[Cryptography] Cheap forensic recorder

[Tom Mitchell]

On Sat, Mar 7, 2015 at 7:04 AM, Russ Nelson <nelson at crynwr.com> wrote:

> Emin Gün Sirer writes:
>  > >More generally, I think the way to approach “nothing up my sleeves”
>  > hardware is to move down in complexity, not up.

.......

>
> No. He is describing a platform that *he* trusts, not a platform that
> has been subverted by the NSA and then called "TPM".
>
> Calling something "trusted" doesn't make it trusted, friend. Calling
> someone "friend" doesn't make them your friend.
>
>
Valid point with one *
*) For forensics,  judge and jury must be convinced
that the operator and his tools are expert and trusted.

The courthouse does not have levels of proof and trust that
have anything to do with security the way most of us think
is important and necessary.

So a tool set that allows a chain of custody and validation
of results by other experts is an important foundation.   National
security has a more interesting case of paranoia.

I would be hard put to trust a device that mounts and
inspects a disk from evidence.   The complexity and
interactivity of reconstructing files and filesystems requires
vastly more than a device that makes a bit for bit image and
that image copy is then analyzed in great depth on another
system.

So yes a platform that he trusts is step one.  A real person is the
one taking the stand and giving evidence.

In an ideal world that trust will be justified and proved.
But a formal trust analysis is hard.  The smaller
the kernel of trust the more likely the analysis will
finish and less likely the method is to be hacked in a
way that destroys the legal chain of evidence and trust.

This applies only to a "static" disk not a live system that
is under attack or under mixed control by good and bad
guys (and more?).






-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150307/300aba91/attachment.html>