BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (article) "We recovered the laptop!" ... so what?

From: Al Mac <macwheel99 () sigecom net>
Date: Mon, 12 Feb 2007 09:31:24 -0600
Other operating systems have parallel concerns.
i work with midrange systems that track the last date time stamp that stuff 
got backed up, but the system date can be changed.

So we look at the data ... see that the last backup was Feb-9, onto a tape 
whose volume-id was IBM123, change the system date to Feb-9, make a tpe 
with volume-id of IBM123 and do another backup.  The data says the last 
backup was Feb-9 on volume-id IBM123, which is the same thing it said 
before, but now we have an extra copy of all the data.  However, someone 
who knows where to look can find the log of the time stamp being altered.


Hi everyone

This thead is very interesting. All techniques so far deal with reading 
data at a low level. Will Windows Vista prevent techniques such as 
Symantec Ghost? I understand that Vista performs bit-level encryption with 
its BitLocker technology.

Thanks.

Herve Roggero



_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 146 million compromised records in 570 incidents over 7 years.
Previous By Date Next
Previous By Thread Next

Current thread: