Private consultations in forensic pathology 10 — Privacy and the road-warrior pathologist

I recently returned from a trip to testify in another state on a consultation case.   Most of the time, travel is just a day or two, but sometimes I’m on the road for a couple-three weeks.  When I’m on the road like that, I often have files from other cases on my laptop so I can do a little work in the hotel room.   One of my recurring nightmares is that my laptop will be stolen or lost and someone will get access to those files.   I thought I’d tell you what I do in order to decrease my anxiety.   I’m going to talk about operational security when I’m in the room and what I do to foil thieves.

The Apostle Luke tells us Jesus said “There is nothing concealed that will not be disclosed, or hidden that will not be made known.What you have said in the dark will be heard in the daylight, and what you have whispered in the ear in the inner rooms will be proclaimed from the roofs.” So, we know that trying to hide things from God won’t work, and in the end, we will be exposed to everybody. But, as the saying goes, “Everybody wants to go to heaven, but nobody wants to go right now.” Similarly, we should live our lives as if we will have to justify ourselves before God and the world, but we don’t want it exposed right now. And, security is a little like trying to live a life Jesus would approve of. We can try, but we can never be perfect. The best we can do is minimize what happens when we fail — at life and at security and privacy.

First, I’ll write about working in the hotel room.  The most important thing to remember is that hotel wifi is pretty risky.  You have no idea what their security systems are like, how encrypted things are, etc.  It’s not as bad as it used to be — I can remember back in the day when I could sit in my hotel room and monitor all the packets in the building just for kicks.   Not so easy anymore, but still…   So, here’s what I do:

1. I use my own hotspot.  I use a “JetPack” MiFi  from Verizon.  This isn’t the fastest thing in the world, but it’s fine for doing work.   Remember to use good encryption for the password (WPA2 is the best my device does, though some support WPA3).  Use a good password.  Finally, and very importantly, *do not advertise your hotspot (SSID)*.   This avoids exposing yourself to every opportunistic hacker with a hotel room.   My MiFi was relatively cheap (a few hundred bucks) and costs me $15 a month on my plan (which is tax deductible).
2. Use a VPN.  I’m not going to write about how VPNs work here, but if you are not familiar with VPNs and how to choose one (e.g. don’t use one of the free honey pots) read up on it.
3. I have a friend who has a different setup.  He takes along his own wireless router that both does encryption and connects to a VPN.  He does that through the hotel wireless, though, and that still gives me the shudders.  My method bypasses hotel wifi completely.

Now let’s talk a little about security of your rig.

1. Consider a cheap road box just for traveling.  I have a little $400 laptop that I travel with.  This is in contrast to my $3000 rig I use at home.  I’m not going to be *making* my graphics on the road, and I don’t need zillions of cycles.  I just need to review documents and play multimedia.  If the box gets broken (one time I had a luggage cart drive over my laptop and smash it) or stolen, it’s unfortunate but not the end of the world.  Plus, you can modify it for higher security and less ease of use since you are using it just when you travel.
2. Consider storing your files in the cloud and only download the ones you need to work on onto the road computer.  Privacy and security in cloud storage is a whole ‘nother topic. Encryption is your friend.  Don’t trust the cloud storage company.  Remember that some places (cough, Microsoft, cough) will scan everything you upload, as I remember.  I normally download the files I need when I’m in the hotel room, and then delete them as soon as I’m done looking at them.
3. Use a good password.  I don’t know why this is hard for people to understand.  People worry about security and privacy, and then use “doggie” as their password.   It’s crazy.  There are all sorts of tools to break passwords that anybody can use.  Just turn it on and let it go.  Don’t be the person with the password it takes ten seconds to brute force.  There are lots of articles on making a good password.  Go read them.  The most important, in my mind is the length of the password.  For a road box, your password should be at least 11 or 12 characters.  Mine has 18.  It should also contain small case, capitals, numbers, and special characters in no particular order.

   There are a couple of philosophies about this.  The first is that the passwords should be completely random, which means you have to write them down and maintain security of your password list.  The second is that you use some mnemonic, which makes it less likely that you have to worry about a password list but often makes the password a little less secure (since  mnemonics are not random).  I’ll take the hit on the second so that I don’t have to carry a password list with me.  I usually use literary quotes from books and speeches I know.  For example “It was the worst of times, it was the best of times.”  becomes “1tw@$tH#woRs^06t!M#s1tw@$tH#2#st06t!M#s”  Finally, don’t use the same password for your road box that you use on any other box.  If someone cracks your Amazon passcode, don’t give them this as well.

4. Use full disk encryption.  This is another no-brainer.  Here’s the thing if you are not aware of it.   If you don’t encrypt your disk, then all you have to do to harvest files is to boot your machine from a USB drive or equivalent, mount the laptop drive and then explore it.  If it’s encrypted, you can’t do that without the password.  If you don’t encrypt your drive, then your computer is an open book to anybody who can touch it.  Now, I’m a Linux guy, so I can’t talk about Windows and MacOS encryption all that much.  I did a search on Windows and it seemed that encryption was available but may or may not be on by default.  If it’s not on, then turn it on and encrypt your disk.   Linux distributions, in general offer it as an option on installation of the operating system.
5. Set your power options so that it turns off when you shut your lid. When I’m at home, I sometimes have processes that run for hours. So, I don’t want my computer to turn off if it’s “inactive” for awhile or if I shut the lid. For my road machine, I don’t want someone to open the box and have everything running in a decrypted setting. So, set your power options to shut down when you are inactive or shut the lid.
6. If you use Linux, you can take advantage of a couple of options that I don’t think are easily available on Windows or Macs.  One of the more interesting is the “Nuclear” option.  In Linux, the most common encryption setup (called LUKS) actually allows up to 8 passwords.   The “Nuclear” option method is to set up two passwords.  With one password, the machine boots up normally.  If the other password is used, the header information for the disk is erased, so that it cannot be unencrypted and everything in the computer is made permanently unavailable (even to you).  The primary use is for people who cross borders where they are forced to turn on the computer and provide the password.  This is an implemented option in a couple of linux distributions such as Kodachi and Kali.A common implementation (such as with Kodachi linux) is to have a second partition in which you can keep sensitive files.  If you input the “Nuke” password, the machine will boot up on the first partition, but the second partition will be corrupted.  This is particularly useful for SSD drives, since it is not possible to erase files by overwriting them.  Remember that, unlike magnetic drives, SSD drives do not write to the same place when you overwrite a file.  Thus, the fragments may still be available for forensic recovery.
    
   Kodachi, unfortunately, has not been updated for some years so it’s not really an out of the box option right now.  However, it is possible to implement this in any linux distribution with a little effort. You can also set it up to delete individual files or folders, but that is less secure.Basically, it has two steps:  1) Add a second password, 2 Add a script that erases the encryption headers on the disk.   Searching the internet for step by step instructions is hard, but ChatGPT does a very good job. If you want email me and I’ll send you my ChatGPT instructions.

   I use it with the two partition solution, and I put my casework in the second partition. Then, I tape a piece of paper with an easy second password (e.g. “oliver1”)  on the bottom of the computer. My hope is that someone who steals my laptop will see the password and think I’m one of those people who put their password on their box, and they will use it.  I’ve had to turn on my laptop in airports a couple of times, but I’ve never been forced to put in the password, not even going to and leaving Israel, and they are pretty security conscious.It should be remembered that a “real” forensic analysis of your computer will involve imaging the disk before entering any passwords, so this it not something that will help you (though making your nuke password easily crackable may distract them). This is not for fooling the NSA. This is for fooling some asshat who steals your box.

7. A second thing you can do with a linux system —  and I assume it’s possible on other operating systems as well — is to set up a script that runs cleaning software (e.g. bleachbit) every couple of hours.  In linux it’s called a “cron job.”  In Windows you can use the “Task Scheduler” I think.   Macs (which is an adulterated BSD system) uses launchd and “Automator”.  One of the big problems with modern software is that so many apps keep snapshots, thumbnails, etc. in temporary cache files.  If someone steals your computer and can get to those cache files, they can get a lot of information even if they can’t get the files themselves.  Cleaning software like bleachbit (of Hillary Clinton fame) will get rid of all that stuff.  In a linux system it’s trival to set up a script that runs every hour or two so that there’s no collection of thumbnails and temp files on your machine if it’s stolen.
8. A third thing I do, which is a little more problematic on Windows or Macs, is to erase the entire machine and reinstall the OS on my travel machine when I get home.  Thus, any malware I may have picked up on the road will be erased.   My experience with installing Windows and MacOS is that it’s a little more of a hassle than installing linux, which takes about 20 minutes and requires minimal supervision.

OK, now a couple of philosophic things.  First, if you use Windows or Macs, please consider using Linux or BSD.  Here’s the thing.  Microsoft, particularly with Windows 11, is becoming increasingly intrusive with its surveillance.  With the new AI enhancements, the OS comes basically with a keylogger and screen snapshot system that’s sent to the mother ship.  From what I read, you can try to opt out, but history has not been supportive of corporate behavior in that respect.  I don’t know about Macs.  The bottom line with linux, however, is that surveillance is minimal and all opt-in — essentially consisting of whether or not to send usage notifications and crash reports to the folk who make the distro.  Linux is not hard to learn or use, in spite of the propaganda, and the interface is fun.  It’s free.  It’s easy to copy from device to device.  It’s easy to harden, particularly with distros like Ubuntu.  There are no copyright issues.

Sure, there’s some software that you may need Windows for.  For me, it’s Quicken.  I have my personal financial data from 1990 until now on Quicken, and it will only run on Windows. Quicken uses a proprietary data format, so my past 30 years of financial records are held hostage by the platform.   So, I run Windows on a virtual machine when I need that particular program.

But… Linux is a little like the standard transmission of car thievery.  Merely using linux will make it difficult for a subset of thieves to use.

The second issue is that of peripherals.  I used to travel with a little portable printer.  However, those little thermal printers really don’t provide great output, and the portable “real” printers, like the HP OfficeJet 200 are more bulky than I’m willing to travel with.  And I haven’t had to print anything in years.  Usually, if there’s an issue, counsel will print something off for me.  The same thing is true of those little projectors.  Now, I have to say that I’ve been assuming that I am traveling only for testimony.  I have had occasion to travel for other reasons — committee meetings and long term trial attendance — in which these things would have been helpful.  But mostly I prefer to travel light.  The only peripheral I travel with now is a laser pointer on my key chain.