RE: boobytraps

From: Ron Yount (ronyat_private)
Date: Thu Nov 29 2001 - 16:51:46 PST

Next message: Steven Wood: "RE: boobytraps"

Previous message: Seth Arnold: "Re: boobytraps"
Maybe in reply to: Darren Welch: "boobytraps"
Next in thread: Ramsey, Shafer (EASD, IT): "RE: boobytraps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Darren and everyone,

Ram Disk are an excellent example of data boobytraps,  pull the plug and the
data is gone.
I have seen chassis alarms on IBM computers, which change a register in the
CMOS/NVRAM to flash a message that the case has been opened. resetting the
message was not an easy task. 
I have seen micro switches in Unisys A series minicomputers. These were in
the ventilation ducts.  The switches were held in the normally open position
by airflow if the airflow dropped beyond a certain pressure (fan died, or
duct blocked) the switch would close setting off an audible alarm and LED
warning which portion of the computer was having problems.  

Ron

-----Original Message-----
From: Darren Welch [mailto:WELCHDat_private]
Sent: Thursday, November 29, 2001 8:00 AM
To: forensicsat_private
Subject: boobytraps


Hi Everyone,

I want to set up a pc in my lab that has boobytraps and/ or logic bombs set
(for boot or shut down). The intent is to design several traps that an
investigator may encounter when making an acquisition in the field. The
purpose is to recreate practical scenarios so that examiners have had face
time with one of these types of traps, will recognize it working, and will
follow proper procedure in order to preserve evidence. Does anyone know of
canned scripts or software that can be install that will set up the above
environment and/or written procedures for handling logic bombs aside from
pulling the plug? Appreciate the help. 

Darren Welch
Manager, Information Security
Technical Applications
150 N. Radnor-Chester Road
St. David's, PA 19087
610-902-2676
welchdat_private


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Steven Wood: "RE: boobytraps"
Previous message: Seth Arnold: "Re: boobytraps"
Maybe in reply to: Darren Welch: "boobytraps"
Next in thread: Ramsey, Shafer (EASD, IT): "RE: boobytraps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 03:25:33 PST