BreachExchange mailing list archives
Re: TN: Election Commission laptop harddrive found
From: "Max Hozven" <mhozven () tealeaf com>
Date: Fri, 18 Jan 2008 10:17:24 -0800
I think that if you are tricky enough, you could maybe do this: 1. Boot laptop off of a Ghost CD and create a Ghost image of the drive. 2. Use Ghost Explorer to overwrite a file you want to change in the Ghost image file. Make sure the file date/time on the file you create is the same as the one you overwrite to cover your tracks. Keep the file size the same if you want to get really sneaky. 3. Boot the laptop off of the Ghost CD again. Do a Ghost restore of the updated image you just created. 4. The resulting laptop will boot up with the hard disk appearing unchanged, as it has never booted to it's native OS, the changes having been done via Ghost. There's other disk imaging software packages besides Ghost that could probably do similar things as well. My opinion is that once a computer/drive gets out of your hands, there's really no 100% way to know if anything was changed unless you have an image of the drive before it left and you individually "checksum" each file to look for changes. -Max (Note: Opinions expressed are solely my own and not that of my company.) -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Chris Walsh Sent: Friday, January 18, 2008 9:38 AM To: lyger Cc: dataloss () attrition org Subject: Re: [Dataloss] TN: Election Commission laptop harddrive found On Fri, Jan 18, 2008 at 02:54:50PM +0000, lyger wrote:
Computer experts have begun the process of examining the files and data components to determine if they have been accessed or tampered with, according to police.
Luckily, it is impossible to modify bits on a hard drive without leaving evidence of your misdeed. Surprisingly, Tripwire and similar products manage to make quite a bit of money despite this feature of computer architecture which is seemingly known by even the least-experienced newspaper writer. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- TN: Election Commission laptop harddrive found lyger (Jan 18)
- Re: TN: Election Commission laptop harddrive found Chris Walsh (Jan 18)
- Re: TN: Election Commission laptop harddrive found Tracy Blackmore (Jan 18)
- Re: TN: Election Commission laptop harddrive found Max Hozven (Jan 18)
- Re: TN: Election Commission laptop harddrive found Daniel Clemens (Jan 18)
- Re: TN: Election Commission laptop harddrive found David C. Smith (Jan 18)
- Re: TN: Election Commission laptop harddrive found Chris Walsh (Jan 18)
- Re: TN: Election Commission laptop harddrive found James Childers (Jan 18)
- Re: TN: Election Commission laptop harddrive found Chris Walsh (Jan 18)