Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Copy of data without authorization


  • Please log in to reply
15 replies to this topic

#1 Clade

Clade

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 14 August 2017 - 10:41 AM

Sorry for my english. . .!
 
Most of the time, we pass on our equipment for repairing hardware in stores that specialize in notebook repair.
 
There are reliable ways to know if data has been copied from these devices to external hdd,servers. .. by other people?
 
thanks!


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:24 AM

Posted 14 August 2017 - 10:57 AM

No...there is no way to determine if data was copied from a drive submitted to someone outside your control.

 

Louis



#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 AM

Posted 15 August 2017 - 10:14 AM

What operating system is on these laptops?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 Clade

Clade
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 15 August 2017 - 09:04 PM

What operating system is on these laptops?

 

Windows 10 64 Bit,  Single Language.

 

In Windows 10 Pro, there is Bitlocker, but not in Single Language.
 
Here in Brazil there is a popular saying: "After the cow went to the swamp ..."
 
I should have used third-party software to encrypt drives of interest.


#5 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:06:24 PM

Posted 15 August 2017 - 09:56 PM

Audit object access (Windows 10). https://technet.microsoft.com/en-us/library/cc976403.aspx and https://docs.microsoft.com/en-us/windows/device-security/auditing/basic-audit-object-access

audit-group-policy4.jpg

This https://docs.microsoft.com/en-gb/sysinternals/downloads/procmon or this https://www.staffcop.com/features/files.php


 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#6 Clade

Clade
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 16 August 2017 - 08:34 AM

 

Correct me if I'm wrong, but these options must be installed prior to the possible fact, that is, of copying files without authorization. .



#7 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:06:24 PM

Posted 16 August 2017 - 06:09 PM

Correct me if I'm wrong, but these options must be installed prior to the possible fact, that is, of copying files without authorization. .


Correct! As hamluis

No...there is no way to determine if data was copied from a drive submitted to someone outside your control.
Louis


The only long shot, is IF your ISP has data retention/URL logging laws (https://en.wikipedia.org/wiki/Telecommunications_data_retention) as some nations do.
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 AM

Posted 17 August 2017 - 01:49 PM

The access timestamp of files could have given you an indication, but on Windows 10 by default, this timestamp is not updated for reads.

 

More info: http://forensicswiki.org/wiki/MAC_times


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 Clade

Clade
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 18 August 2017 - 07:13 PM

Any suggestions on using third-party free software in drive encryption.. . .



#10 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:06:24 PM

Posted 18 August 2017 - 07:59 PM

Any suggestions on using third-party free software in drive encryption.. . .

 

Look here https://www.bleepingcomputer.com/forums/f/231/encryption-methods-and-programs/


 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#11 Clade

Clade
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 20 September 2017 - 11:46 AM

I found this software, which I believe can give you a better idea of access, without permission.
 
Too bad I could not get back to the date of the possible event, but depending on usage after a possible event, this software might help. Well better than nothing!
 
lastactivityview


#12 RolandJS

RolandJS

  • Members
  • 4,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:01:24 AM

Posted 20 September 2017 - 11:56 AM

Clade, from what I've seen across the computer repair counters that have been vetted and have been in business for some time, there is simply way too much hardware and/or software work to do to think about and actually copy down data from a customer's hard-drive.  Your concern is certainly normal and valid, so follow the previous posters' advice about data encryption.  (In-house English teacher, help me rewrite the first sentence, it could use some improvement.)

 

Later, Britechguy, post #14, typed an excellent essay on when a shop does a clone or a backup of the OS partition or of the whole hard-drive solely for the purpose of preserving and later restoring said OS and Data, if the situation warrants such.


Edited by RolandJS, 20 September 2017 - 01:32 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#13 Clade

Clade
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 20 September 2017 - 12:37 PM

Clade, from what I've seen across the computer repair counters that have been vetted and have been in business for some time, there is simply way too much hardware and/or software work to do to think about and actually copy down data from a customer's hard-drive.  Your concern is certainly normal and valid, so follow the previous posters' advice about data encryption.  (In-house English teacher, help me rewrite the first sentence, it could use some improvement.)

 

Sorry RolandUS!

 

I have limitations in English. . .
 
Come on, see if I get it: If the reference is on the first sentence of my last post. . . Really, it got vague.
 
'In fact, the reference is given in case someone accesses your data without your permission. No Windows permission.
 
I was clear?


#14 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:02:24 AM

Posted 20 September 2017 - 12:46 PM

I will also add that there are many reasons one might very well copy data from a client hard drive as part of a repair.

 

I've ended up in situations where the operating system was going to need to be reinstalled secondary to flakiness that could not be resolved via any of "the usual methods."  Of course I am going to take a complete user data backup before doing this and then copying the data back over when the reinstall is complete.

 

Like any ethical computer repair technician I am not "digging through" any user's data except as is necessary as part of a repair, and sometimes that means not at all.  When the occasion presents itself where I have to backup and restore user data I do not maintain a copy afterward unless I discuss it with the client first and we agree that they will notify me when they're satisfied that everything is in order and I can delete the copy that I'm holding.

 

Not that there are not unethical people out there in any business, but no ethical computer repair technician would ever use a client's data except as is necessary to accomplish the end result the client wants and needs.  No sane one wants the responsibility of long term retention of anyone else's data, either, particularly if it has even the slightest bit of value (beyond personal) and sensitivity.  I hasten to add, though, that anyone who believes that a repair technician will not see or open anything is simply not aware that one has to do testing before returning the device.  I have often, for instance, opened one of each existing MS-Office document type if a new version of Office is installed by me or opened an image file or two if something like PhotoShop or similar is installed by me.  It is unrealistic to believe that a repair technician will not see anything on the machine in it's full glory, but it's also completely realistic to expect that anything seen will be held in strictest confidence (with the possible exception of something like child porn which, were I to encounter it, I would feel morally bound to report to authorities).

 

It would be a mistake, though, depending on the actual work done, to presume that any copying off of data is, by necessity, nefarious.


Edited by britechguy, 20 September 2017 - 12:51 PM.
Added bit about technician "seeing" some information

Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#15 Clade

Clade
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 20 September 2017 - 12:56 PM

I will also add that there are many reasons one might very well copy data from a client hard drive as part of a repair.

 

I've ended up in situations where the operating system was going to need to be reinstalled secondary to flakiness that could not be resolved via any of "the usual methods."  Of course I am going to take a complete user data backup before doing this and then copying the data back over when the reinstall is complete.

 

Like any ethical computer repair technician I am not "digging through" any user's data except as is necessary as part of a repair, and sometimes that means not at all.  When the occasion presents itself where I have to backup and restore user data I do not maintain a copy afterward unless I discuss it with the client first and we agree that they will notify me when they're satisfied that everything is in order and I can delete the copy that I'm holding.

 

Not that there are not unethical people out there in any business, but no ethical computer repair technician would ever use a client's data except as is necessary to accomplish the end result the client wants and needs.  No sane one wants the responsibility of long term retention of anyone else's data, either, particularly if it has even the slightest bit of value (beyond personal) and sensitivity.  I hasten to add, though, that anyone who believes that a repair technician will not see or open anything is simply not aware that one has to do testing before returning the device.  I have often, for instance, opened one of each existing MS-Office document type if a new version of Office is installed by me or opened an image file or two if something like PhotoShop or similar is installed by me.  It is unrealistic to believe that a repair technician will not see anything on the machine in it's full glory, but it's also completely realistic to expect that anything seen will be held in strictest confidence (with the possible exception of something like child porn which, were I to encounter it, I would feel morally bound to report to authorities).

 

It would be a mistake, though, depending on the actual work done, to presume that any copying off of data is, by necessity, nefarious.

 

Perfect your settings, weights.
 
This issue was raised due to working only with software, at most, to exchange memories, HD. . . As I always say jokingly: My finger, as a descendant of Italian, is too thick to handle notebook components, flats. . . LOL





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users