On 8/29/16, Shawn K. Quinn <[email protected]> wrote: > forensic analysis can be concentrated on the ~100MiB that doesn't. But,
This is why you're supposed to fill the drive with random, then lay down your crypto file system (the crypto also completely safeing whatever flashy reallocatey tech the drive might use). You're also supposed to copy and nuke or fill your slack space with random on whatever frequency you want to make sure any journal / cow is flushed and random'd along with the [deleted] slack in case the key is compromised or you're exploited while online so your deleted data doesn't come back. And rig some panic switch to at least detach (typically wipes key from ram), if not blacken, and reboot. Lastly keep some component of the key in your head. And destroy or sanitize your garbage. These basics have been well documented ever since dawn of disk crypto.
