intrigeri: > Sounds good, did I miss anything? >
I would suggest including a small shell script and one utility to test the integrity of a tails release - something as simple as md5deep. Once we start to change the Tails disk, we really want to ensure that an attacker can't stick around past a reboot. I could write such a utility but I'd like some feedback - for example - should we run this after install and put the current state into the persistence? Should we keep a list of hashes of all possible updates, so that we can check a user's data set against a known good list? The easy bit is basically to write something to check the MBR, the partitions and then walk the file systems. It won't detect firmware changes to the disk drive (usb, sata, whatever) but it should be able to very easily detect any binaries that are changed. Obviously we'd need two tails disks to really be able to do this kind of basic forensics. Thoughts? All the best, Jacob _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
