Let's say someone stole my computer, what could they do?

Let's say someone stole my computer and had access to my un-encrypted Windows boot drive. Removing/changing passwords on a Windows account is trivial so say they do so and thus have full access to it. All of my files are stored on other hard drives and we'll just say they are encrypted so that's not a factor. What information would someone be able to extract and what could they realistically do with it?

NOTE: My computer did not get stolen. This is just hypothetical.

 

Is your question related to TrueCrypt? Or is it "what could somebody do with my (unencrypted) files?"

 

What could somebody do with my (unencrypted) files. But, all my documents, pictures, music, and videos are stored on a different hard drive. So basically what information is left that could be used maliciously?

 

OK I'll bite. Using forensic tools such as Encase they could basically see almost everything you have done with the computer since the last time you wiped it (if ever). Windows creates a trail that would amaze you if you saw how thoroughly it betrays your privacy at the forensic level. This fact is why hardened security folks insist on WDE with a quality product, such as TrueCrypt, which was mentioned above this post. Perhaps someone knowing what you have done with it and deployed on it doesn't scare you at all. If so, then you won't care. This is not a hype post. I have access to EnCase and those with LE backgrounds to assist me. Windows is much like a video recorder of what you do.

 

After thinking about this a bit more, I realise this is kind of a dumb question. Basically what it comes down to is this: If I gave someone my boot drive with no password, would I be okay with what they find/can do? If not, secure the things I don't like. The main thing I'm worried about is persistent logins to all of the various services I use. A great Chrome extension would be one that automatically unchecks the "Remember me" boxes on sites. This way I can keep the 2-factor cookies and still require a password to login.

 

They'd maybe browse over it quickly, find nothing interesting, then format it for their own purposes or trash it. Unless they had reason to believe you had something really interesting to hide, they wouldn't bother with forensics on it.

 

This. Most will do either these two things.
1. Reformat and use it.
2. Reformat and sell it.

 

@CrusherW9: It depends on whom is looking at your computer. FBI? Relatives? Business enemies? Thief who stole your computer?

If you're worried about persistent logins, you could clear your cookies before you leave your computer unattended.

Some links:
TrueCrypt Security Requirements and Precautions
Forensically interesting spots in the Windows 7, Vista and XP file system and registry
LastActivityView

 

Is there a way to keep the cookies required for two factor authentication but get rid of everything else? Also, thanks for the links.

 

You're welcome .

I don't use Chrome, but I would hope there's an extension for selective cookie protection upon deletion, if the core product can't do it.

 

I looked at a handful of the most popular ones and none could do it, or atleast, I didn't see any options to do so. I guess I'll post in the Chrome Extensions thread.

 

Click & Clean

-https://chrome.google.com/webstore/detail/clickclean/ghgabhipcejejjmhhchfonmamedcbeod?hl=en

There's an option: Cookies to keep

 

Not much, lets assume, that you have cookies and you are logged in, the most websites do not allow changing a password or an email for recovery without actually entering a current password, so yes they could browse for a while, write on FB, that have a married someone of the same sex and so on. Unless you would have your credit card details in txt on the desktop, I can not really think of anything. If they would try to pretend to be you and commit a digital crime, you would be covered by reporting the theft.

 

Ended up using this: https://chrome.google.com/webstore/detail/cookies/iphcomljdfghbkdcfndaijbokpgddeno

 

Then you might like this: https://chrome.google.com/webstore/detail/vanilla-cookie-manager/gieohaicffldbmiilohhggbidhephnjj

Problem with 3rd party cookies is, that once they are blocked, it breaks webpages. Vanilla Cookie Manager allows them and remove all cookies in time except whitelisted.

 

I tried this out but it didn't work how I was expecting. How do I set this so that it keeps ONLY the SMSV cookie from Facebook instead of all cookies from Facebook?