On Tue Apr 27, 2021 at 10:49 AM BST, Janne Johansson wrote: > Regardless of OS, the "easiest" setup is where you encrypt the drives > and wipe by "forgetting" the keys. Then you can dd the disks if it > makes someone else happy but having FDE and changing the key to > something random that you don't store, and then doing a normal wipe in > the simplest of terms would cover a lot of the practical attacks. > > For the ones concerned with theoretical and imaginary enemies, > PXE-booting into a DBAN.iso or similar wiping solutions is probably > the next step. Also OS-independent.
Thanks Janne. Certainly those are two useful methods for ensuring that the disk is wipe or the contents are not accessible. The scenario I am thinking about is say a laptop is left in a suspended state, and forgotten on a train somewhere. The contents of the drive would be recoverable in that state unless something remote was to lock it down or wipe the disk -- Oliver Leaver-Smith TZ=Europe/London
