
HotPlug allows hot seizure and removal of computers from the field - _pius
http://www.wiebetech.com/products/HotPlug.php
======
swolchok
I feel kind of obligated to mention that you can also solve the same problem
if the machine is sitting around fully unlocked (not idle and thus cluing the
disk encryption in) with a cold-boot attack --
<http://citp.princeton.edu/memory/> .

The short version: the contents of RAM are preserved pretty well during power
loss if you cool the RAM chips, e.g. by dunking in liquid nitrogen or even
just spraying with an inverted air duster, and the encryption key is stored in
RAM so that the intended user can access the disk, so you can later recover
the key from the frozen RAM.

------
ErrantX
This would probably cause a lot of trouble for evidence being admissible if it
was required for court. Using it would almost certainly cause lots of head
scratching and WTF moments.

To be perfectly honest WDE is not a wide spread as people think - and probably
80% of the time it does crop up keys are usually willingly given up.

In a corporate scenario situations where you need to find the WDE key usually
occur after someone shut the machine down anyway... ;)

(also: Health and Safety would have a fit: you'd almost certainly need to be a
qualified electrician for them to let you do it..)

All in all: waste of time and money

------
ax0n
This technology has been around for quite a while. I was able to attend a High
Technology Crime Investigation Association meeting because I was helping with
the computer forensics coursework at a local college (featuring a police
academy and administration of justice program) and I got to use this very
device.

They've made it about as safe as can be. You just can't be a complete moron.
As long as the data has been handled properly, yes it's still valid as
evidence. Hooking a computer up to a UPS in-situ, then plugging in the
equivalent of a USB mouse will not invalidate the evidence.

------
asciilifeform
Solutions:

1) Accelerometer (as someone already mentioned)

2) Trigger encryption upon disconnect from your particular network

3) GPS

4) Very simple one: re-route AC power inside the machine chassis through a
SPST momentary switch glued to the underside. When the machine is lifted,
power is cut.

5) More, that I won't list here, because they will end up in the swines'
handbooks. Use your imagination.

------
riffic
this is some evil shit.

~~~
riffic
Apparently authoritarianism is popular here. still evil.

------
noonespecial
I know its for use by trained professionals and all but _good lord_ , there's
hot wires just hanging out all over the place. In the "advanced methods" they
actually advocate disassembling the wall plug and cutting hot leads while the
building wiring is _still live_.

If I were the forensics guy, I'd want hazard pay to use this thing. Is the
"evidence" gathered by this method even valid after you've stuck thumb drives
in it and driven it around in your van while its still running in read/write
mode?

Edit: I've just thought of a wonderful addition to truecrypt involving the
accelerometer... Anyone involved in the TrueCrypt Foundation here? Icanhazplz?

~~~
there
_Edit: I've just thought of a wonderful addition to truecrypt involving the
accelerometer... Anyone involved in the TrueCrypt Foundation here?
Icanhazplz?_

4 years ago when openbsd got a driver for the thinkpad accelerometers, i wrote
a little utility that would watch the values and if it detected a sudden
movement, it would run a script to lock the screen, remove ssh key passphrases
from memory, etc.

i had an irrational fear of someone running into my office and stealing my
laptop but i'd always forget it was running and would get up with the laptop
and end up locking everything.

it would be useful in a server or desktop system since they should never move
(and thus it could do something more drastic like a fast shutdown and power
off) but since they never move they probably don't have accelerometers built
in anyway.

~~~
weaksauce
But you could put an accelerometer hooked into the usb header on most
motherboards.

------
teuobk
Seems pretty straightforward, conceptually. Sense the presence of AC voltage,
and when the AC voltage goes below a certain threshold (e.g., it goes away),
close some switches to connect an alternate AC supply in less time than it
takes for the computer's power supply caps to completely discharge.

At least that's my guess on how it works.

~~~
nearestneighbor
There is no need for that. You just supply the same voltage at the same phase
and frequency as the outlet. Then disconnect the outlet.

<http://www.youtube.com/watch?v=kdRBWNkyaP4>

P.S. Prior art by G. Costanza

~~~
teuobk
Funny clip :-)

If they were powering it from a DC source, like a battery, that would be the
way to go. However, it looks like they are powering the device with a separate
AC supply. Connecting one AC supply to another -- synchronizing voltage,
frequency, and phase -- turns out to be difficult.

The most practical method of doing so is by first converting to DC before
converting back to AC. In fact, the interconnects that link the regional power
grids in the US are high-voltage DC, because, among other reasons, that allows
the grids to be unsynchronized.

The advantage of the simple sensor-and-switch approach is that one need not
worry about synchronizing the replacement AC source with the original AC
source. The downside is that the window for the switchover is pretty small.

~~~
noonespecial
Synchronizing phase, and/or hitting that switchover window is trivial for even
the cheapest microcontroller. One cycle at 60Hz seems fast but its an eternity
for a 20Mhz uC.

I'm going to guess "detects the drop and hits the window" simply because this
is how cheap UPS units work and I'd bet a month of lattes that its made of
cheap UPS guts.

~~~
andrewcooke
can you explain how synchronizing phase is trivial? the previous post made
sense to me. it _is_ hard to shift phase.

i agree that you could not try, and instead "hit the gap" (in which case
synchronizing phase isn't important), but if you don't do that, and instead
want to connect two supplies at once, how does a microcontroller make that
easy?

~~~
nearestneighbor
Firstly, you don't need to phase shift here, because you'll need to generate
AC from DC (battery), so you may as well generate it in phase with the signal
from the outlet.

Secondly, if you need a phase shifting device (for something else), depending
on the requirements, there are a number of options starting with something as
simple as an RC unit.

Thirdly, generating "AC" [periodically changing signal] of a given voltage and
an (approximate) frequency in sync with some other signal is what CRT TVs did
(for the CRT).

> it is hard to shift phase.

Not to the engineers building these kinds of devices

(I'm explaining high school to freshman Physics here)

~~~
andrewcooke
maybe instead of explaining the obvious you should read the original comments.
the comment i was defending was about converting ac to ac. _their_ conclusion
was that it would need to go through dc (which no-one, including me, has
disagreed with).

