|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dataloss] (article) "We recovered the laptop!" ... so what?
From: Al Mac (macwheel99
sigecom.net)
Date: Mon Feb 12 2007 - 09:31:24 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Other operating systems have parallel concerns.
i work with midrange systems that track the last date time stamp that stuff
got backed up, but the system date can be changed.
So we look at the data ... see that the last backup was Feb-9, onto a tape
whose volume-id was IBM123, change the system date to Feb-9, make a tpe
with volume-id of IBM123 and do another backup. The data says the last
backup was Feb-9 on volume-id IBM123, which is the same thing it said
before, but now we have an extra copy of all the data. However, someone
who knows where to look can find the log of the time stamp being altered.
>Hi everyone
>
>This thead is very interesting. All techniques so far deal with reading
>data at a low level. Will Windows Vista prevent techniques such as
>Symantec Ghost? I understand that Vista performs bit-level encryption with
>its BitLocker technology.
>
>Thanks.
>
>Herve Roggero
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tracking more than 146 million compromised records in 570 incidents over 7 years.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]