Nowadays many computer users aren’t much aware of the risks and types of attacks that may target their files and information. Nevertheless information security awareness usually covered and influenced by lots of myths and misleading perception. A popular myth among computer users is “my data is safe while my computer is off and accessing it will require my password” and as you would guess that’s not quit true. This false perception will lead to a vast of threats and attack that targets data and information. Below are some facts which defeat that myth and methods to exploit and take advantage of it :
1. Data is not encrypted in computer systems by default, thus, any digital forensics expert can retrieve your data from your hard disk even if it was protected with windows login password.
2. Access your data at rest doesn’t require a rare expertise, in fact, if you boot your computer with a Linux live CD you would be able to bypass windows authentication password and access all of your saved files and folders. (Try it yourself!)
3. Windows authentication process is weak and there are many free tools on the internet which can rest any windows password or even log you in without a password, check out Kon-boot bootable tool which will magically let you inside any Windows operating system.
4. If you lose your laptop or someone steals it your data will be at a great risk as they are going to try out all the methods above to find out what files sits on your hard disk.
The above exploitation techniques are widely available and the internet makes it easily accessible for malicious attackers or simply script kiddies. Information technology community and security experts should all contribute to help raise the information security awareness and bring attention to some of the critical vulnerabilities caused by false security perception. In addition, there are many methods to mitigate from the attacks that target data-at-rest. One example of that is the usage of files and folder encryption and applying a strong authentication process. Security software like Folder Lock will help you protect your sensitive data with strong AES 256-bit encryption which will make non of the attacks mentioned above gets close to your data and files. Folder Lock also supports more advanced features like hiding itself in the system, so no one knows that you are using a security software nor you have encrypted your secret files.