time. Depending on the type of PC, the type of RAM chips that you use and how long your PC was turned off, they have up to three hours or so to do this, incidentally.All of these types of techniques, everything from the one mentioned above to sneaking a "keylogger" that records each and every keystroke that you do, and then sends them all to the local police department, to just taking the hard drive out of your PC and putting it in their own, require direct physical access to either your PC or where you use it, or both.Incidentally, if at any time your PC HAS come into the physical possession of a skilled adversary who would have had a few minutes to hours of undisturbed, private time to compromise your computer, unless you are very good at being able to recognize the signs of a technically advanced compromise -- just an extra little chip soldered on to the motherboard (how would you know if it's out of place or not?), or a few bytes of machine language code added to your boot sector, for example -- I'd strongly suggest that you immediately sanitize (wipe out and erase) all hard drives and other storage media on the PC as well as all its peripherals such as keyboards, etc., sell it to the first sucker you find and then use the proceeds to buy a "clean" new PC. Computer hardware nowadays is cheap... far cheaper than a 10 year stint in your local prison for being a "terrorist organizer" or "on-line pervert".(Note: One of the most important principles of this is, "know your enemy". That is, you must become at least casually familiar with the principles of computer forensics investigations, because these techniques are what is going to be used against you, when the police come to call. An example of police training materials is available at: http://www.ncjrs.gov/pdffiles1/nij/219941.pdf, but be aware, this manual only scratches the surface of what a sophisticated attacker equipped with a powerful tool like EnCase, can accomplish. So devote some time learning about how computer forensics works. It's time and effort well spent.)You have to base your data security protection measures on the assumption that your PC WILL be attacked in the above manner; just protecting it against some snoop coming in across the Internet is by no means adequate.Defending In Depth------------------A classic concept of computer security -- really, this is simply an adaptation of classic military strategy -- is what's called "defence in depth". If you want to have even a chance of staying secure in the face of an attack by an intelligent, well-equipped adversary, you will have to understand this concept and apply it diligently.Although its actual applicaton can be quite complex, the basic idea of defence in depth is quite simple: every defensive measure is implemented on the assumption that it could fail (that is, that it could be somehow overcome by an adversary). Thus, when designing the _entire_ defensive system, we have to construct in such a way that a failure of one defensive measure is "mitigated" -- that is, reduced, with its negative impact lessened as much as possible. (Note: The opposite of this concept is called "all-or-nothing"; it is built upon the very questionable assumption that a "barrier" or "wall" defence can be erected, that can never be beaten or breached. Of course, the problem with "all-or-nothing" is that it has to work one hundred per cent of the time, all the time. Even ONE failure with this model is disastrous.)The idea of defence in depth is used thousands of times, every day, for almost every kind of complex system or machinery in the real world. For example, jet airplanes are built so they won't come crashing out of the sky, without something (like a bomb) going dramatically wrong; but, they are also built so that if they DO come crashing down, as much as is possible they won't instantly explode (this is achieved by fire suppression systems, "self-sealing" fuel tanks and so on). When your withdraw money from an automatic banking machine, there is a complex series of mutually confirming transactions to ensure that (a) you actually get your crisp new stack of ten-pound notes, and (b) the bank's computers at the other end, have properly recorded that you now have that much less money in your account. If one of these safeguards fails, the other one takes over. These are systems that have to work perfectly, all the time, and they're designed with the assumption that a single failure somewhere within them, will be compensated for by the system's other checks and balances.In the real world, bad and unexpected things happen all the time, so the prudent thing to do is work on this fact and try to contain the damage, when the worst case scenario rears its ugly head.A perfect example of defence in depth, in the world of computer security, is, "using different passwords for different encrypted containers". Without this "mitigating", defence in depth measure, a successful compromise of even ONE password will give the attacker unrestricted access to each and every piece of confidential data that might be contained on the compromised PC. But if different passwords are used, then the extent of the compromise will instantly be contained to the individual container for which the password was reverse-engineered. Many other examples will be given below.In considering the steps that are described below, always keep the concept of defence in depth, in the back of your mind. A good way to remember it is, at each point, thinking, "...if THIS one fails, then what do I do?" If the likely answer is, "oops, I'm buggered, mate", then you probably don't have a sufficient amount of in-depth defence for that particular system or process. Keep in mind, though, that at the end of the day, no system can be 100% fool-proof.Working Alone, Always Alone---------------------------I will assume that you are the ONLY person who will have any (known) type of significant access, either direct (physically in front of the keyboard) or remote (over the Internet). This is a very important point because for each ONE (1) extra person to whom you entrust the details, or even the general knowledge, of what you are doing on the computer, in my opinion you degrade the overall security of any and all measures that you might undertake, by at least FIFTY (50) PER CENT.YES, IT'S THAT IMPORTANT.Stop to think about this... suppose that you're an Islamic militant surfing to Jihad Websites, or that you're a "pervert" surfing to Websites with "dirty pictures" on them, or that you're a corporate whistle-blower who's had his PC collecting the paper trail of how your boss has been dumping toxic waste into the local river, and in any of these cases, you let someone else know what you've been up to.Consider:* Your Islamic confidant may suddenly convert to Judaism and decide to turn in this dirty rotten "terrorist";* Your fellow pervert on that dirty movie video sharing site may get nabbed by the cops, and may squeal your identity to get his sentence reduced from 20 to 10 years at the State Pen;* Your buddy from the partition three doors away, may quietly whisper your name to the boss, in the hopes of getting that promotion that both you and he were in the running for.The moral of this story: DO IT ALONE, BY YOURSELF, WITH NOBODY WATCHING, AND TELL NOBODY ABOUT IT. In particular, NEVER, NEVER, NEVER share sensitive security related information (passwords, locations of encrypted files, user identities, etc.) with anyone else. You CAN control your own actions and how you interact with hostile authorities. You CANNOT control the actions or motivations of third parties, no matter how well you may think you "know" them.In the vast majority of cases where someone is busted for doing "illegal" things with their PC, it's not that their encryption failed or anything like that; far more often, it's because the cops or the local secret police were able to compromise someone else that the bustee trusted, and in so doing were able to bypass all of his defenses with little or no effort. Never engage in any kind of "risky" activity in which there are people who can identify and incriminate you.You'll Always Be There... Won't You?------------------------------------In saying this, there is another "common sense" thing that I need to re-state here, even though anyone with an ounce of brains should not have to be told.Namely, NEVER, EVER, EVER, leave a computer with "sensitive" data on it, unattended by yourself. There is a specific meaning to this : NEVER leave the computer running but unattended, let alone if it's connected to an untrusted network like the Internet, if it has or might receive, "sensitive" data, particularly if that data will not be immediately encrypted (with the plaintext version of the data impossible to access without entering your credentials, e.g. your password, etc.) upon it being stored.It's bad enough that further on in this document, I have to explain "emergency" data hiding processes for the "jackboot kicks down the front door" scenario; now, try to imagine how much worse your exposure is likely to be, if an intruder (remember, this isn't necessarily the government -- it could be someone as unskilled or seemingly unthreatening as your girlfriend, your kids, your co-workers, your boss, the cashier at your local Internet cafe, nosy Great-Aunt Marjorie who just happens to be living in the downstairs suite... whomever) might be able to compromise the security of your computer, access your "confidential" data, and so on, without you even _knowing_ about it!Taking a risk like this, trusting the computer to "defend itself", is a disaster waiting to happen. I don't care if your PC is "protected" by a screen-saver that forces someone to log in with your password; that kind of thing can be negated in two seconds by even a moderately experienced attacker. And I also don't care if you have the data stored in a relatively strong encryption system like TrueCrypt (see below); all computer operating systems leave all sorts of interesting little tid-bits (for example, how about your surfing bookmarks?) of forensic information around for an experienced attacker, even if the really "secret" stuff was well-secured. The only way to defend against this is manual, human action, which is why you have to be there, 100% of the time.You have to appreciate that in your "defence in depth" data security strategy, while the technological measures that I'll discuss further on in this document are very useful, at the end of the day, the most robust, effective anti-forensics "tool" in your arsenal, is... YOU. There is simply no substitute for an intelligent, knowledgeable, cautious, prudent and vigilant security system like the "Mark 1 Paranoid" human being. The minute that you absent yourself from minute-to-minute supervision of the repository of your "sensitive" information, you immediately enable a wide range of hard-to-detect attacks that would obviously be difficult to impossible to engineer, if you are physically there while the attacks are being initiated.Here's a perfect example : You're in an Internet chat room that's devoted to, shall we say, a "controversial" topic. All of a sudden, you notice that all of the TCP/IP ports on your PC are being remotely probed, probably by a hacker or a police officer, who is trying to find an open port to use in depositing a "keylogger" or other remote surveillance program, on your PC. If you are physically at the computer and watching this happen, you would use your brains, immediately terminate the chat session, disconnect your computer from the Internet, and check very carefully for signs of unwanted software. Quite possibly, you would wipe your entire hard drive and re-install the operating system from scratch, to avoid the slightest chance of being compromised. But -- if you've decided to head off to the local pub for a meal, none of this would be visible to you; and when you come back, everything just seems fine... doesn't it?Do you see, now? You can't take chances. Not even once.Obviously, none of the above means that you can never leave your computer -- indeed, hanging around it all the time, would in itself, be a cause for suspicion. All I'm trying to point out is, there has to be a well thought-out procedure for starting up the computer, for using it when accessing "sensitive" data, and for purging it of all traces of the latter, upon shutting down the PC. You MUST be physically present for all three stages of this process, but assuming that you have done so (and that the process and tools that you have used, are robust and appropriate), then you can go on with your other life duties, as best you see fit.Keeping A Low Profile---------------------A related issue is, you always have to keep in the back of your mind that one of the most important, and powerful, forensic tools available to an attacker, is being able to "co-relate" your personal activities (e.g. where you were physically) at a given time, with traces of activity on the computer. If they can "prove" (remember that the amount of "proof" that they have to give to the witless, credulous juries of most countries is very low) that you were where the computer was, when "these heinous computer crimes were committed", your chances of being convicted go up exponentially.More information about this is given in the context of time- and date-stamping below, but at a higher level, what this means from a prudent private computing perspective is, you should always refrain from activities [for example, receiving an incoming phone call (let it go through to the answering machine instead), answering a knock on the front door from the local vacuum cleaner salesman, going out on your driveway to take the empty trash bin back to the side of the house, using your PC close to a window that an intruder could surveil via a pair of binoculars or a telescope, playing loud music or a television show (especially the latter since it can establish a narrow "time of day" fix), or driving to the corner store to pick up a litre of milk] that could allow the police to co-relate the exact time and date when you were physically co-located with / had access to, your computer, and any data processing activities that might have occurred around the same time (especially if these had anything to do with Internet access, since here, there would be a third party -- that is, your ISP -- who could independently confirm the time and date assertion).The proper stance here is, "a normally observant person could drive by wherever you are in a car, and not have the slightest idea that you're at home (or wherever you normally work from), using the computer". Now, understand that this is NOT going to protect you against very sophisticated opponents using high-tech gear such as backscatter radiation detectors, infra-red (thermal) imaging devices, and so on; what it WILL provide a measure of protection from, is when the police come to interview the neighbours and ask them, "say, do you remember seeing Achmed at home, sometime on the afternoon of March 15th?". If they all saw you cursing and swearing after that improperly-tied bag of household waste fell all over your brand new patent-leather shoes, the police now have what they call a "positive ID" on time, date and location. This is very bad news for you, so don't give it to them through carelessness.One other thought, here. Unfortunately, fully obeying the above rules, makes it inadvisable for you to have any kind of normal life activity that would naturally make you famous or prominent in some way. There is a simple reason why this is so : fame, or notoriety, attracts the malicious and the curious, and this, in turn, will enormously increase the risk that someone is going to deliberately start "snooping" against you. The likelihood that your personal affairs, including but by no means limited to your computer and telecommunications activities (cell phone compromises are a favorite of sleazebags who hope to enrich themselves by revealing embarassing private information of celebrities) will thus be pried into, goes up in like proportion to your level of fame and it is especially likely if you are in a profession (politics, business management, being in the legal profession, the news media, high rank in a NGO or opposition group, etc.) where by the nature of your job, you are doing something that would offend or antagonize someone else.There is a reason why all the great spies throughout history - and here, note that I'm deliberately speaking about the ones who you NEVER heard of, not the ones who got caught - have all led quiet, unremarkable, unassuming lives, always out of the public spotlight. (And it's worth observing, that many of the spies who _did_ get caught, for example Aldrich Ames in the U.S., were undone by profligate spending and a high-rolling lifestyle that was out of sync with their known income. Here again, those trips to Spain and the Jaguar in the driveway were nice to have, but they carried with them a heavy price...) Successful spies behaved discreetly because they knew that fame and fortune are incompatible with privacy; James Bond may be everyone's fantasy spy hero, but he's about as viable as a real spy, as would be the Pope, a movie star, King Kong or Osama Bin Laden.Nobody spends much time breaking into a child's piggy bank, because there just isn't enough in there to make it worth the effort (at least, for kids who I know...), but, in the famous words of Willie Sutton, "Why do I break into banks? Because... that's where the money is."; the more prominent you are, the more it's worth, either directly or indirectly, for some malicious or self-serving third party, to bring you crashing down to Earth.Where you draw the line between having an "exciting", high-profile public lifestyle, and the need to retain the confidentiality of your "sensitive" data, is something that only YOU can really decide. All I can do here is warn you of the likely consequences. Your Work PC Is An Unsafe PC----------------------------There is a special aspect to this concerning a PC (or network) to which you might have access while you are at work, that is, when you're away from home (so, in this sense, the word "at work" really means "any time that you're using any computer or network that you didn't buy for yourself and which you don't have complete, undisputed administrative control over"). There's a simple rule, here: NEVER do anything on a work, or third-party, computer or network, that you aren't comfortable having your boss instantly know about.Most computers located in large companies are pre-loaded with an extensive portfolio of remote "management" (read: "remote spying") applications that you either / or (a) can't detect or (b) can't disable, even if you do somehow manage to detect that they're there; while there are a variety of somewhat justifiable reasons (such as, "the computer's there for you to do work with, not for your to play games with") why an employer might want to use these types of surveillance programs, the larger point is that the minute in which administrative control of a PC passes from your EXCLUSIVE control, to a control scenario where someone other than you can tell the computer to do or not do something, this opens an enormous -- and, largely, impossible to mitigate -- security hole.This is true of everything that you might do on a work PC, although it's worth noting that in particular, so-called "nanny filters" (gateway applications that limit where you can go and what you can do, when surfing the Internet) have become very widely used in large corporations these days; the minute that you try to surf to a "naughty" Website, not only does the filter stop you from doing so, but it also alerts an administrator, and / or possibly your boss, that you're a "time-wasting pervert who's abusing Company resources for personal gratification".Another commonly-encountered surveillance system, in the corporate computing context, is "IDS" or "Intrusion Detection System", sometimes combined with "DPI" or "Deep Packet Inspection" technology; this scans each and every little TCP/IP packet that you send out over the company Ethernet cable, checking for "naughty" or "illegitimate" content (however they define that), wherever it is. Some employers even have "keyloggers", which are a hidden background system that capture each and every keystroke that you enter at your keyboard, also in some cases every .jpg or .gif file that you open on your PC, and then forward this data to an administrator who can use it to punish you for "non-work related conduct" or "inadequate data entry speeds" or, basically, whatever the company involve wants to punish you for.I have seen situations like this where even ONE such infraction is an instant dismissal offence. Add to this the fact that the Information Technology administrators of a big company have every reason to co-operate with the police and virtually no reason to defend your interests against them, and you can easily see why accessing "controversial" data on a work PC is a very, very bad idea.And, incidentally, don't fall into the very easy-to-accept trap of "everybody at my office downloads porno on to their computers -- why should I be holier-than-thou and not go with the crowd?". This is an excuse that I hear with frustrating frequency and it's ridiculously easy to shoot down.Use common sense, for God's sake: if it's against company rules to download inappropriate material using your work PC, and the other 9 out of the 10 people in your office do it anyway, and then all 9 of them are subsequently fired for this transgression, how does it "help" you to be the 10th person to be fired? In most large corporations, when you get dragged in front of a disciplinary hearing, what matters is the written rules, not what you claim the "office corporate culture" was.Mobile Devices To Get You Moving... Right To Jail-------------------------------------------------In the comments that you see below, I'm assuming that we are talking about a conventional operating system on a conventional desktop or laptop computer, not something like a virtualized OS session, an iPhone, a BlackBerry or other handheld, since the issues and protective measures for those scenarios are quite different from what we're looking at here. (Although, I will talk briefly on special considerations for data storage on removable devices such as a "USB key or SD RAM chip".)In general, you should NEVER store sensitive data on anything other than a "real" PC that is normally located either in your home or with you, in the case of a laptop. If you're stupid enough to put sensitive data on something like an iPod, iPhone or cell phone, then you deserve what you almost certainly will get.Note that in this respect, "sensitive" data can be stuff that you might otherwise think to be innocuous, for example friends' phone numbers, Websites that you frequently visit (don't surf the Internet on something like an iPhone, to any site that you don't want your friendly local police officer to know about instantly!), or, worse, lists of passwords (believe it or not, this happens all the time -- one of the first places that the cops check, when they have suspected drug dealer, is his cell phone, because 'them cops would never think I put my passwords there').Most of these new portable devices have either very weak protective technologies, or no protective technologies at all (see the following two URLs for a rather dramatic depiction of how easy it is to "suck" all the data off your cell phone, to an even moderately well-equipped attacker : http://news.cnet.com/8301-1009_3-10028589-83.html?tag=newsEditorsPicksArea.0 and http://csistick.com/). What's even worse is that this process can usually be accomplished in a matter of seconds or minutes and that it leaves no signs at all of the cell phone having been tampered with. (It is technically quite difficult to instantly download confidential data from a PC just by plugging a forensics USB key into the PC's data port, not only because of the volume of data involved but also because with the exception of a few technologies like Firewire, modern PCs have a degree of built-in protection against unauthenticated access of static data by external devices. Most cell phones and mobile devices have no such protection and can easily have all their data harvested by someone with the right forensics tool.)A carelessly stored cell phone, BlackBerry, etc., is thus far more vulnerable to this kind of "fly-by" forensic attack than a conventional computer would be... all that the attacker has to have, is a few seconds of undisturbed physical access to the mobile device, and he's got all the data that's contained within it.The other thing that makes mobile devices especially dangerous is that they are always connected to the manufacturer's network (for example, Apple and Verizon's network in the case of an iPhone), and you don't control that network, in fact you usually don't have any idea what kind of visibility it has on what is going on with your portable device. (See: http://www.pcworld.com/article/id,143932-c,cellphones/article.html). Another cute little example of this is how the iPhone just, er, "happens" to secretly take screenshots of whatever you were doing when you hit the "Home" button, then discreetly files away these little forensics gems in a secret place unknown to you, just waiting for the next police officer to retrieve them. (Read about the gory details at: http://www.networkworld.com/community/node/32645).I don't suppose that Apple had a little, er, "advice" from the U.S. NSA, CIA and FBI, when they put that little, er, "feature" into the iPhone, do you? Yeah, baby, you got it. Steve Jobs may be a "cool dude", but he's still an American, and American "cool dudes", at the end of the day, are going to do whatever Uncle Sam tells them to do.Considering that 99% of the major phone companies work hand in hand with the FBI, the CIA, M.I.5, the NSA and your local law enforcement, and considering that in almost every case they will happily hand over your private information to the cops "on request", you are stark raving nuts to put sensitive information on a mobile device that uses one of these companies' networks, as well as you are nuts to access this kind of information over their networks. You might as well put a big bullseye on your back.The Lying, Incompetent Thugs Called "Police"--------------------------------------------You must appreciate that the police are, in most jurisdictions, out to get convictions at ANY cost, whether or not the person involved has actually done anything illegal or immoral. It's just a big game of "gotcha", to the cops; that's how they get promoted and get public recognition, by proudly showing up on the local news and boasting about how they "put that pervert away for life".Most citizens, and therefore juries, have a child-like trust in claims made by people in positions of authority, particularly policemen confidently asserting that the defendant is an awful terrorist / paedophile / drug dealer / subversive / gang member / {pick your favourite Devil figure}. You have to assume that many or all of these claims, true or otherwise, will be made against yourself, when your PC gets seized by the authorities.In thinking about this, you have to understand that the average person, who is 100% ignorant about virtually every concept associated with computers, has a naive, trusting belief in the honesty and integrity of the police, as well as in the completely false idea that "if you don't have something to hide, then you shouldn't be afraid of anyone rummaging through your personal affairs".What if you DO have something to hide, say, you're secretly gay, or you're planning to divorce your husband and run off with the man next door to Morocco, or you're planning to sue the local Council over that tree that fell on your car, last week, or you have the secret formula for a revolutionary anti-cancer drug, hidden on your encrypted volume, or you are campaigning for free speech rights in an oppressive society like China or Iran; all of these are completely legal in most countries (or should be), but there are perfectly valid reasons why you'd want them not to be revealed to unauthorized viewers.But the average, ignorant, police-loving, "patriotic" citizen of most countries, knows nothing of the above and cares less. People crave what they (usually falsely) believe to be a benevolent dictatorship that makes the trains run on time, and they just cannot envisage any legitimate situation where anyone could want to hide information from the public or the police.NO amount of evidence to the contrary (and I have tried doing this, many times) will convince a "law-abiding" conservative citizen that the police would lie or cheat. In fact, the average citizen will simply get angry with you, for "impugning the reputation of our fine law enforcement officials". Trying to secure your data, or appearing to be trying to do so, is two and a half strikes against you, before the police even pitch the next baseball.You may think I'm exaggerating, about the above; I wish that I wasn't, but the available evidence overwhelmingly suggests that if anything I am understating the situation.Furthermore, in some jurisdictions like much of the southern United States, under "forfeiture" laws passed originally to "deny drug lords income from their crimes", the police actually get to seize, impound and then sell, for their own personal profit, most or all of a suspect's property, BEFORE there is even a trial, much less a conviction on the original grounds for which the "perp" is charged. You don't have to be a rocket scientist to appreciate the huge incentive this gives the police to cheat, falsify or with-hold evidence and otherwise eliminate what few legal restraints are imposed upon them, so that they can sell your computer, car and house and then take a nice vacation somewhere. Your data confidentiality plans should start from the assumption that your opponents will use every tactic, fair or unfair, legal or illegal (such as, for example, beating the crap out of you, to "encourage" you to tell them your encryption passwords), to get what they want out of you.Surprise, uncertainty, subterfuge, fear, lies, deception and causing hesitation: these are all weapons that an experienced, ruthless adversary will use against you. Prepare for them, be able to recognize them when they are arrayed against you and don't fall for them -- have a good plan and stick to it, but learn from your mistakes, especially "close calls" where you almost revealed sensitive data, and make sure that you never repeat the same mistake twice.Keep Your Damn Mouth Shut, Bloke--------------------------------Having said the above, there is another very important issue that you have to be aware of. In the (hopefully) unlikely event that you get arrested, to the maximum extent that your personal pain threshold allows you to do so (because, in many parts of the world, the police will simply beat the tar out of you, to get the information that they believe you to be in possession of), you should NEVER, EVER voluntarily communicate with the authorities, reveal information to them (even information that you figure that they already know, and even if they have told you that they _do_ already have), talk with them or give them even the slightest insight about the details of your life or how you use your computer.There is a really simple, if inelegant, way to put this: SHUT THE F*CK UP. NEVER SAY ANYTHING TO THE AUTHORITIES, NO MATTER HOW INSIGNIFICANT IT MAY SEEM.You have to understand that the police habitually lie to suspected criminals to get the latter to cough up information that the cops would otherwise have a difficult job obtaining. Incidentally, on their rare candid moments (see: http://video.google.com/videoplay?docid=6014022229458915912&q=&hl=en), the police will openly brag about how they lie, cheat and mislead defendants -- many of whom are likely or obviously innocent -- into signing false confessions, divulging seemingly innocent and irrelevant information which the police later twist into "evidence of guilt", and so on. Such tactics are Standard Operating Procedure for all nations' corrupt, incompetent "guardians of public safety".Here are examples of typical admonishments:-- "Look, you pervert, we already have more than enough kiddy porn pictures taken off your PC, to convict you in any court in the country. Why don't you just save everybody some time and tell us where the rest of them are?" {In fact, the policeman hasn't found anything at all, but rest assured that if you respond to this question in any way that might even hint that you did have some of this horrendous data on your computer, he very definitely will take it down as an "admission of guilt" at your eventual trial.)-- "Come on, Carlos, surely you aren't denying that this is YOUR computer? We found it in your house!" {In fact, while it may be your computer and may have been found in your house, a judge or jury has no idea if it was really yours or instead was owned by any of the other 6 people who share your rooming-house. If you answer in the affirmative because you figure the police already know that it's yours, you have just denied your attorney a plausible defence tactic in court.}-- "Look, Mohammed, the two other guys that you've been sending those 'jihad' e-mails to, on-line, got picked up earlier today, and they've already confessed. Not only that, but they've told us that you were the ringleader! I'm telling you, pal, that if you confess now and co-operate with us, we can get your sentence reduced; but if you don't play ball, don't blame me when you get put away for 20 as 'lead conspirator'!"In fact, they picked up both of your friends, but had to let one go due to a complete lack of evidence while the other one hasn't told them anything. If you spill the beans, the cops will just smile and then charge you with whatever they were going to charge you with, whether or not you 'play ball' with them, makes no difference whatsoever. They probably have no latitude in this, anyway, because of 'minimum sentencing guidelines' and other such 'get tough' measures against the menace of people with 'illegal' materials on their computers.Consider, in this context, if you co-operate with the police, and then they renege on their part of the bargain, how do you enforce the deal? You're in their custody, not the other way around. At the end of the day, the only thing that governments, or the police, respect, is POWER. This is precisely why they hate an independent judiciary, defence attorneys and a free press, so much, because all three of these represent a source of power different from their own. If you don't have power, you'll get nothing but contempt and dirty tricks from the police, whether or not you do what they want you to do.-- "Your girlfriend has already told us that you were using her computer on the night when we detected you were downloading all of those pirated movies. Here's her testimony. Want us to get her to repeat it, to your face?" {In fact, the girlfriend never said anything of the sort; the 'testimony' is a tissue of lies written up by the policeman's secretary 10 minutes before the interrogation session, and if you say "yeah, I'd like to hear her say that", the policeman will angrily storm out of the room, shrieking "don't you try to bargain with ME, you fucking little prick, who do you think you are"... because, he's not allowed to expose one witness to another as doing so would taint both witness' testimony, in court.}There are untold thousands of examples of the above kinds of dirty tricks recorded in the annals of the criminal justice systems, around the world.The larger point is, forensic analysis of a seized computer, as well as of communications data traffic, is actually a very difficult task that requires a great deal of specialized knowledge, good forensic software and hardware tools, hard work, patience, and, not uncommonly, good luck. This is offset to some degree by (see below) the naive trust that judges and juries have about evidence "found" (more often, faked) by fine upstanding policemen and policewomen, but you are just making your attacker's work far, far easier if you reveal anything -- and I DO mean ANYTHING -- about either yourself or especially your computer environment or habits, to an interrogator.It wasn't by accident that Bill Clinton stonewalled and lied for years about his personal sexual habits, when these were used by his American political opposition to try to destroy his Presidency. Good old Slick Willie knew that his tormentors would never cut him any slack, whether or not he confessed to having a wild time with those White House interns. He was right about that. You should do the same. For a very good explanation of why, see: http://video.google.com/videoplay?docid=-4097602514885833865.Assume that the police know nothing at all, that your encryption and defensive measures have worked, that the cops are frustrated to tears by their lack of progress on your case, and that, like 99% of all lazy, corrupt, cynical, "who cares if we got the right guy" law enforcement officials around the world, they want the easy way out by getting the "perp" to incriminate himself or herself. DON'T DO IT. Don't make it easy for them to throw you in the dungeon and chuck the key down a well. Make them WORK for all the pain they plan to inflict on you. Then, if it happens anyway, at least you'll know that you didn't collaborate in your own punishment.Don't Let Your Data Do The Talking, Or Confessing-------------------------------------------------Incidentally, there is a side-note to the above that I find many otherwise careful people are shockingly uninformed about. It is: if you have "confidential" or "sensitive" data, make ABSOLUTELY sure that there is NOTHING (repeat, zero, zilch, rien, nada) within that data that, if revealed to an opponent, can personally or uniquely identify you, especially if in so doing it can also divulge time- or location-based information such as when you worked on a particular file, when you were using the computer, and so on.The interesting issue here is that within conventional information technology security, the concepts of "accountability" and "non-repudiation" -- that is, "being able to definitely establish who did what with what data on a computer system" and "being able to prove this so definitively so that someone cannot say 'it wasn't me who did that" -- are very important, and legitimate, core components of a good enterprise security strategy (because when the CEO of a company starts stealing from its share-holders, presumably the latter have a right to find out where the money went; or, when some idiot crashed your company's most important file server, who gets fired for not knowing what he was doing), and many IT security tools, as well as ordinary components like applications and computer operating systems, have built-in abilities to create and preserve a non-repudiable "audit trail".However, in your case, these concepts are the OPPOSITE of the environment in which you want to work. You DON'T want anyone to be able to establish, without a reasonable doubt, that "Achmed Islam was working on that particular .doc file at 12:30 p.m. on Sunday, May 9". You DON'T want anyone to be able to say, "It was Billy K. Pervert who sent me this filthy pornography over MSN Chat, and nobody else." This means that in many cases, you are going to be working at cross purposes with how the computer system was originally meant to function. Take note of this, and prepare yourself accordingly.An obvious example of the kind of thing that you don't want to have happen is, "having a picture of yourself in a compromising situation with a 8 year old boy and a German Shepherd dog" -- you would be amazed at how many "perverts" get caught in exactly this way -- but, less obviously, little snippets of data (particularly stuff like "metadata" which is sometimes includied in the "Properties" or file header area of Microsoft Office documents like a MS-Word .doc file or a MS-Excel .xls file, or even just the file names themselves of "controversial" content that you may have downloaded from the Internet -- make sure to change the latter to your own naming scheme) that may contain a current or previous phone number, credit card number, and so on, are of vital importance to a police officer in "proving the trail of evidence back to the perpetrator of this nefarious crime".Consider, in this context, that destroying or making implausible the repudiation factor -- e.g., "oh, no, Officer, I didn't download that file, it must have been someone else with access to the computer, who did that" -- is perhaps the #1 priority of the police, at least in nations with even a modicum of rules of reasonable doubt and admissible evidence. This is why confessions of any type, or poorly-sanitized data evidence that "confesses" on your behalf, are such a high priority for the police and are such a threat to your safety and liberty. In some jurisdictions, the police actually have quite a hard job in establishing the "ownership chain" for "controversial" content. Don't make their job any easier... it may be the difference between freedom and long jail sentences, or worse, in some cases.Also, you should temember that the law enforcement authorities, as well as quasi-legal entities like the notorious U.S. RIAA and MPAA and their henchmen like MediaSentry, all have very large and very well-indexed databases containing the file names, sizes, MD5 digital "hashes" (this is an encryption tool that produces a "fingerprint" that is unique to each particular file, so the file can be quickly and uniquely identified) of many types of "controversial" content, ranging from kiddy porn to "pirated" multimedia files like .MP3s, movies being traded on file sharing networks like LimeWire, BitTorrent and so on.If an opponent can use these tools to get a positive identification on a known "controversial" file that they found, or can claim (truly or falsely) to have found in your physical possession, they can then "prove" that you (and nobody else) was responsible for this filthy / disgusting / terrorist / fraudulent material on your hard drive, just from the files themselves (without having to beat it out of you with a truncheon)... and in so doing, you have made the job of convicting you 1000 per cent easier.At least for files of moderate size, there is an interesting way of creating a roadbloack to this kind of analysis. Suppose, for example, that you have a large number of "controversial" .JPG format graphics (picture) files. While you should ALWAYS rename these anyway, if you are willing to permanently delete the originals of the graphics files (as separate entities on your hard disk), what you can do, is to one by one paste them into different pages of a Microsoft Word (or other word processing) document (or some other kind of document -- it could be anything, for example PowerPoint, etc., as long as it has the ability to display a graphics file), then save that file under a new, misleading name ("MY_THOUGHTS_ON_GARDENING.DOC" will do). (Note: For "controversial" text, my preference would be to embed the original text file within a word processing format document; for pictures and, possibly, movies, I would probably choose a slide presentation format document since these are typically quite large, the size element will therefore not be as immediately noticeable as it would for pictures pasted into a .doc file.)Take care not to paste too many of these pictures into any one file, since often the applications that can open .doc, .xls files, et cetera, have poorly documented internal limits and if you exceed these, you might find that the file (therefore all the pictures embedded within it) can no longer be opened or accessed. Also be aware that some applications, including most Microsoft ones, have a bad habit of automatically recording potentially incriminating information such as "last modified by {whomever} on date {whenever}", within the file's metadata (look under "Properties" in the "File" menu); you will want to purge this if possible, before saving the file.Although you should never consider the above technique as a safe alternative to encryption, it can be a useful addition to your defence in depth strategy, because, from the point of view of the attacker, he can no longer just run a quick scan of file names within a directory, hoping to find a match with known "controversial" files or content. The actual content is now obsfucated away as a "binary object" within the wrapper of a Microsoft Word / Powerpoint file; to see, and recognize, this content, the attacker has to suspect that "MY_THOUGHTS_ON_GARDENING.DOC" is in fact about something quite different than how to grow better rows of leeks, then has to open up the relevant .doc file and page up and down through it until something interesting shows up on the screen. A diligent, patient, skilled attacker will do this; a great many ordinary policemen, won't.A final special note here, concerns how you sanitize "controversial" or personally identifying content in pictures and other computer documents.Do NOT just apply a PhotoShop (or other bitmap graphics editing software) "filter" to the personally identifying portions of a "compromising" picture and think that this will hide your identity. Several fugitives have been caught by the authorities for assuming just that. The key issue here is that a single filter -- for example one that "twirls" the bits around a particular section of the picture so that they look like a pinwheel -- can usually, with the (always happily given) assistance of the software company that devised the filter in the first place, be reversed by the authorities to reveal the original configuration of the various bits / pixels that have so been manipulated, in so doing revealing the original, incriminating data.The same concept also applies to any other kind of data or file in which a "transform" only hides or in some way changes, but does not completely destroy, the actual data that is supposedly being hidden. Notorious examples of the latter include Adobe Acrobat (.pdf) files that the U.S. Department of Defence thought had been "redacted" via black over-writing of the sensitive text (it turned out that the "blackout" was on an internally superimposed layer which could be, and which was, easily removed by anyone with the least bit of skill in manipulating Acrobat documents) or Microsoft Word documents using the "track changes" feature, where parts of the text that the editors thought had been deleted, were in fact easily visible to anyone who bothered to turn the "track changes" feature back on. Examples of this kind of thing are legion in the world of digital forensics.To PROPERLY sanitize a picture, you have to COMPLETELY DESTROY the pixels / bits in the affected area, either by over-writing them with a tool like the Paintbrush or Eraser, or, preferably, by selecting the sensitive data area and using the "Cut" command so that nothing but a white hole is left.Furthermore, when saving a picture that has thus been sanitized, make absolutely sure that the file has had all of its component "layers" merged / melded into a single layer, before the file is finally written to the hard drive. The reason why this is important is, some file formats -- particularly the more sophisticated ones like Adobe PhotoShop (.PSD) have a "multi-layering" ability that allows a skilled artist to superimpose several independently created graphics pictures, one on top of the other in the manner that you might see if you put several stained-glass windows on top of each other, so as to achieve interesting or complex visual effects when someone looks at the final picture.The problem here is that some of these formats also track changes such as "transforms" that would otherwise permanently distort or eliminate the original pixels in the picture, into temporary "layers" that can be removed or reversed, and these layers are preserved when the file is saved to disk. This means that an experienced attacker can simply load the file into his copy of PhotoShop, rummage through the layers until he finds one that looks like a data-obscuring change and then remove the offending layer. Presto! Instant incrimination! In much the same way, a word processing program with multiple levels of "Undo", carries with it the risk that an attacker might "undo" changes that you thought had eliminated parts of the document that you didn't want to have preserved.A simple way to ensure that this hazard doesn't affect you, is to always save a graphics file into less sophisticated formats, such as JPEG (.jpg) or Bitmap (.BMP). These formats cannot save multiple layers and must merge all the layers into a single one, prior to finally saving the file. The same general principle has to do with "remnant" data for other formats. If you are saving a word processing document, why not just save it in basic ASCII text? When you do this, you can be sure that the only thing that will end up in the document's data file on the hard drive, is what you actually intended to have saved.Here again, we see one of the basic principles of data security, at work: "the mortal enemy of security, is complexity". Or, put another way: "Keep it simple, stupid."Is Your Digital Camera Going To Testify Against You?----------------------------------------------------One final comment about digital graphics files. Many otherwise intelligent and conscientious data hiders aren't aware that if the pictures in your "My Pictures" folder were self-created (that is, they were originally taken by yourself, using your own digital camera), the camera itself can sometimes be used as a piece of evidence to be used against you in a trial. The idea here is that the pictures (particularly in their original, "raw" format as stored on the camera's flash RAM memory) taken by different digital cameras have unique characteristics, that an expert forensics investigator can use to trace back the picture to the particular camera that captured this particular image.This is obviously NOT what we want to have happen, and to try to reduce the chance of it being used against you, please check out the steps detailed at the following URL:http://www.instructables.com/id/Avoiding-Camera-Noise-Signatures/.What is especially scary -- but also highly informative -- about the above Webpage, is the sublink (http://www.ws.binghamton.edu/fridrich/) that it contains to the personal Website of one "Jessica Fridrich", a professor at Binghampton University in the United States who seems to be a walking encyclopedia of "how to do forensics on digital pictures and digital data". Note that this very skilled lady does the bulk of her publicly declared work for lovely little social help agencies like the little old U.S. Air Force (can there be ANY doubt, therefore, that the other, _private_ work that she does in breaking encryption keys and "finding out where the perverts have hidden the steaganographic data", is on behalf of certain U.S. agencies with the letters "C", "I" and "A", and "N" "S" and "A", in their names?)I add this comment just to give you a bit of a flavour of who you're up against, when you try to hide data against the professional forensics experts employed by governments and, sometimes, the police. Be of no doubt, people like Ms. Fridrich are extremely intelligent, highly motivated and you have to remember that they do this stuff for a living, each and every day. She gets paid handsomely by the U.S. spook community to give them the tools to enforce American power all around the rest of the world, because she knows very well that "knowledge and information, ARE power". She believes 100% in her work, she is gung-ho to help Uncle Sam catch and jail all the "perverts, child molesters, terrorists and drug dealers who are such a threat to the American Way".In the cyber-punk and cypher-punk community, which by definition you are, if you're reading this document with a view to implementing its suggestions yourself, it may be very difficult for you to understand the mind-set of someone as obviously intelligent and interested in computers and encryption technology, as Ms. Fridrich; by now, I'm sure you're asking, "...but this lady is a hacker just like ME, how can she be working for the Pentagon?". But, my friend, she's NOT like you. She doesn't believe in any of the civil liberties or personal privacy concepts that you do. She is as much like you, in the sense of having a common interest in technology, as are two soldiers from opposite sides in a war, both of which have a common interest in knowing how to use a gun. Nations like the United States (or China) have hundreds of thousands of well-paid, well-motivated, "patriotic" computer scientists like Ms. Fridrich, and while they understand and use the same technology that you do, their basic outlook on life, human rights, freedom of speech, etc., is far different from yours or mine. They are the enemy. Never forget that.To beat someone like Ms. Fridrich, you have to do your homework, use all the available tools consistently and thoroughly, never making one single mistake. THEY don't have anything to hide (that I know of); YOU, do. It's like you're the goalie on the football pitch with Mr. Beckham bearing down on you. Can you keep the ball out of the net? Yes, you can; but you won't do so by not taking things seriously.By Yourself-----------The only safe world, is a lonely one, I'm afraid. So TRUST NO-ONE EXCEPT YOURSELF. Don't even trust me. Evaluate everything that I say to you in this document, against other authorities who are in the know about security and decide for yourself if I'm talking rot or giving you good advice.The concept of "security by obscurity", that is, thinking that the bad guys won't catch you or target you if you just don't provoke them, currently has a bad reputation in the security industry, but in fact it is a highly effective technique if used correctly and in the context that it's a necessary, but not sufficient, condition of your overall personal security and privacy plan. James Bond may make for good movie plots but in fact, becoming "well known" is your worst nightmare come true.You need to be quiet, unremarkable, average in every respect, just like all successful spies are in real life. The minute that your activities come to the attention of the authorities, you have instantly lost 75% of the battle and you need to drastically change your strategy and tactics to account for the new circumstances. Probably, this means curtailing any controversial activity until you are good and sure that the heat is off you. Doing so can take weeks, months or even years. I'm sorry that it's that way, but I'm here to tell you the truth, not what you want to hear.Prepare for the worst and don't think that "it can't happen to ME"... yes it CAN and it all too often DOES. Assume that you're being watched, each and every waking hour, particularly when you're using your PC, and try to think what the Man least wants you to do, all the while; then, do that. Assume that all your regular defenses have failed, and think through what you will do in each attack scenario. Think it through again, then a second time, then a third, until knowing what to do is second nature. It's not by accident that the U.S. Army says, "The More You Train, The Less You Feel Pain".Pay attention, play smart and trust no-one. There is no other way, in the world of PC security.------------------------------------------------------------------------------------------Computer Operating Systems--------------------------Before I get going on this section there is a basic recommendation that everyone reading this should take seriously. Namely, GET YOURSELF A (REASONABLY) FAST, MODERN COMPUTER. (And make sure that it has a good, fast hard drive. And make sure that you are using a fast Internet connection, although here there are some special considerations.) Why? Several reasons.First, you will be using encryption for a great many purposes. Encryption, by its very nature, involves complicated mathematical calculations, which put quite a bit of stress on your computer's CPU (its "brain"). The faster your CPU, the faster it will get all the crypto stuff done, which is a good thing.But secondly, and actually far more importantly, you have to understand that the basic idea of this document is to teach you the best ways in which to defend yourself, when that dreaded jackboot comes kicking at the door. Would you prefer, in that situation, to be using a computer that takes 10 minutes to shut down, or one that requires 10 seconds? Not a hard decision, is it?One special note here : although in some ways, large-capacity, external hard drives that connect to your PC via USB 2.x0 cables are an attractive option, because of their portability, disposability and so on, I have found out that they can be MUCH slower than internal hard drives. Most of the time, when you are using small data sets (say, a few encrypted files), you will never notice this, but try to start copying multi-gigabyte files across a USB cable and you will very quickly come to appreciate the difference in speed. This is not necessarily a reason not to use external hard drives... but just plan in advance and compensate for the slower speed, when you know that you will be handling "sensitive" data.-------------------------------------------------------------------------------------This part of the document will compare Microsoft Windows XP (assuming that you have all the most recent patches -- see below however for a warning regarding Windows Update) with recent versions of Linux.I'm deliberately NOT discussing operating systems (e.g. MacOS, Windows Vista, BSD, Solaris) that I know little about, although I will mention things about them where relevant. Just as a general comment, though, for modern versions of the MacOS, 10.x that is, you should assume that it is more like Linux than it is like Windows; however, unlike Linux, the MacOS has a significant amount of proprietary Apple program code in it, so some Mac features will differ quite a bit from their Linux equivalents.Nor will I be discussing security for obsolete operating systems like Microsoft Windows 2000, NT, Me or 98 / 98SE / 95, or old versions of Linux or Unix, because in general, while these are not necessarily insecure, there are rarely up to date security tools for them that can cope with today's threats.For example, if you can find an encryption program for Windows 98, there is a very good chance that it will not support the modern cryptographic algorithms or key lengths needed to protect your confidential data from "brute force" key hacking attacks. An expert might be able to keep a Windows 98 computer secure, but I have to assume that anyone reading this document isn't an expert.For Microsoft Windows Vista, the thing to keep in the back of your head is, "like Windows XP but worse in almost every way". You'll see why I'm saying this, later on, but one special issue that you should remember about Vista is that many of its so-called security features, such as they are, are available only in the "Professional" and "Ultimate" versions of Vista, so if you have the plain old garden variety "Home Basic" version of this operating system you are even more behind the 8-ball. Not that it really matters much because you shouldn't be using ANY version of Vista in my opinion.One note about Linux: As anyone who has ever investigated it knows, Linux isn't a single product; instead, it's an almost anarchic, ever-changing collection of "distributions", that is, packaged, developed, fine-tuned versions of the basic Linux "kernel" that is updated and maintained by Linus Torvalds. This leads to the obvious question of, "when you say 'Linux', which distribution are you talking about"?My answer to this question would be, "I'm talking about any of the major distributions that are freely available on the market today." I'm being deliberately vague about saying this so I don't get drawn into the flame wars about "which distro is best from a security perspective"... the truth is, they ALL are, as long as you know what you're doing, and that you actually DO it. But just so that everyone has a general idea about what I consider to be "major" distributions, here is my list:1. Ubuntu and its clones (Kubuntu, Xubuntu) (a Debian-derived family)2. Fedora (RedHat) (source code by Red Hat)*3. Mandriva (formerly Mandrake, source code by Mandriva)4. SuSE (source code by SuSE but now owned by Novell)*5. PCLinuxOS (source