Security chip to limit OS X to Macs - vnunet.com: "The upcoming Longhorn version of Windows relies on the TPM for a technology dubbed Secure Startup, which blocks access to the computer if the content of the hard drive is compromised. This prevents a laptop thief swapping out the hard drive, or booting the system from a floppy disk to circumvent security features. "
How "pain-in-the-butt" is this going to make forensic analysis?
Joel Esler, Sourcefire, Snort, Immunet, ClamAV, Apple, and Network Security. This is my blog.
Subscribe to:
Post Comments (Atom)
Call of Duty Error 6034 for the Xbox
Several friends and I play Call of Duty nearly every night. However, Activision’s most recent multiplayer update broke the heck out of Call...
-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so...
-
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
-
For those of you that haven't heard of DropBox, it's essentially a synced drive that is stored on DropBox's servers (in the clou...
2 comments:
I'm not sure it will effect forensics really. Yank the drive, image the drive, work from image. Drive is never booted once it is yanked and marked as evidence.
The only catch is if the image has to be booted under OSX. At that point one would need some method of spoofing the TPM ID...which I'm sure someone is already working on.
I'm not sure it will effect forensics really. Yank the drive, image the drive, work from image. Drive is never booted once it is yanked and marked as evidence. The only catch is if the image has to be booted under OSX. At that point one would need some method of spoofing the TPM ID...which I'm sure someone is already working on.
Post a Comment