{{Header}}
{{#seo:
|description=Tails versus {{project_name_short}}] Live Mode Comparison
}}
{{title|title=
Data Persistence vs Live Mode
}}
= Forensics Categories =
There are potentially two major categories of forensic evidence that an {{os}} (such as for example {{project_name_long}}) was used that might be available to adversaries under [[#Data Accessibility|specific conditions]]. This is a general computer security topic and [[unspecific|unspecific to {{project_name_long}}]].

* '''A)''' evidence that the OS was downloaded (and installed or written to USB / DVD), <u>and</u> <ref>
* the downloaded image on the host operating system
* the history of the program used to write the ISO to USB
* other traces on the host operating system used to such as file manage history and whatnot. For inspiration what that likely would be, see: https://research.torproject.org/techreports/tbb-forensic-analysis-2013-06-28.pdf
</ref>
* '''B)''' data persistence or amnesia of activities during use of the OS.

This is related to {{kicksecure_wiki
|wikipage=Protection_Against_Physical_Attacks
|text=Protection against Physical Attacks
}}.

= Data Accessibility =
This is [[unspecific|unspecific to {{project_name_short}}]].

* <u>Local attacks:</u> An adversary with physical access to the user's storage device could read that data unless the user is using {{kicksecure_wiki
|wikipage=Full_Disk_Encryption
|text=Full Disk Encryption
}}.
* <u>Remote attacks:</u> If a {{VM}} or host operating system is compromised by {{kicksecure_wiki
|wikipage=Malware_and_Firmware_Trojans
|text=Malware
}}, then an adversary that succeeded in infecting the user's computer with malware can steal this data.

= Data Persistence vs Live Mode =
Data persistence of activities during a {{project_name_short}} session.

Depending on choice of boot mode of the user, either:

* '''A)''' <u>Booting into persistent mode:</u> This is what 99% of computer users do every day. The supermajority of internet users is unaware of the concepts of "persistent mode" or "live mode". Data persistence works normally as most users expect. Data created by the user or operating system during a session of {{project_name_short}} persists. This means it is still available after reboot. The advantage is that this works for many use case examples such as saving browser bookmarks, notes, documents, downloaded files and so forth. The downside is that this information might be available to adversaries under [[#Data Accessibility|specific conditions]]
* '''B)''' <u>Using {{kicksecure_wiki
|wikipage=Host_Live_Mode
|text=Host Live Mode
}}:</u> When booting into host live mode and then using {{project_name_short}}, no data will persist. For example, bookmarks created during live mode or any files created or downloaded will be gone after reboot.

= Tails versus {{project_name_short}} Live Mode Comparison =
* {{project_name_short}} boots into persistent mode by default. This comes with various advantages such as persistent [[Tor Entry Guards]], [[vanguards]], easy standard ("everyday") upgrades to allow the users to always have the latest security patches and compatibility with full disk encryption. Users can optionally use live mode by using {{kicksecure_wiki
|wikipage=Host_Live_Mode
|text=Host Live Mode
}}. It is easier to hide that {{project_name_short}} was used from adversaries with physical access through use of full disk encryption on the host operating system.
* Tails: boots into non-persistent (live mode) by default, which has the advantage of better usability for users who do not wish to persist data and an optional selective encrypted persistence feature. A Tails DVD or USB installation examined by an adversary with local access can always trivially determine that Tails is on the DVD / USB. <ref>
While user data in Tails optional selective encrypted persistence feature is encrypted, the boot and system partition is unencrypted. That does not leak user data but that leaks the fact that the user is a Tails user and Tails version to an adversary with physical access.
</ref>

See also [[Comparison_with_Others|Anonymity Operating System Comparison - {{project_name_short}} vs Tails vs Tor Browser Bundle]].

= See Also =
* [[USB Installation|Installation of {{project_name_short}} on USB]]
* {{kicksecure_wiki
|wikipage=Protection_Against_Physical_Attacks
|text=Protection against Physical Attacks
}}
* {{kicksecure_wiki
|wikipage=Full_Disk_Encryption
|text=Full Disk Encryption
}}
* [[System Hardening Checklist]]

= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Development]]