Forensics on PDAs, notes from the field
John Kelsey
kelsey.j at ix.netcom.com
Fri Aug 13 10:46:52 PDT 2004
>From: "Major Variola (ret)" <mv at cdc.gov>
>Sent: Aug 11, 2004 9:21 PM
>To: "cypherpunks at al-qaeda.net" <cypherpunks at al-qaeda.net>
>Subject: Forensics on PDAs, notes from the field
...
>Obvious lesson: Steganography tool authors, your programs
>should use the worm/HIV trick of changing their signatures
>with every invocation. Much harder for the forensic
>fedz to recognize your tools. (As suspicious, of course).
I would have thought the obvious lesson was to keep all your important work on an encrypted disk partition, with a good password and a high iteration count. This is true not just for criminals and terrorists, but for anyone who doesn't want the information on their hard drive read by anyone who happens to steal their computer.
--John
More information about the cypherpunks-legacy
mailing list