I can confirm that this is the best course of action. Always assume the computer has been compromised, don't run any code from that hard disk, if you had a backup, now is the time to test your 'bare metal' restore process with a backup taken before it was out of your hands.
If you didn't have a backup, then reinstall to a fresh disk from any manufacturer-provided restore image, restore any purchased or otherwise installed software from known good sources, then very carefully copy only the data files that you cannot possibly recreate or restore from the compromised disk image, ideally using tools that will never try to intrepret or preview anything on the disk (e.g. a linux live CD is probably better than using Windows Explorer)
On Wednesday, 4 April 2018 14:09:28 UTC+1, Mark Steward wrote:
Take the hard drive out and image it. You can then do what you want with the original, probably wipe it.
Mark
anyone around who can advise on forensically searching our stolen but found pc in search of crypto and things....
horrid domestic got out of hand with an old friend of mine and it needs a careful and considered approach.
the police are aware of the situation yet no case open as such yet.....
phew....
ta very
best s
--
You received this message because you are subscribed to the Google Groups "London Hackspace" group.