If your computer is in hands of LEA and its on you are practically convicted. The correct answer is the time it takes for you to Safely do a clean shutdown or a forced power off I would assume this is no more than 10 seconds to 2 minutes depending on your home / apartment layoout
Every door bell or door opening moment is a potential LEA raid so the device must be OFF
If you have surveillance cameras you are better off you may get more time but not always what if they block the WIFI frequencies in your house during raid ? your camera may not provide you the feed
This assumes
1. You have no swap files / page files
2. You are not using main host operating system for on topic activities
3. Every thing including the host is encrypted - Windows Bitlocker for host running Windows Server Anonymous log in account
4. everything else is in Virtual machines
5. All file systems are in device[partition] based not file based containers
6. Virtual machines are encrypted using their own keys
In my case my
my Main Hypervisor Windows Server is BitLocker encrypted All data stays on encrypted partition based Veracrypt containers Hidden volume Veracrypt master keys are multiple files + password + PIM he actual KEY Set it self stored in another veracrypt volume of micro SD So to start vm I insert micro sd and then mount key set using a key set present on host hypervisor This hidden key set then mounts a hidden vera container that contains VMS VMS are encrypted
Encryption scheme is 3 cascading CIPHERS
Everything is WHONIX based / Or Host only private network using VMWARE Guest Machines are encrypted using VMWare Keys/Password Guest File system is again encrypted I use Tails as guest OS and Whonix conncected Windows server as guest The Guests are bitlocker encrypted in case of Windows and inside guest I use Vera crypt to mount the actual volume stored inside Guest VM Virtual Disk
*** this is where ON TOPIC material resides ***
Because of Nested Virtualization support I can run Bluestacks and all android apps and also iOS emulator inside the Guest Operating system thus do anything without revealing where the device resides
[ 2 layers of veracrypt cascades (3 * 2) Plus Host BitLocker + PIM + Keyfiles ] As the VM itself is encrypted in Veracrypt volume and then when VM starts I must mount another Vera volume stored in VM file system
Scheme is like this
Hypvervisor - Bitlocker File system - Veracrypt full partition / device encryption Execution environment - VMWare / VirtualBOX virtual machines VMS stored inside Hidden Veracrypt volume mounted using ( Two level Hidden encryption scheme) Guest is Either Tails - Nothing required here Guest Windows Server - BitLocker Encrypted Guest [ Contains Hidden Partition] Guest Hidden Hidden partition mounted using Guest Based Veracrypt ( Keys are different than the host ) 3 Ciphers in cascade + PIM + password
***This is where main activity occurs ***
Network access - Whonix or TOR based Host Only Socks Proxy This way If I was to disclose and open up Hidden volumes I can do that without any problem There are no SWAPFILE for Veracrypt Key analysis Veracrycpt keys are encrypted in memory Veracrypt process is sandboxed using Windows Server Permissions that blocks access to Veracrypt memory by any other process This prevents stealing of keys even if my hypvervisor was to be compromised Guest operating systems are SANDBOXED so the inner veracrypt keys cannot be stolen by outer Host Operating system Power of WINDOWS SERVER + Plus Veracrypt + Vmware + Whonix + Tails Very complex scheme.
0 comments:
Post a Comment