Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Break-in discovery and forensics tools

From: Tina Bird <tbird () precision-guesswork com>
Date: Wed, 23 Apr 2003 19:50:28 +0000 (GMT)
On Wed, 23 Apr 2003, Valdis.Kletnieks () vt edu wrote:


On Wed, 23 Apr 2003 09:18:58 PDT, Hotmail <se_cur_ity () hotmail com>  said:

 I realize the importance of after incident forensics... What I dont
understand is logs used in a court for prosecution. Logs are inheritly not
preservable or physical evidence, it is tamperable from the time the
external data hits a MAC, if that were the case basicly I could take my logs
and edit any damn originating ip i choose, send thosse logs to law
enforcement, and have an innocent person convicted. Logs are nice.. but IMHO
defeatable in court.


There's been a >long< discussion of this issue on the Log Analysis mailing
list.  For a summary of the most lucid postings, with contributions from
geeks >and< lawyers (scary):

http://www.loganalysis.org/sections/discussions/index.html

cheers -- tbird

-- 
don't worry please please how many times do I have to say it
there's no way not to be who you are and where

                                               -- Ikkyu

http://www.shmoo.com/~tbird
Log Analysis http://www.loganalysis.org
VPN http://vpn.shmoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: