[Cryptography] Cheap forensic recorder

Tom Mitchell mitch at niftyegg.com
Mon Mar 2 14:29:46 EST 2015

X is a problem and difficult to audit.    You do not need X for many

A critical step is to clone the device to secondary media for inspection.
That step can be done with a command line tool.

The SD or mSD card that booted the Pi can be included in the audit package.

Screens can be recorded with a camera.  More expensive options might
be a recorder that can accept HDMI in record it and pass HDMI out.
Keyboard and mouse data loggers are possible and common.   Audit
synchronization and time stamps are also possible.  Audio?

Once the read only clone of the media in question has been made correctly
almost all discoveries can be replicated.

The obvious omissions are media defects and spares, controller software and
shadow images that some analog
subtraction trick might recover.

As long as the raw bits can be archived (encrypted or not) for validation
and verifying
you have a place to stand and a place for the fulcrum.


  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150302/dcb42bb8/attachment.html>

More information about the cryptography mailing list