Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The likelihood of them showing and doing that is low. However, the likelihood of them showing up with a set of USB drives and just running rsync/cp/dd is higher.


Normally you unplug the drives and take them to a lab. Never let the host operating system continue running with those disks!


Maybe in the 90s. Unplugging the drive is how you kick FDE in now. The drive only has value while mounted and running on the host OS.

Even cellphones...you want them running decrypted, but inside a Faraday cage of some kind to block remote wipes.


I don’t know how FDE works so thanks for the correction. I’ve read stories about feds pulling out drives and asking for keys later.

But to run dd wouldn’t you need root access? And couldn’t you use that to dump the FDE keys from memory?




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: