lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri Jun 30 15:49:34 2006
From: nightfire at zero-fragger.de (Michael Braun)
Subject: FBI Says Data on VA Laptop Not Accessed

Cardoso schrieb:
> I don't think they can detect some highly advanced techniques like using
> Partition Magic to mirror the disk..
>
>
>   
As long as they didn't know the exact amount of hours the hdd was 
running before it got stolen, i don't see any way to determine if the 
data was copied away by some sector-by-sector copy-tool like Ghost or 
True Image. Afaik you can see very clearly how many hours a drive has 
run yet. If that data was the same as before the laptop was stolen, then 
the disk didn't run. If the data differs, the drive did run.
I am not sure if one could alter that data.
On the other hand... i don't think that anyone knows that data all the 
time, so they couldn't have known the running-time of the disk, unless 
they knew the hdd was about to be stolen.

(pardon my bad english)

Michael

Powered by blists - more mailing lists