Martin Forest wrote:
>
> With the correct forensic tools, you can recover all data on the disk,
> unless the disk is encrypted. It will cost you a few thousand dollars
> as it is not just as simple as connect the disk to another computer.
> You basically have to dismantle the disk and use specific equipment to
> recover the data. The HD protection will probably prevent a normal
> person from getting the data, but if you have “classified” information
> on the computer, someone may find it worth spending the money to get
> to the data.
>
> I still like both bios and HD passwords. If everyone set it, the
> market for stolen laptops would be small(er)…
>
Why would that be? I strongly suspect that 99.99% of the market for
stolen laptops is the hardware and nothing else. A stolen laptop
probably doesn't even get a cursory glance before it is formatted with a
new Windows install.
It costs organizations big $$$ when a laptop with sensitive data on it
is stolen, but that is because they don't know for sure that it has been
fdisk'd.
More over, if everyone used BIOS and HD passwords that would .... hmmm,
not do much at all:
* No effect on the market for stolen laptops, see above.
* Nearly no effect on the cost of recovery if sensitive data is on a
stolen laptop: it just sets a lower bound on the value of the data
you can disregard. If the value of the data is below the $2K it
costs to recover the drive, then ignore the incident, otherwise
proceed with your press release mea culpa
I think the largest market impact of everyone enabling BIOS and HD
passwords would be a sharp spike in demand for help desk staff :)
Crispin
--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering http://novell.com
AppArmor Chat: irc.oftc.net/#apparmor
_______________________________________________
FDE mailing list
[email protected]
http://www.xml-dev.com/mailman/listinfo/fde
