▲ ▼ Proving computer hack
If a computer is hacked and fake incriminating evidence is placed by the attacker; The victim is left to the mercy of the investigating agencies to uncover the truth and for vindication.
We need a way to prove that our computer was hacked beyond any reasonable doubt as an user without dependence on forensic experts.
Just like how tamper evident labels on physical products tell us if someone has tampered with that product, I would like something for computers which definitely tells that it has been tampered(hacked) with and which can be used in the court of law.
The trouble here is that if you have been hacked, by definition something has happened to compromise the security of your computer. Thus, you're already in a flaky situation. If you could create such a system, that new system would just become a target for hackers - after all, if I can pull off a hack and leave the new digital tamperproof seal in place, wouldn't that be the best hack ever?
Worse, the number one (by far) best way to hack a computer is to get the user to do something stupid. MOST hacks are because a user clicked on something the system warned them they shouldn't click. And people do it anyway. So, the number one security vulnerability in any computing system is the user.
But the best news is that hiding tracing of how a hack happened is really, really, hard - nearly impossible hard. Which is why computer forensics is a thing. As always, as a victim, your best bet is going to be to get a good lawyer. And a hire a forensics expert.
I think OP is defining a state where the victim has been hacked and the attackers real motive is to place incriminating data on the victim's device. If the agencies are not up-to the mark or compromised, Forensics won't do any good. So there's no point discussing about prevention, however valid the advise might be for general security.
Now we have a way to check the integrity of data through hash, even normal consumers check MD5, SHA256 of downloaded files from Internet for integrity. We can prove at any court of law that the integrity of the file was compromised without any help from experts. I feel such a system for overall computer integrity is inevitable and would be a milestone for cyber security.
Right now network logs, system logs and detection of malware by anti-virus software are common ways to tell if the computer is compromised; of-course compromise of online accounts can be dealt with the support of the service provider.
So I think a tamper-proof label for a computer would be a way to publish the system integrity online using the aforementioned logs publicly to know and prove that the system was tampered.
We should be able to publish the system integrity for all the devices which could be compromised including smartphones, smart watches etc.
What would this look like, ideally? Do you mean a tool that gets the logs and just publishes it as a PDF for instance?
I don't have anything specific in my mind KeMonte`, just constructing the fundamentals in my comment.