Forensics on PDAs, notes from the field

Major Variola (ret) mv at
Fri Aug 13 16:35:26 PDT 2004

At 01:46 PM 8/13/04 -0400, John Kelsey wrote:
>>From: "Major Variola (ret)" <mv at>
>>Obvious lesson: Steganography tool authors, your programs
>>should use the worm/HIV trick of changing their signatures
>>with every invocation.  Much harder for the forensic
>>fedz to recognize your tools.  (As suspicious, of course).
>I would have thought the obvious lesson was to keep all your important
work on an >encrypted disk partition, with a good password and a high
iteration count.  This is true not >just for criminals and terrorists,
but for anyone who doesn't want the information on their >hard drive
read by anyone who happens to steal their computer.

If you include "PDA & Cellphone" as computer;
or include "flash eeprom" as a "hard drive", then we agree.

Most Persons of Interest will have secrets on their mobile gizmos (which
use flash memory) as well as their PC's spinning disks.     Sync'ing the
PDA + PC means the security
boundary includes them both.

The important lesson is that all your gizmos will be seized and
analyzed.  And that
the world needs good Linux-based-PDA & flash-mem-compatible security
And don't forget the epoxy...

More information about the cypherpunks-legacy mailing list