> BTW, when you do a backup to tape, would that not alter the atime?
Oh one more thing - it will alter the atime on /dev/sdb1 (or whatever) -
but that's not exactly going to be useful anyway.
With the /dev tree - mainly you're concerned with dodgy devices - a lot of
people make a /dev/rpty123 or some other unixy sounding device filename to
hide things..
One of the things that Umar's Dodgy Forensics Package(tm) will do is go
through /dev and yell if it sees plain files that should be there.. I'm
thinking of having an option like "Lookfordodgythings" and allowing
various levels of paranoia.. but I want to keep the tool out of the
analysis side of things and keep it purely for reporting/sanitization
etc..
//umar.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
