46
booting the decoy system. This is required to clear the memory, which may contain
sensitive data. For more information, see the section
Unencrypted Data in RAM
in the
chapter
Security Requirements and Precautions
.
o
The computer may be connected to a network (including the internet) only when the
decoy operating system is running. When the hidden operating system is running, the
computer should not be connected to any network, including the internet (one of the
most reliable ways to ensure it is to unplug the network cable, if there is one). Note that
if data is downloaded from or uploaded to a remote server, the
date and time of the
connection, and other data, are typically logged on the server. Various kinds of data are
also logged on the operating system (e.g. Windows auto-update data, application logs,
error logs, etc.) Therefore, if an adversary had access to the data stored on the server
or intercepted your request to the server (and if you revealed the password for the
decoy operating system to him), he might find out that the connection was not made
from within the decoy operating system, which might indicate
the existence of a hidden
operating system on your computer.
Also note that similar issues would affect you if there were any filesystem shared over a
network under the hidden operating system (regardless of whether the filesystem is
remote or local). Therefore, when the hidden operating system is running, there must
be no filesystem shared over a network (in any direction).
o
Any actions that can be detected by an adversary (or any actions that modify any data
outside mounted hidden volumes) must be performed only when the decoy operating
system is running (unless you have a plausible alternative
explanation, such as using a
"live-CD" system to perform such actions). For example, the option '
Auto-adjust for
daylight saving time
' option may be enabled only on the decoy system.
o
If the BIOS, EFI, or any other component logs power-down events or any other events
that could indicate a hidden volume/system is used (e.g. by comparing such events with
the events in the Windows event log), you must either disable such logging or ensure
that the log is securely erased after each session (or otherwise
avoid such an issue in
an appropriate way).
In addition to the above, you must follow the security requirements and precautions listed in the
following chapters:
•
Security Requirements and Precautions
•
How to Back Up Securely