QUESTION :
does using aes 256 or some other crypto algorithm produce the same degree of randomness as that when using an erasing algorithm like gutmann or dod?
i mean is it possible to look at a “RAW” hdd and say whether its wiped or if it is encrypted?
is it possible to use the “disk wiping” argument as a plausible deniability method?i mean saying something like “the entire hdd is wiped with 35 passes of gutmann”
can any forensic examine the hdd expert say whether its encrypted or wiped?
ANSWER :
Because I’m neither a forensic examiner nor attorney I can give my best guess analysis.
In the modern world, disk wiping is becoming more of a standard than a “hacker’s best friend” due to risks of identity theft. Simply wiping a drive, to me, would not be any more an admission of guilt than clearing a browser history. It may play in the bag of tricks of semantics more than actual usability.
According to a `NIST 800-88′ reports, there are different levels of disk wiping. Software based disk wiping is considered “CLEAR” level processes whereas Secure Erase is considered a “PURGE” level. For Secure Erase, NIST considers one pass as being sufficient to render the disk useless for data recover. The CLEAR level is still considered recoverable.
The best answer can be sought here by scrolling down to the comment made by Ryk Edelstein.
A secure block cipher is also a strong pseudo-random number generator (see: distinguishing attack). As of right now, an AES-256 ciphertext is indistinguishable from random data.
However, that doesn’t necessarily lead to deniable encryption. While the encrypted data itself appears to be random, certain aspects of disk encryption might prevent deniability.
For example, to boot of a HDD, unless you’re using hardware encryption, at the very least the Master Boot Record has to remain unencrypted. Any other HDD can be fully encrypted, but whether a given program provides deniable encryption or not depends on its design. Refer to the Whole disk column in Comparison of disk encryption software – Layering.
In addition, some programs provide plausible deniability by creating hidden volumes insides other volumes. Refer to the Hidden containers column in Comparison of disk encryption software – Features.