A Handy Trick

Discussion in 'Computer Security' started by nemo_outis, Dec 29, 2008.

  1. nemo_outis

    nemo_outis Guest

    The following handy trick is useful for anyone who does not have
    bombproof continuous control and custody of his computer. It is
    extremely easy to do and will protect you against all but top-level TLAs.
    In fact, like any good magician's trick it will be "obvious" - but only
    after it has been explained :)

    Many of us have only intermittent control and custody of "our" computer
    at work or even at home (e.g., we leave for work or school with the
    computer protected only by the low-grade lock on our front door). The
    next best thing to preventing unauthorized access to our computer is
    tamper indication that it has been messed with. Forewarned is forearmed.
    Here's how to achieve it:

    Every modern hard drive today supports SMART reporting (maximum disk
    temperatures, seek errors, etc.). But the most useful parameters are
    these: start/stop count, drive power cycle count, power-on time count.
    There are any number of utilities out there which will report this
    information for your HDs.

    To protect yourself, record these values just before ending a session,
    and compare them with the values at the start of your next session (you
    can automate this with scripts, etc.). If the drive power cycles are up
    by more than 1, someone has fired up your machine in your absence. If
    the power-on hours are up by a large amount someone has had an extended
    session, possibly including making an image of your drive.

    Note that while all standard forensic acquisition tools (Encase, etc.)
    try to "preserve state" by not writing to a drive, none can prevent these
    automatic SMART writes! The SMART info is written to a portion of the
    disk not accessible to ordinary users - drive-specific manufacturer
    commands are needed to write it. Only TLAs are likely to be aware of this
    trick and have the resources to manipulate the SMART data to thwart it.
    (Incidentally, SMART does have a "disable" command but almost no drives
    obey it!)

    It's not a complete or foolproof solution, of course, but it is a handy
    tool to add to your security/privacy toolbox.

    Regards,
    nemo_outis, Dec 29, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Molecule

    W32.HLLP.Handy

    Molecule, Oct 16, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    532
    °Mike°
    Oct 16, 2003
  2. jeff
    Replies:
    4
    Views:
    1,256
  3. ~ Darrell ~

    Lost! handy webpage

    ~ Darrell ~, Apr 10, 2004, in forum: Digital Photography
    Replies:
    2
    Views:
    314
    ~ Darrell ~
    Apr 11, 2004
  4. nemo_outis

    Re: A Handy Trick

    nemo_outis, Dec 30, 2008, in forum: Computer Security
    Replies:
    0
    Views:
    471
    nemo_outis
    Dec 30, 2008
  5. aracARI

    Re: A Handy Trick

    aracARI, Dec 30, 2008, in forum: Computer Security
    Replies:
    9
    Views:
    507
    Ari®
    Dec 31, 2008
Loading...

Share This Page