"1: Roll back the BIOS date"

None of your steps will change the timestamp on your files, regardless of whether they are moved to another partition or drive.
If you are that paranoid about a police raid, you might not want to own a computer.

"BTW, Of the last three computers I have had, one had a flash BIOS and two battery BIOS."

You still need a battery to maintain the clock.
It doesn't matter whether the chip is flashable or not.

Rolling back the BIOS date is to change the timestamp on the NEW files you make, the new filesystem you create, and on any recoverable dates from setting up the encrypted partition.

Of course,when you SHRED a file(hard overwrite with gpg), you destroy all of it-timestamp included. The new version may have a new timestamp(matching whatever you have reset the clock to), but since it is going in an encrypted partition it will be unreadable by the pigs.

As of now, I keep ALL my stuff in encrypted partitions-no timestamps, no filenames-NOTHING available to whatever thief tries for that machine. The machine the Enemy took contained a 10GB encrypted partition with all the "important" stuff copied to it and the originals shredded.

Some pig is no doubt having a lot of fun trying to break that encrypted partition on my previous machine! While they might be able to see massive holes in the old filesystem where stuff was deleted, that tells them little except that photographing my home telegraphed the raid and caused a massive encrypt-fest.

You are right about one thing: If the shredfest and encryptfest had been in response to a subpeona, it would have been necessary to totally hard-overwrite ALL of the old filesystem (to destoy ALL timestamps) and do it with the clock rolled back. For a raid warning, I could care less about them knowing their stupidity cost them access to 10 GB of files.

Of course, if you intend to defy a subpeona, you need only destroy all cleartext copies of the involved material and not worry about covering your tracks!

Holy shit, that's the worst instruction set I can imagine.

You very clearly don't know that much about how the shit you use actually works. I'm betting you use some "free"ware "AES-4096" windows app to encrypt, don't you?

Lets go through this.

For one, the battery has nothing to do with the bios chip type. You can either have a BIOS that's in flash or burned into ROM. Also, shred isn't a "hard overwrite", it's a program that overwrites the file repeatedly to ostensibly delete it.

Of course, shred does nothing on journaling filesystems (most filesystems out there, kids) and it's a weak tool to begin with. You can still recover shredded data. The only way to actually destroy magnetic data is via a 32-step procedure. The secure-delete package does this.

You're clearly new to this whole "having a secure setup", Luke, but at least you're doing it now. How many other activists will get busted because they want to play Halo on their Windows boxen and think that shit like this is for geeks?

Everyone who so much as has a dissenting thought should be using full-disk crypto. But that crypto does NOTHING if your OS is backdoored, like Windows or OS X. Use ONLY FREE SOFTWARE (free as in free speech) if you want to have any chance at all.

It's good to have several of us debating how to best protect computers-as this allows everyone to refine their techniques. Computer security works-the US is whining about being unable to penetrate Al-Qaeda's coputers and networks, while China's hackers penetrate UAS government facilities with ease.

Anyway, here's a rule we all seem to agree on-Rule #1: DO NOT USE WINDOWS-AT ALL!

About the BIOS-in the newest machine I have had, the BIOS retained everything and I did not see a battery on the board in casual inspection. It had an interface quite different than the pre-2000 BIOS interfaces I am mnost familiar with. The BIOS on most Pentium3, Athlon, and on the very first Pentium 4/AMD equivalent machines looks much like the BIOS setup screen on an old 486.

In any computer the clock can be re-set, BIOS battery or not. The advantage of a battery pull(for dealing with a subpeona) is this: On a machine old enough for this to reset the clock, it has plausable deniability. Of course, so does a totally replaced hard drive(now recommended for subpeona cases in light of your reports) installed while the clock is set back. Hard drives crash, and batteries die.

Files you want to save can be transferred by CD to the new encrypted partitions-of by mounting both disks, though i do not know for sure if that would write anything from the old disk to the new.

Question: How would one go about recovering overwritten data in FLASH memory? On analog tape or magnetic disk there are leftovers-how about in flash?

Here's what I have been told about journaling filesystems in linux: A journaling filesystem like ext3 saves filenames,types, etc-but NOT the actual data contained within. Of course, when you format that encrypted filesystem you can use any of a variety of filesystems.

An encrypted journal within such a filesystem sould be unrecoverable. In whole-disk or whole-partition encryption(the kind I put in the day after I caught the pigs photographing the home), you cannot even mount the disk(or partition) without the key. ALL normal disk functions pass through the encryption scheme, which is transparent while in use. You cannot, however, even use fsck to check the disk against a journal while not opened with the key(I've tested that)!

GPG shred overwrites a file 24 times in a row. A journal can show the file existed and what kind it was, but does NOT even give you the file itself. If it did, you would not have to back up your data in normal use! Fsck utilities can often patch a damaged file, possibly by working out which bits must have been corrupted, but when ALL bits are bad, that's another story.

Of course, recovering overwritten data on disk, like recovering recorded-over material on magnetic tape, is a laboratory job. You cannot do this with a disk image or by putting a disk in a computer-it takes specialized equipment to do this.

That means limited time as labs become backed up. look at backlogs in DNA and crime labs. If the lab is backed up, your hard drive full of HLS stuff and Gitmo protests just may have to wait in an FBI facility behind all that supposed Bin you know who stuff, and maybe by the time they recover anything the statute of limitations to file non-jury demandable misdemeanor charges has expired.

Of course, if your disk is thought to be full of "elvish" stuff if might go to the lab AHEAD of the OBL stuff-and then you really need to make your files on encrypted space from the start, doing any really secure work on a machine that never, ever goes on line. This way keyloggers don't get a shot at passwords!

Here's how it works: Suppose you are making an audio file where chest-thumping Elvish warriors are claiming credit for the destruction of a logging company's equipment warehouse.

You need full-disk encryption, you need Linux, and you need to boot with swap space disabled or use an encrypted swap partition. Move Audacity's temp directory to the encrypted partition if your home directory is not on encrypted space!

Now, everything Audacity does is encrypted as it goes, and if the enemy gets the disk they cannot recover the file and prove its source.

Actually, there's another option for that sort of work:

1: buy a #60 160GB disk(the smallest and cheapest usually sold new)

2: remove the disk from a computer able to do your work and set it aside.

3: install the new disk, and install your favorite linux distro and necessary software.

4:Take the machine off-line if you downloaded your Linux programs.

5: prepare your "hot" files and save them to a CD

6: REMOVE that hard drive, open it up, work a magnet over its surface to (mostly) erase data)

7: TRASH the parts of this drive after wiping off fingerprints-in adumpster somewhere

8: publish from a a no-ID public computer. Watch form cameras, and wipe your prints. Out of sight of the palce you published form, break the CD, wipe your prints, and trash it.

To all the cops on this board: How would you investigate this case, where the hard drive is physically GONE, the files came from a CD, and entered the 'net from a public access point not demanding ID and not using security cameras over particular computers.

Lastly, there is of course the option of adding WORMS to hard drives, even flash drives, that respond to unauthorized access by attacking the machines used by the cops?