[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ProgSoc] A hypothetical



My understanding is that the AFP can't afford any forensic tools for OSX, so
if you hid your stuff well, there shouldn't be any problem. As for what they
may have put on your drive, I haven't heard of them developing any Trojans
for OSX, but that's not to say they haven't done it. 

As mentioned before, I'd back up, format, and reinstall. 

-----Original Message-----
From: owner-progsoc@xxxxxxxxxxxxxxxxxx
[mailto:owner-progsoc@xxxxxxxxxxxxxxxxxx] On Behalf Of alister
Sent: Friday, October 08, 2004 12:44 PM
To: Matthew Beauregard
Cc: progsoc@xxxxxxxxxxxxxxxxxx
Subject: Re: [ProgSoc] A hypothetical

Matthew Beauregard wrote:
> Let's imagine that you have a Powerbook that's just come back from law 
> enforcement, and you don't know what happened to it while it was away.
> It could be anything from sitting on a shelf for three months while
> the batteries slowly flattened, to being picked over by Real Spooks.
> What would you do, to get clues about what was done, and avoid any
> surprises that may have been installed?

I'd be making a copy of the disk (as exact a copy as possible) and then 
reformatting the thing and reinstalling the OS.  Or if you're truely 
paranoid (and if the Feds lifted your Powerbook, maybe you should be) 
buy a new hard drive.

As for what they did?  That's going to be a little harder... it all 
depends on how ept they are.  My opinion on the eptitude of da law isn't 
great, so they probably left bootprints all over the datestamps of the 
files they opened, and then installed a keylogger that's running on the 
desktop called Keylogger.app and starts from the Startup folder.

A.



-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@xxxxxxxxxxxxxxxxxxx
If you are having trouble, ask owner-progsoc@xxxxxxxxxxxxxxxxxx for help.

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.773 / Virus Database: 520 - Release Date: 10/5/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.773 / Virus Database: 520 - Release Date: 10/5/2004
 


-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@xxxxxxxxxxxxxxxxxxx
If you are having trouble, ask owner-progsoc@xxxxxxxxxxxxxxxxxx for help.