[tor-talk] Forensics on Tor

Marcos Eugenio Kehl marcoskehl at hotmail.com
Thu Jan 23 16:04:50 UTC 2014







Hey experts! Reading about Tails and Whonix, I learnd that Whonix is for virtual machines and Tails don't. https://www.whonix.org/wiki/Comparison_with_Others The questions are: 1. What kind of metadata could remain on Windows 8 when running Tails and Whonix on virtual machine (VMWare and VirtualBox)? Should I inquire the developers? If no metadata remains, the fact virtual machine provides us another IP and mac adress, would not be safer?  2. Should we disable or block by firewall my antivirus when running Tails or Whoinx on virtual machine? 3. No metadata remains on the live dvd-rw when running Tails as main boot? 4. No metadata remains when running Tor on Ubuntu? If yes, how can I clean it? 5. "The Tor design doesn't try to protect against an attacker who can see or measure both traffic going into the Tor network and also traffic coming out of the Tor network. That's because if you can see both flows, some simple statistics let you decide whether they match up. That could also be the case if your ISP (or your local network administrator) and the ISP of the destination server (or the destination server itself) cooperate to attack you. Tor tries to protect against traffic analysis, where an attacker tries to learn whom to investigate, but Tor can't protect against traffic confirmation (also known as end-to-end correlation), where an attacker tries to confirm an hypothesis by monitoring the right locations in the network and then doing the math" The sentence above means that downloads through Tor are encrypted? If yes, it means that, even if the entry node and the exit node are compromissed, the attacker can't easily decrypt what I have downloaded? Cheers!Marcos Kehl (Brasil)  

 		 	   		  


More information about the tor-talk mailing list