BreachExchange mailing list archives
Re: Stolen Boeing laptop is recovered
From: "Pascal Charest" <pascal.charest () gmail com>
Date: Sat, 27 Jan 2007 08:03:09 -0500
I can't remember if Symantec Ghost access the drive as read-only, preserving the last access time, but doing a copy that does is quite trivial to do. Take the hard-drive out, connect it through a read-only interface and copy everything. Such interfaces are easy to find - any law enforcement departement will have a couple of them since they must use them to gather data from "evidence hard drive". Contacting their provider, or even building your own... I guess that the "third-party computer-security consultant" wrote something in the order of "the last-access time was not changed by the thief activities" in the report and it was interpreted as "not accessed". As a thief, this would be one of the easiest way to "gather data" without having it changed / repported by the corporation. On 1/26/07, Max Hozven <mhozven () tealeaf com> wrote:
Question: If the laptop was booted with a Symantec "Ghost" floppy, then imaged to a Ghost server, woudn't this be undetectible, as no change of any type would be made to the laptop's hard disk? -Max -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Dissent Sent: Friday, January 26, 2007 1:45 AM To: dataloss () attrition org Subject: [Dataloss] Stolen Boeing laptop is recovered http://seattletimes.nwsource.com/html/businesstechnology/2003541873_bizb riefs26.html A stolen Boeing laptop containing personal information on 382,000 workers and retirees has been recovered. In an e-mail to employees, Senior Vice President Rick Stephens said Boeing and a third-party computer-security consultant had confirmed that the files with personally identifiable information were not accessed after the theft. [...] -- Privacy-related news and resources: http://www.pogowasright.org Privacy news headlines feed: http://www.pogowasright.org/backend/pogowasright.rss _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 145 million compromised records in 547 incidents over 7 years. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 145 million compromised records in 547 incidents over 7 years.
-- Pascal Charest, OpenSource Consultant. http://blog.pacharest.com
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 146 million compromised records in 550 incidents over 7 years.
Current thread:
- Stolen Boeing laptop is recovered Dissent (Jan 26)
- <Possible follow-ups>
- Re: Stolen Boeing laptop is recovered Max Hozven (Jan 26)
- Re: Stolen Boeing laptop is recovered Pascal Charest (Jan 27)
- Re: Stolen Boeing laptop is recovered Roy M. Silvernail (Jan 27)
- Message not available
- Re: Stolen Boeing laptop is recovered blitz (Jan 27)
- Re: Stolen Boeing laptop is recovered B.K. DeLong (Jan 29)
- Message not available
- Re: Stolen Boeing laptop is recovered blitz (Jan 29)
- Re: Stolen Boeing laptop is recovered Pascal Charest (Jan 27)