This is good news for people who are engaged in forensic examination of computers, but bad news when you consider that bad people will also have access to it, which means losing your data could happen more quickly and easily than before. Via his Schneier on Security blog, Bruce Schneier links to a press release for EnCase Portable, which "runs on a USB drive, rather than a laptop, and enables the user to easily and rapidly boot a target computer to the USB drive, and run a pre-configured data search and collection job."
So essentially, someone could walk calmly into your home or office, or up to your computer in a conference room or left unattended in a coffee shop, plug in a discreet USB drive, reboot you, and proceed to suck all of your data back into the thumb drive. Depending on how long you are gone, this could go entirely unnoticed, with the only evidence being a computer that has rebooted.
There's not much additional information in the press release about whether controls such as full-disk encryption or bios password protection can be defeated by this tool, so it will be interesting to participate in the chatting within security circles to get the scoop.
This is just my gentle reminder to you that leaving your PC unattended, even for short periods of time, introduces risk, and to make sure you follow some simple security controls to keep data leakage to a minimum.
No comments:
Post a Comment
Please tell me what you think.