>Yes I can lock down a windows machine to be safe even if I lose physical access.
I don’t know enough about to computers, so this may be a really stupid question, or the answer might be so long/technical that it isn’t feasible.
But can you post a list of actions to take to do this (and things to not do to lose access), in such a way that somebody moderately tech savvy could use your answers and google to find the relevant tools to do it themselves, starting with the purchase of a sterile machine?
Did you ever think about writing a how-to manual?
Just use whole drive encryption. Windows comes with bitlocker so you can just turn that feature on. But there are 3rd party ones as well. I’m sure Macs have it too—I’m just not familiar with them.
http://technet.microsoft.com/en-us/library/dd835565(v=WS.10).aspx
There is one “flaw” to bitlocker though. If the computer is left on or hibernated the security key can be obtained. It will take a sophisticated physical attack but it’s still a threat. Especially when dealing with the gov’t. If the machine is off then it’s secure.
http://www.ghacks.net/2012/03/15/will-bitlockers-security-flaw-remain-in-windows-8/