You will lose all changes to data, such as email, that were made after the time of the snapshot. Obviously, that's only practical if you know when the attack took place, and it was recent, and you have such a backup.
The easiest approach is to recover the entire system from a backup that predates the attack. The only way you can be sure that the computer is not compromised is to erase at least the startup volume and restore it to something like the status quo ante. Commercial keylogging software-which has legitimate as well as illegitimate uses-won't be recognized as malware, because it's not malware. You have to assume that any intruder can do the same. If I broke into a system and wanted to leave a back door, I could do it in a way that would be undetectable by those means-and I don't pretend to any special skill as a hacker.
Running any kind of "anti-virus" software is pointless. The computer would be the principal evidence in such a case, and you don't want to contaminate that evidence. If there's any chance that the matter will be the subject of legal action, then you should do nothing at all without consulting a lawyer or the police. If you know or suspect that a hostile intruder has either had physical access to it, or has been able to log in remotely, then there are some steps you should take to make sure that the computer is safe to use.įirst, depending on the circumstances, computer tampering may be a crime, a civil wrong, or both.
0 kommentar(er)
