If you suspected a computer system may have been physically compromised by an entity with unlimited resources, what could be done to a) Identify suspicious behavior? b) Detect a malicious embedded circuit?
Some thoughts I had
1. Forensically capture the hard drive and perform a standard review. Maybe there would be artifacts related to the behavior of the malicious hardware?
2. Bring the box up live connected to a physical firewall. Block all traffic, log everything, and monitor.
3. Look at the motherboard and peripherals for anything that jumps out.
Otherwise I am not sure what methods and/or tools exist for diagnosing such exploits.
Nothing. If the entity had "unlimited resources", they have unlimited resources to cover their tracks.
On the other hand, if this is not a theoretical exercise, but realistic -
Scenario inline USB device for keyboard with FM radio transmitter, inside the case. What digital evidence would such device leave?
I would try to think of ways I would embed or insert malicious circuit into a computer, and work backwards from that.