On 26 May 2021 08:47 +0200, from gmazyland@xxxxxxxxx (Milan Broz): > 1) LUKS will not implement any "self destruct" passphrases or anything like this. > > Everyone doing forensic analysis will work on the copy to prevent destruction > of the master device. LUKS is designed to work on common hardware that is not > tamper resistant - we cannot avoid that someone make copies of the encrypted drive. Not just for that reason, either; certainly in a law enforcement environment, forensic work must maintain the integrity of all evidence throughout the process, lest the defense can argue in court that the evidence may have been tampered with. (It doesn't even need to have been tampered with; just the possibility may be sufficient to cast doubt on the integrity of the evidence.) A relatively easy way to be able to rebut such claims with regards to digital evidence is to ensure the existence of a guaranteed pristine master and detailed records of what actions have been performed; the easiest way to do that is almost certainly to never, ever do anything that might possibly write anything to the master, and _always_ work on copies which have been created through write-blocked means. After all, last I looked, likely-certified-as-good write blockers were commercially available, and they can be tested independently as black-box devices. -- Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx “Remember when, on the Internet, nobody cared that you were a dog?” _______________________________________________ dm-crypt mailing list -- dm-crypt@xxxxxxxx To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
