<p>In this tutorial we're going to look at how you can run Tails OS (The Amnesic Incognito Linux System) on a USB Stick, and also on a QEMU VM, following the official documentation <ahref="https://tails.net/doc/advanced_topics/virtualization/virt-manager/index.en.html">here</a>. </p>
<p><b>Tails OS is suitable for Short Term Sensitive Use due to it's default live-mode feature</b>, where upon shutting down the OS, every forensic trace of what you were doing is completely erased from memory, where the entire OS is loaded into. There are no disk-writes at all by default. (Unless if you use the persistent storage, which is not suitable for sensitive use, due to not being deniable encryption like <ahref="../veracrypt/index.html">Veracrypt</a> ).</p>
<p>While it is similar to Whonix, it is specificially intended for temporary sensitive use. <ahref="../sensitivevm/index.html">Whonix</a> on the other hand can be used for long-term sensitive use. Click <ahref="https://www.whonix.org/wiki/Comparison_with_Others">here</a> for more details on the differences between Whonix and Tails.</p>
<p>I recommend using this setup for <ahref="../anonymityexplained/index.html">Anonymous use</a> if you store anything into the persistent storage, <b>or for short-term <ahref="../deniability/index.html">Sensitive use</a> if you are not storing anything sensitive in the persistent storage</b>, as per the <ahref="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
<p>Now here we can use <ahref="https://etcher.balena.io/#download-etcher">balenaetcher</a> to flash the tails OS image onto a usb stick that we plug in on our computer:</p>
<p>Now that the Tails OS image has been flashed onto the usb stick, you can simply reboot your computer, and then enter the boot menu to choose to boot onto the USB rather than onto your host OS. In this example i need to press ESC, but depending on your motherboard you may need to press F2, or F11, or another key.</p>
<imgsrc="34.png"class="imgRz">
<p>Then after entering the boot options by pressing ESC, we press 1 to choose to boot onto the USB key, rather than booting on the system drive.</p>
<imgsrc="35.png"class="imgRz">
<imgsrc="36.png"class="imgRz">
<p>And you've just booted in Tails OS from your usb key!</p>
</div>
</div><!-- /row -->
</div><!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<divid="anon2">
<divclass="container">
<divclass="row">
<divclass="col-lg-8 col-lg-offset-2">
<h2><b>Tails QEMU VM Setup </b></h2>
<imgsrc="21.png"class="imgRz">
<p><h2><u>OPSEC Recommendations (for the QEMU setup):</u></h2></p>
<li><p>Application: <ahref="../index.html">Host-based VPN</a> (if your ISP doesn't allow Tor traffic) </p></li>
</ol>
<p><u>Sidenote:</u> If your ISP does not allow Tor traffic, make sure that you <ahref="../vpnqemu/index.html">route the QEMU VMs traffic through a VPN</a>, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup</p>
<p>Now in the same way (even though it is a less-popular setup) we can also we can create a Tails OS QEMU VM in virt-manager like so:</p>
<p>Once in there, depending on your use, you can select to have an admin password and a persistent storage if you need it. Otherwise everything you do in the VM will be wiped clean upon shutdown (hence the word amnesic).</p>
<p>Then we select connect to tor automatically:</p>
<imgsrc="11.png"class="imgRz">
<p>And here we click start the Tor browser to browse the web anonymously, and if you're curious and want to see the tor Circuits you can view them also:</p>
<p>Then once the software installed, you have the possibility to store it in the persistent storage as well, so that it can be available when you launch tails again:</p>
<p>Now suppose you are living in a country where using Tails OS and Tor is not going to be a reason to immediately throw you in jail, the adversary is busting down your door, while you are browsing a sensitive website with it, and you want to make sure that there is no incriminating evidence to be found against you when the adversary seizes your computer.</p>
<p><b>Reminder, this is only for temporary sensitive use, do not save anything sensitive in the persistent storage because otherwise the adversary can force you to unlock it to reveal the contents.</b></p>
<p>If you have a regular live usb tails os setup, all you need to do is to simply <b>unplug or disconnect the USB stick to shutdown the system and wipe off all forensic trace of what you were doing:</b></p>
<videowidth="100%"height="100%"controls>
<sourcesrc="40.mp4"type="video/mp4">
</video>
<p>And If you have a Tails OS VM, you can simply hit the shutdown button to erase what you were doing in the VM:</p>
<p>All you need is to shutdown the VM, and everything forensic trace of what you were doing in it gets immediately erased from memory, as if there was nothing there to begin with. <b>Effectively leaving the adversary empty-handed with no incriminating evidence to use against you in court.</b></p>
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <ahref="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><imgsrc="\CC0.png">
