Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 10 years ago .I was wondering if uploading data from system disk onto a file sharing online service, but it seems like the system logs these and they could be traced by the cookies of that website. Is it the same if you were to copy from a system disk onto a portable disk? I have a hard time thinking that the system logs every file that's read from disk? I imagine it will be evident a device was plugged nothing else to show what was copied, etc. Is there a bulletproof way to achieve this where if anyone were to inspect the system, they wouldn't be able to verify that some files were copied? EDIT: Some of the methods that trace the act of copying files: https://www.youtube.com/watch?v=NG9Cg_vBKOg
4,749 3 3 gold badges 27 27 silver badges 58 58 bronze badges asked Jan 19, 2014 at 23:40 Joan Venge Joan Venge 1,496 9 9 gold badges 26 26 silver badges 41 41 bronze badgesAccess logs such as what you are thinking are often not enabled by default. If you are copying information from business that does have those enabled, then yes some access logs or copy log may be present, but only if the system is set to log them.
Commented Jan 20, 2014 at 4:29If the logs are enabled what you want is difficult since your unlikely going to have the ability to delete the logs. I don't feel comfortable providing solutions.
Commented Jan 20, 2014 at 4:47Which logs were you looking at specifically?
Some filesystems log the last accessed time, however this can be avoided (e.g. for Windows see http://msdn.microsoft.com/en-us/library/ms724933.aspx and the lpLastAccessTime field), and for frequently accessed data doesn't matter much anyway.
As for cookies, to upload files a cookie is not actually needed (its just the implementation of the actual service in question), and even if a cookie is needed, you can clear them from a web-browser, or not even use a web-browser on the system. Of course you cant hide the network traffic entirely, a TLS connection on port 443 that sends a large amount of data still looks like an upload rather than normal web traffic, even though the encryption prevents networking devices to know what it was (at least short of some questionable things Ive seen, like essentially setting up a man in the middle attack and making all the systems trust a wild-card cert so they don't warn the users), just what the end points of that connection were.
However in environments where people are intentionally protecting files, full access logging is of course a possibility, and by its nature can not be subverted (at least not by a non-root user that can interfere with the system configuration, or use some more indirect methods of file access).
Also On-Access virus scanners may keep a log of everything they scanned, even if its clean, and not sure if they would note if the access was to copy to a portable device.
Of course if you have physical access to the system, the problem becomes very easy. Since you can boot the system into another OS (e.g. Linux on a CD or USB), or connect the hard-disk to another system (I have never tried to bypass BIOS protection, but believe it is possible to prevent the boot to another OS without a password). However the fact you rebooted the system would be known. Another protection against this is encryption the files on the disk (or even the entire disk).