oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 11:56:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Resolve merge conflict by incorporating both suggestions

Browse source
This commit is contained in:
nihilist 2024-11-04 18:27:04 +01:00
commit 7c5b7812dc
3 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
opsec/livemode/index.html
View file

@ -80,10 +80,16 @@
<img src="../deniability/5.png" class="imgRz">
<p>In theory it is impossible to prove the existence of the hidden volume by itself once it is closed, <b>and if there is no proof of it's existence our deniability is maintained.</b> </p>
<p>But the issue is that we have more variables that we also need to keep under control, on the Host OS side you have <b>system logs, kernel logs</b>, the various other <b>non-standard log files</b> that software is writing on the disk, and even <b>the content of the RAM itself</b> can be used to prove the existence of a hidden volume.</p>
<<<<<<< HEAD
<img src="3.png" class="imgRz">
<p>Now when you are using your computer for regular public, private and anonymous activities, normally you don't need to care about those things. But the Host OS is a potential goldmine of forensic evidence to be used against you, <b>so for sensitive use specifically we need to take care of it.</b></p>
<p>Now you could start to manually erase all logs, all kernel logs, all non-standard system logs, manually overwrite the RAM contents, but this is going to be way too tedious and you're likely to miss something. So we have one simple solution: <b>use the Host OS in live mode</b>.</p>
<img src="4.png" class="imgRz">
=======
<p>Now when you are using your computer for regular public, private and anonymous activities, normally you don't need to care about those things. But the Host OS is a potential goldmine of forensic evidence to be used against you, <b>so for sensitive use specifically we need to take care of it.</b></p>
<p>Now you could start to manually erase all logs, all kernel logs, all non-standard system logs, manually overwrite the RAM contents, but this is going to be way too tedious and you're likely to miss something. So we have one simple solution: <b>use the Host OS in live mode</b>.</p>
<p>TODO: graph (regular host OS writes on system disk, and has contents in RAM, while live mode host OS does not write on system disk, and has everything in RAM) </p>
>>>>>>> 3d6d6e34a194e917e89381ed7f817e2e454904a7
<p>Thanks to live mode, <b>we are able to load the entire Host OS in RAM directly</b>, allowing us to avoid writing anything on the system disk (no system logs, no kernel logs, no non-standard logs, <b>only ram contents to worry about</b>)</p>
<p>And since everything is loaded inside the RAM, <b>all we need is to reboot the computer to wipe all of the RAM contents</b>, effectively <b>erase all forensic evidence (and all potential forensic evidence) of the existence of the hidden volume in one simple action.</b></p>
</div>