[Dataloss] Stolen Boeing laptop is recovered
Pascal Charest
pascal.charest at gmail.com
Sat Jan 27 08:03:09 EST 2007
I can't remember if Symantec Ghost access the drive as read-only, preserving
the last access time, but doing a copy that does is quite trivial to do.
Take the hard-drive out, connect it through a read-only interface and copy
everything. Such interfaces are easy to find - any law enforcement
departement will have a couple of them since they must use them to gather
data from "evidence hard drive". Contacting their provider, or even building
your own...
I guess that the "third-party computer-security consultant" wrote something
in the order of "the last-access time was not changed by the thief
activities" in the report and it was interpreted as "not accessed".
As a thief, this would be one of the easiest way to "gather data" without
having it changed / repported by the corporation.
On 1/26/07, Max Hozven <mhozven at tealeaf.com> wrote:
>
> Question:
> If the laptop was booted with a Symantec "Ghost" floppy, then imaged to
> a Ghost server, woudn't this
> be undetectible, as no change of any type would be made to the laptop's
> hard disk?
>
> -Max
>
> -----Original Message-----
> From: dataloss-bounces at attrition.org
> [mailto:dataloss-bounces at attrition.org] On Behalf Of Dissent
> Sent: Friday, January 26, 2007 1:45 AM
> To: dataloss at attrition.org
> Subject: [Dataloss] Stolen Boeing laptop is recovered
>
> http://seattletimes.nwsource.com/html/businesstechnology/2003541873_bizb
> riefs26.html
>
> A stolen Boeing laptop containing personal information on 382,000
> workers and retirees has been recovered.
>
> In an e-mail to employees, Senior Vice President Rick Stephens said
> Boeing and a third-party computer-security consultant had confirmed that
> the files with personally identifiable information were not accessed
> after the theft.
>
> [...]
>
> --
> Privacy-related news and resources: http://www.pogowasright.org Privacy
> news headlines feed:
> http://www.pogowasright.org/backend/pogowasright.rss
>
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss Tracking more than 145 million compromised
> records in 547 incidents over 7 years.
>
>
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 145 million compromised records in 547 incidents over 7
> years.
>
>
>
--
Pascal Charest, OpenSource Consultant.
http://blog.pacharest.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20070127/f8e66b78/attachment.html
More information about the Dataloss
mailing list