Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
src
 
 
 
 
 
 
 
 

README

                                 smartmonster

S.M.A.R.T. Monster Only Notices Surreptitious Tampering Events Retroactively

"An anti-forensic reboot, disk access, and basic tamper detector"

This set of scripts is written with the express purpose of detecting changes in
the bootable file system, with the unencrypted block device used for booting,
with S.M.A.R.T. data provided by your drives, and other interesting data
points.

This software assumes that your /boot is unencrypted and that everything else
is encrypted with full disk encryption; it also assumes that your hard disk is
a spinning platter with S.M.A.R.T. support - this may also function with SSD
storage devices but is as of yet untested.

We also assume that you layer your file system encryption with something like
eCryptFS for use after the full disk encryption has been unlocked. Anything
less will allow an attacker to simply log your main encryption key and leak it
through a covert channel, such as attempting to join a wireless network with
your key as the ESSID. Detection of such an event after the fact may be too
late.

This is of course entirely imperfect and still worth exploring.

About

S.M.A.R.T. Monster Only Notices Surreptitious Tampering Events Retroactively

Resources

Releases

No releases published

Packages

No packages published