Using the Host-OS in live-mode to prepare for long-term Sensitive Use #160

New Issue

nihilist · 2024-11-03T19:12:22+01:00

nihilist commented

2024-11-03 19:12:22 +01:00

to be explained:

why running the host OS in live mode is vial to hide the forensic traces of the hidden volumes
rather than having to erase all system logs, all kernel logs, etc you can just run the Host OS in live mode, and shutdown the OS when the adversary is busting down the door

to be showcased:

install the packages you need in non-live mode (veracrypt + qemu, etc)
and then boot into the Host OS in live mode
from here you can see that anything you write in the system disk isnt persistent accross reboot, but what is saved on a non-system drive is actually saved.

meaning that with this setup we can now setup deniable encryption on that entire drive, to put whonix VMs in it, for long-term sensitive use.

to be explained: - why running the host OS in live mode is vial to hide the forensic traces of the hidden volumes - rather than having to erase all system logs, all kernel logs, etc you can just run the Host OS in live mode, and shutdown the OS when the adversary is busting down the door to be showcased: - install the packages you need in non-live mode (veracrypt + qemu, etc) - and then boot into the Host OS in live mode - from here you can see that anything you write in the system disk isnt persistent accross reboot, but what is saved on a non-system drive is actually saved. meaning that with this setup we can now setup deniable encryption on that entire drive, to put whonix VMs in it, for long-term sensitive use.

nihilist added this to the OPSEC Tutorials (paid contributions) project 2024-11-03 19:12:22 +01:00

nihilist added the

Doable

label 2024-11-03 19:13:07 +01:00

nihilist added

pushed to prod (1 month external review)

and removed

Doable

labels 2024-11-08 18:43:23 +01:00

Sign in to join this conversation.