+
+
+
@@ -135,29 +138,53 @@ nothing@debian:~$ veracrypt
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
[ nowhere ] [ /dev/pts/1 ] [/mnt/veracrypt1]
@@ -636,22 +667,29 @@ nihilist@mainpc:~$ scp shutdown.sh root@65.109.30.253:/root/sensitive_scripts/sh
As stated before, this part is relevant only if you are in the usecase where veracrypt remains installed on the host OS outside of live mode. You can skip that part if you are keeping veracrypt installed only in live mode.
So first we open the veracrypt, and open the decoy volume:
+
+
Then we open VLC, and we hit "Open file" and browse to our non-sensitive files:
+
+
Then suddenly someone busts your front door, and you quickly press "Super+R" the VLC window immediately closes, followed by the closure of the veracrypt volume, and in a few seconds you have the Host OS shutting down. And as the Host OS shuts down, all the RAM contents are erased (even though there was nothing sensitive in it this time).
-![]()
And that's it ! if the adversary didnt get to your desk by the time you pressed the shortcut, he didnt get to see the content you were playing on your monitor.
Hidden Volume Scenario (using the sensitive VM)
Now to test emergency shutdown on the hidden volume side, we first open the hidden volume:
+
+
Once the hidden volume is mounted, we hit "Super+V" to quickly setup the whonix VMs:
+
And after a while of doing some actual sensitive stuff on the whonix VM you hear your front door being busted down, so you quickly hit "Ctrl+Alt" to focus out of the VM, and then you hit "Super+R" to trigger the emergency shutdown:
+
Here it also only takes approximately 4 seconds after pressing "Super+R" to have the VMs removed, the veracrypt volume closed, and your Host OS shutdown, erasing all the forensic evidence regarding the existence of the veracrypt hidden volume and the Sensitive Whonix VM that it contains.
And that's it ! You now have a Sensitive VM ready to be used, and you have implemented the necessary measures to protect the deniability of it's existance, from an adversary.
@@ -669,6 +707,7 @@ nihilist@mainpc:~$ scp shutdown.sh root@65.109.30.253:/root/sensitive_scripts/sh
With this setup, you have deniability the moment that the Host OS finishes shutting down, regarding the existance of the veracrypt hidden volume, and the whonix sensitive VMs that are in it. Meaning that it is impossible for an adversary that seizes your computer to prove the existance of the Whonix Sensitive VMs after the Host OS finished shutting down.
If you leave veracrypt and shutdown.sh on the host OS, below is all an adversary will be able to see , if he were to seize your laptop after you manage to shut it down:
+
Of course, if you are ever forced to, ONLY give your decoy password to the adversary. The existance of the hidden volume, and of the secret password thats used to reveal it must remain a secret at all costs, it must remain known only by you.
If you are ever dragged into court, the judge will appreciate much more if you actually hand over your laptop, and show that you are willing to cooperate with the authorities by providing your password to unlock it, rather than starting to pretend you forgot your password (which can end badly like in this court case, where the defendant was found to be in contempt of court, and thrown in jail for 6 months for it).
If ever asked by the authorities on why you used veracrypt in your laptop, you can simply claim that it was to put your stash of adult content in it. Nothing incriminating about it, and it is plausible given that you dont want that laying around on your desktop, due to being of a private matter.