I can tell what I see in the field for boobytraps on a semi-regular basis. They are not that sophisticated but the bad guys think they work. A lot of the German hacker types create a boot disk that they leave in their floppy drive at all times. This disk has a program on it that blows the partition away when they reboot. Not too sexy but for a non-forensics person the data is gone. I took a statement from one software pirate that this was the standard practice for their entire group. They all had these "special" disks. What they did is when the Police knock and announce they either turn the computer on or reboot it to activate the trap. >From a LE side this goes a long way toward intent and we can even toss on obstruction of justice and destruction of evidence. In the end we still get all the data back but this is the most common approach I have seen. Steven Wood MCSE, MCSD Senior Computer Forensics Investigator ALSTE Technologies GmbH, Germany --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.298 / Virus Database: 161 - Release Date: 11/13/2001 ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 03:27:14 PST