Debian 12 live to mount encrypted ssd

New to Linux

I broke my operating system after GCC and kernel upgrade, and i couldn’t put it back because system can no longer boot. The system is FD encrypted .

Booted from USB live installer which starts a real Debian system directly from the ISO image, without installation on disk .

Unlocked the internal partition through file manager and moved one file from there to desktop of live image then i have locked partition and performed new fresh install with format and FDE

The question is whether the moved file remain unencrypted on ssd despite being deleted
If so where does the live system store the deleted files (trash bin )

A live system runs in RAM and doesn’t persistently store data on any hard drive except if the user mounted a disk as read/write.

Mounted through debian live system file manager .
There is no option to mount disk as read only
I will test it again
Read only will never let move or copy file from mounted partition to desktop of live systemas i did.
I think its read write .

It is read-write but writes are happening in RAM only. This technique is called COW (copy on write).

Storage space will be limited to available RAM. To verify this, just create a file using dd. Then check the remaining free space using some tool such as df -h. Then create a bigger file yet again with dd. Check free space yet again etc.

Physically read-only media (DVD-R) (not DVD-RW) will have the same behavior. You can create files in the home folder. These are in RAM. Lost after reboot. Because I guess in case of physical read-only mode you believe it’s really read-only.

(In case of sophisticated malware seeking persistence, there might be complicated ways to keep writing to the DVD, but it’s not documented being the case, not implemented in a normal live boot medium.)

Another option is to hash the live boot device. Elaborated here:
Anti-forensic Claims

So do you mean the file will be there unencrypted after format ssd.
Coud you give full command to test free space.

I didn’t say that.

Self Support First Policy for Whonix applies.

did you mean mount as read write inside live mode? when possible

  1. boot a system
  • It doesn’t matter if it is a live system.
  • It doesn’t matter if an internal disk.
  • It doesn’t matter if an external disk.
  • It’s all the same.
  1. mount a disk

For example, when booting a live ISO from external USB, the user could mount the internal hard drive as read-only to make persistence changes. (For example for purpose of system administration.)


Can a live ISO be booted from USB, then re-mount the USB as persistently read-write? Possibly if there is free space on the USB. The user could add new partition and store data there. This is not trivial, not something happening by accident.


Can the live ISO itself be mounted as persistently read-write? This would be very difficult for users. Impossible to happen by accident. An ISO is a read-only filesystem (writes are temporary in RAM (cow)).

Not because of this forum thread but for general Kicksecure ISO development purposes, I looked for ways to mount it as persistently read-write and failed to find ways. It would simplify, speed up development if standard tools can be used to keep modifying the ISO without having to use the very complicated mkisofs command / build scripts all the time. I cannot just edit a file on the ISO. The ISO needs to be re-created from scratch every time. This is time consuming. I am not a fan of the ISO format for this reason and was looking for alternatives. (Image Formats Development Considerations)

Is it theoretically possible to mount an ISO persistently read-write? Yes. There are tools such as growisofs to add additional files to an ISO. But growisofs requires command line use and cannot mount as disk. Not something happening by mistake.

Would it be possible add persistent read-write support for ISO file system so it can be mounted? I guess so. You would need to find a programmer able and willing to add write support to Linux’s ISO filesystem support. I guestimate the costs would be several 10000’s up to a few 100000’s of USD.

alright

After test it seems Debian live mounts encrypted partition as read write by default.
properties of decrypted partition = root owner, access= read write =greyed out but wont let me make any change or save on files . only copy allowed.
Copied a file to desktop panel =properties of text file = access read write not greyed out .

So can the file remain anywhere unencrypted on ssd even after format?

If you are too paranoid then a Golden (non-software based) advice would be: Don’t throw your storage hard drive into the trash (mobile, flash, internal/external hard drive, etc.); rather, either burn/melt it, dissolve it with strong acid, grind it, or at least bury it.

1 Like

Permissions don’t say much. Even folders on ISO appear to have write access but it’s an illusion because the underlying mount point is in RAM.

yes

Advice for Solid-state Drives and USB Storage

1 Like

In the case of flash-based storage like solid-state drives (SSDs) and USBs, the only way to protect data is to never store it unencrypted in the first place!

Again it was not possible to edit or save files in mounted partition. Hence read-only.

My file never stored unencrypted on ssd except access it in live system .

If live system is non persistent why shoud a file remain unencrypted .

How securely would you mount it without leaks.

Mount read-only.

1 Like

Windows live USB + open encrypted partition in GUI file manager = internal ssd mounted it as read only or read write?

Note: internal SSD was full disk encrypted

I would guess read-write.

This isn’t a Windows support forum.

1 Like