ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: DT008
  • Created: 25th May 2024
  • Updated: 14th June 2024
  • Contributor: The ITM Team

Tamper Seal

A tamper seal can be used to protect against tampering or unauthorized access of an object. Tamper seals can provide visual evidence if an object has been opened or attempted to be opened.

Sections

ID Name Description
PR012Physical Disk Removal

A subject removes the physical disk of a target system to access the target file system with an external device/system.

AF010Physical Removal of Disk Storage

A subject may remove attached disk storage from a system to deny investigators access to the files stored within it.

AF011Physical Destruction of Storage Media

A subject may destroy or otherwise impair physical storage media such as hard drives to prevent them from being analyzed.

ME017Physical Disk Access

A subject has the ability to access the physical disk of a target system.

IF002.002Exfiltration via Physical Access to System Drive

A subject exfiltrates data by retrieving the physical drive used by a system.

IF002.003Exfiltration via New Internal Drive

A subject exfiltrates data by connecting an additional drive to a system using the Serial Advanced Technology Attachment (SATA) interface on a motherboard, and copying files to the new storage device.