Detecting computer tampering

Can you tell if a computer has been dismantled and put back together by checking data on the computer? I have a Toshiba Satellite C665 and took it to a shop for virus removal and when I got it home noticed a screw missing from its place on the back panel. The shop has not informed me of any dismantling and when I check the event log (which I don't really understand) there appears to be over 24hrs of shut down period. I hope im just paranoid but I would just like to be sure

 

Virus removal does not need the PC to be opened but if the shop was just being conscientious they may have opened it to see if it was full of dust and done a cleaning job.

One other point i will make is that some unscrupulous techs have been know to switch parts for lesser quality but unless you know the specs of your PC before sending it to the shop it would be hard to prove.

I only state this because i build PCs and always record all parts i fit to a customers rig,so when a client came to me saying he had put his PC is a repair shop when he was out of town and the video quality had deteriorated i found they had switched the graphics card.
I contacted the shop with the serial number of the card they said they had tried a different graphics card and forgot to replace the original

 

Best you can tell is if the screws are scraped or stripped.. there is no way of telling from the OS. On occasion (of being dropped or rough housed) screws do pop out.

Next time you can put some tape on the shell and see if they cut or remove it.

 

Nail polish is one way, or a dab of paint. They sell tamper labels that will say void or tampered on them, if they are removed.

 

Tamper labels vary in quality. I bought a package online; the stupid things will sometimes pop off (without leaving the "void" mark) when the case is opened. I've even see a few OEM manufacturer stickers do this.

On a desktop, if you're a custom builder or repair shop, you can also get breakaway ties that are numbered (similar to the ones used on bank deposit bags). Inserted in the cover/case lock hole, it shows if the customer opened the case if an internal damage issue arises.

 

Thank you all for attempting to help. I have tried to compare my current system specs with that of the original specs from the manufacturer and have found nothing yet. Does anyone know how I can review data about my hard drive. What I am trying to figure out is if my hard drive is pulled out of my computer and then put back in, can I see data about this happening. Also how can I tell when a program was installed on my computer? I have a Toshiba Satellite C665 with windows 7 Home Premium and before I gave my computer to the shop I had restored it back to factory settings (trying to get rid of malware) does this mean that all the programs on it should say that they were installed on the date and time of restoration?

 

No, there is no way of telling if someone pulled the hard drive out and put it back in, without some type of tamper evident seal, or dab of paint or nail polish.

 

Sometimes at my old shop when laptops came in for malware we would pull the drive to back up data off it before dealing with the infections. Not sure but we always notified the customer when we did this.

 

Greetings, FutureGeek...

I know that with some older versions of Windows there was a 'Last Used On' column in the Control Panel Add/Remove Programs list. Unfortunately, Microsoft has done away with that feature.

However, you may still be able to glean some info by looking at various program executable property sheets. Navigate to Program Files, pick out a few suspect folders (programs that you think the shop may have used), right-click the .exe and select 'Properties' - you may then be able to see 'Accessed' or 'Modified' entries that correspond with the time the machine was in the shop.

If they used your machine to access the internet, they may have been sloppy and forgot to purge any temporary files caches - just a thought.

Also, have you used Copy/Paste since you've gotten the machine back from the shop? If not, open Notepad and do a quick paste. You'd be amazed at what's stored sometimes in memory.

This may look tedious, but sometimes sleuthing is a boring job.

 

Thanks again every one. I cant find anything suspicious anywhere..I guess I will have to live with my paranoid feelings till I be come a true Major Geek and can truly control my computer...(if that is actually possible).. I would also like to say that it is awesome to have sites like this to be able to combine a multitude of knowledge in order to solve problems. Keep up the good work everyone.....