Print 66 comment(s) - last by jamesd1234.. on Feb 22 at 9:23 AM

Ramona Fricosu's attorney says she may have forgotten the password

Last month, a Colorado woman was ordered to decrypt her laptop in order to help prosecutors obtain evidence in the bank fraud case against her. Now, Ramona Fricosu's attorney is saying that the defendant may have forgotten her password, further prolonging the case and getting prosecutors nowhere with the hard drive.

"It's very possible to forget passwords," said Philip Dubois, Fricosu's attorney. "It's not clear to me she was the one who set up the encryption on this drive. I don't know if she will be able to decrypt it. The government will probably say you need to put her in jail until she breaks down and does what she is ordered to do. That will create a question of fact for the judge to resolve. If she's unable to decrypt the disc, the court cannot hold her in contempt."

Davies said Fricosu has not said in any court documents that she has forgotten the password. They are waiting to see what position she takes in court.

Fricosu was accused of bank fraud in 2010, and had her laptop seized by authorities for investigative purposes. When attempting to search her hard drive, authorities found that it was encrypted using full disk encryption, which prevents unauthorized access to data storage. The option can be found in operating systems like Mac OS and Windows, and if authorities tried to crack it themselves, they could damage the computer.

Colorado U.S. District Judge Robert Blackburn then ordered Fricosu to decrypt her hard drive and return it to the court so prosecutors could use the files against her in the bank fraud case. Fricosu tried using the Fifth Amendment to protect herself, arguing that it protects her from compelled self-incrimination.

However, Blackburn concluded that "the Fifth Amendment is not implicated by requiring production of unencrypted contents of the Toshiba Satellite M305 laptop computer." Assistant U.S. Attorney Patricia Davies backed Blackburn's decision, saying that encryption cannot be a sure way for criminals to bypass the system.

Source: Wired

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Is this actually necessary?
By hkscfreak on 2/7/2012 2:24:09 PM , Rating: 2
Their technology relies on having the the decryption keys in memory while the computer is powered on and the drive is mounted which is a weakness in all drive encryption schemes. It won't help if the computer is powered off and not hibernated or if the drive was not mounted at the time the police recovered the computer.

I don't remember the exact math, but brute forcing AES-256 is an exercise in frustration. I remember reading somewhere that the sun will explode before you are likely to find the key.

If you're going to encrypt something I highly recommend TrueCrypt, which is free and includes some helpful features such as auto-dismounting when there is no activity and hidden volumes for plausible deniability.

RE: Is this actually necessary?
By drycrust3 on 2/7/2012 3:46:55 PM , Rating: 2
I highly recommend TrueCrypt

According to Passware, if you are using TrueCrypt "The decryption might take several minutes depending on the size of the memory image file".
I'm not sure if that means they can extract the password of a fully shut down computer with an encrypted HDD in less than an hour, but if does, then maybe TrueCrypt isn't as secure as you believe.
As I suggested, has anyone in the police department actually tried this software?

RE: Is this actually necessary?
By PhoenixTX on 2/7/2012 4:27:58 PM , Rating: 4
TrueCrypt is very secure. From the Passware website:

Passware Kit scans the physical memory image file ( acquired while the encrypted BitLocker or TrueCrypt disk was mounted , even if the target computer was locked), extracts all the encryption keys, and decrypts the given volume. Such memory images can be acquired using Passware FireWire Memory Imager (included in Passware Kit Forensic), or third-party tools, such as ManTech Physical Memory Dump Utility or win32dd.

If the target computer with the BitLocker/TrueCrypt volume is powered off, encryption keys are not stored in its memory, but they could be possibly recovered from the hiberfil.sys file, which is automatically created when a system hibernates.

NOTE: If the target computer is turned off and the TrueCrypt/BitLocker volume was dismounted during the last hibernation, neither the memory image nor the hiberfil.sys file will contain the encryption keys. Therefore, instant decryption of the volume is impossible . In this case, Passware Kit assigns Brute-force attacks to recover the original password for the volume.

Unless they seized this computer while it was on/hibernated and have kept it in that state for two years, then Passware (or anything like it) will be worthless.

RE: Is this actually necessary?
By SlyNine on 2/7/2012 9:20:52 PM , Rating: 4
Doesn't matter, since this is whole disk encryption the OS and thus hibernation file is most likely encrypted. If this person knew what they were doing there is likely (notice my weasel word) no way to encrypt the drive in a reasonable amount of time.

"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller

Latest Headlines

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki