I got back from the Supermarket.
I saw a 1 login failed message when I logged in. I don’t remember trying to log in earlier in the day.
I am subletting a place. It’s possible someone could have access to it. When I left to go to the supermarket there was a homeless person outside with a bag and multiple candy bars and sodas in a bag which I could see because they were sitting down. When I got back there was a candy wrapper on the ground and no signs of entry.
My system doesn’t look tampered with. I was gone about 50 minutes. Although I was gone 50 minutes, sometimes I leave and am gone for just a few minutes. The message saying there was one failed log in attempt was from 50 minutes ago. If someone tried to login and failed they did it almost immediately after I left or it was me and I forgot I did this. I don’t think I forgot because I remember how surprised I was when seeing the message.
There was one time prior to that when I left and came back and something was turned on and I thought “I thought I turned that off.”
Qubes was locked but not off when I left and when I got back.
Could someone have accessed my system and have done a RAM dump? I have TPM 2.0 but it’s not supported in Qubes.
I had attached a hard drive several days before and used a complex password to decrypt some files. I had not done a reboot. Could someone that did a RAM dump have that password from RAM multiple days later if the VMs were closed?
Is there a way to check the last opened time for VMs? There were some VMs that were closed.
There isn’t a reason a nation state would want to spend a lot of resources on me. I am not an extremist. I have views on software and networking that are a bit unusual. I sometimes have done unusual programming stuff for learning purposes but not anything that would increase a threat model that much.
It seems most likely that I tried to log in that morning and just forgot doing it but I really don’t think I did.
Sometimes you read about people who get feelings or something strange happens and they just ignore everything. What should I do? What logs should I look at? Is there anything in dom0 I should inspect?
I don’t think there are cameras or microphones placed in the apartment, but I can’t be sure. I used a detector but they don’t always work. It would be hard but not impossible to hide something like that. I did not change the locks temporarily when I got here but would know if someone got in through a window.
Should I format the hard drive multiple times, destroy my computer, and start again? I never thought my threat model was high enough for an evil maid attack and I am probably just being stupid.