Detections
- Home
- - Detections
- -DT008
- ID: DT008
- Created: 25th May 2024
- Updated: 14th June 2024
- Contributor: The ITM Team
Tamper Seal
A tamper seal can be used to protect against tampering or unauthorized access of an object. Tamper seals can provide visual evidence if an object has been opened or attempted to be opened.
Sections
ID | Name | Description |
---|---|---|
PR012 | Physical Disk Removal | A subject removes the physical disk of a target system to access the target file system with an external device/system. |
AF010 | Physical Removal of Disk Storage | A subject may remove attached disk storage from a system to deny investigators access to the files stored within it. |
AF011 | Physical Destruction of Storage Media | A subject may destroy or otherwise impair physical storage media such as hard drives to prevent them from being analyzed. |
ME017 | Physical Disk Access | A subject has the ability to access the physical disk of a target system. |
IF002.002 | Exfiltration via Physical Access to System Drive | A subject exfiltrates data by retrieving the physical drive used by a system. |
IF002.003 | Exfiltration via New Internal Drive | A subject exfiltrates data by connecting an additional drive to a system using the Serial Advanced Technology Attachment (SATA) interface on a motherboard, and copying files to the new storage device. |