In our neverending search for internet security and privacy, we often overlook rather easy attack vectors for someone to steal our personal information. Sometimes the easiest way for an attacker to steal a victim’s information is to physically access their computer.
“But my computer requires a password to login, that is enough right?”
Doubtful. Unless you have encrypted your hard drive, an attacker need only either remove your hard drive or use a linux livecd to mount your hard drive and obtain your information from it. This is true for most filesystems.
“They can’t get my files anyways, I have deleted all the important stuff”
Another potentially wrong assumption. The concept of deletion in most operating systems is an interesting one. Since they were architected around spinning disks, many file systems use a reference table to “point” to a location on a disk where a file is stored. When a file is “deleted”, oftentimes the only thing that is actually erased is the reference to the data, and not the data itself. This will leave the original data lying around until it is overwritten later on. For a user that is not commonly writing things to disk, this could potentially be a long time.
An attacker with physical access to your disk can run a myriad of recovery programs that are freely available to recover your “deleted” files.
The reason that the actual data is not “erased” is that it would require overwriting the data, which would likely cause a significant decrease in the life of a hard drive. That would be true for a spinning disk which would cause a larger tax on the mechanical arm as well as a solid state, where the prevailing theories are that there is only a finite number of times that specific sectors can be written to.
So how do you combat physical access attacks on your computer?
It is a good idea if possible to encrypt your entire hard disk and require a password on startup. In most linux distributions, this is an option you can choose on install (LUKS encryption). For MAC, this is also a built in feature using FileVault. This is available in Windows via Bitlocker.
“Ok, I’ve got my hard drive encrypted, I’m good right?”
You are much better off than you were before. There are still a few things to consider, like the strength of your password. Hopefully you didn’t use a dictionary word or something that could be easily guessed. Additionally, these types of encryption only encrypt the data when your computer is not running. This means if you leave your computer unlocked at your table at the coffee shop while you are up waiting for your latte then you would still be vulnerable to a physical access intrusion.