Whonix ®

Download

Windows Linux Mac VirtualBox KVM Qubes USB ISO (coming soon) More options Source Code

About

Overview Features Whonix vs VPNs Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Forensics Categories[edit]

There are potentially two major categories of forensic evidence that an operating system (OS) (such as for example Whonix) was used that might be available to adversaries under specific conditions. This is a general computer security topic and unspecific to Whonix.

• A) evidence that the OS was downloaded (and installed or written to USB / DVD), and ^[1]
• B) data persistence or amnesia of activities during use of the OS.

This is related to Protection against Physical Attacks .

Data Accessibility[edit]

This is unspecific to Whonix.

• Local attacks: An adversary with physical access to the user's storage device could read that data unless the user is using Full Disk Encryption .
• Remote attacks: If a virtual machine (VM) or host operating system is compromised by Malware , then an adversary that succeeded in infecting the user's computer with malware can steal this data.

Data Persistence vs Live Mode[edit]

Data persistence of activities during a Whonix session.

Depending on choice of boot mode of the user, either:

• A) Booting into persistent mode: This is what 99% of computer users do every day. The supermajority of internet users is unaware of the concepts of "persistent mode" or "live mode". Data persistence works normally as most users expect. Data created by the user or operating system during a session of Whonix persists. This means it is still available after reboot. The advantage is that this works for many use case examples such as saving browser bookmarks, notes, documents, downloaded files and so forth. The downside is that this information might be available to adversaries under specific conditions
• B) Using Host Live Mode : When booting into host live mode and then using Whonix, no data will persist. For example, bookmarks created during live mode or any files created or downloaded will be gone after reboot.

Tails versus Whonix Live Mode Comparison[edit]

• Whonix boots into persistent mode by default. This comes with various advantages such as persistent Tor Entry Guards, vanguards, easy standard ("everyday") upgrades to allow the users to always have the latest security patches and compatibility with full disk encryption. Users can optionally use live mode by using Host Live Mode . It is easier to hide that Whonix was used from adversaries with physical access through use of full disk encryption on the host operating system.
• Tails: boots into non-persistent (live mode) by default, which has the advantage of better usability for users who do not wish to persist data and an optional selective encrypted persistence feature. A Tails DVD or USB installation examined by an adversary with local access can always trivially determine that Tails is on the DVD / USB. ^[2]

See also Anonymity Operating System Comparison - Whonix vs Tails vs Tor Browser Bundle.

See Also[edit]

• Installation of Whonix on USB
• Protection against Physical Attacks
• Full Disk Encryption
• System Hardening Checklist

Footnotes[edit]

Whonix The most watertight privacy operating system in the world.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Whonix is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Whonix we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!