aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJacob Appelbaum <jacob@appelbaum.net>2011-04-30 01:35:06 -0700
committerJacob Appelbaum <jacob@appelbaum.net>2011-04-30 01:35:06 -0700
commit09b233d952b30fe71dd910218e80711bdf560485 (patch)
treeb4c62dd90431f2b9145c3f04251c4f4cdabb51ac
parent44e0b019dd763c79ed077ab170c04717f3953794 (diff)
downloadsmartmonster-09b233d952b30fe71dd910218e80711bdf560485.tar.gz
smartmonster-09b233d952b30fe71dd910218e80711bdf560485.tar.bz2
Update README
-rw-r--r--README20
1 files changed, 19 insertions, 1 deletions
diff --git a/README b/README
index e03b6a6..3d4d242 100644
--- a/README
+++ b/README
@@ -2,5 +2,23 @@
S.M.A.R.T. Monster Only Notices Surreptitious Tampering Events Retroactively
-An anti-forensic reboot, disk access, and basic tamper detector
+"An anti-forensic reboot, disk access, and basic tamper detector"
+This set of scripts is written with the express purpose of detecting changes in
+the bootable file system, with the unencrypted block device used for booting,
+with S.M.A.R.T. data provided by your drives, and other interesting data
+points.
+
+This software assumes that your /boot is unencrypted and that everything else
+is encrypted with full disk encryption; it also assumes that your hard disk is
+a spinning platter with S.M.A.R.T. support - this may also function with SSD
+storage devices but is as of yet untested.
+
+We also assume that you layer your file system encryption with something like
+eCryptFS for use after the full disk encryption has been unlocked. Anything
+less will allow an attacker to simply log your main encryption key and leak it
+through a covert channel, such as attempting to join a wireless network with
+your key as the ESSID. Detection of such an event after the fact may be too
+late.
+
+This is of course entirely imperfect and still worth exploring.