Full Disclosure mailing list archives
Re: Break-in discovery and forensics tools
From: Tina Bird <tbird () precision-guesswork com>
Date: Wed, 23 Apr 2003 19:50:28 +0000 (GMT)
On Wed, 23 Apr 2003, Valdis.Kletnieks () vt edu wrote:
On Wed, 23 Apr 2003 09:18:58 PDT, Hotmail <se_cur_ity () hotmail com> said:I realize the importance of after incident forensics... What I dont understand is logs used in a court for prosecution. Logs are inheritly not preservable or physical evidence, it is tamperable from the time the external data hits a MAC, if that were the case basicly I could take my logs and edit any damn originating ip i choose, send thosse logs to law enforcement, and have an innocent person convicted. Logs are nice.. but IMHO defeatable in court.
There's been a >long< discussion of this issue on the Log Analysis mailing list. For a summary of the most lucid postings, with contributions from geeks >and< lawyers (scary): http://www.loganalysis.org/sections/discussions/index.html cheers -- tbird -- don't worry please please how many times do I have to say it there's no way not to be who you are and where -- Ikkyu http://www.shmoo.com/~tbird Log Analysis http://www.loganalysis.org VPN http://vpn.shmoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Break-in discovery and forensics tools, (continued)
- Re: Break-in discovery and forensics tools Dirk Mueller (Apr 23)
- RE: Break-in discovery and forensics tools roman . kunz (Apr 23)
- Re: Break-in discovery and forensics tools Hotmail (Apr 23)
- Re: Break-in discovery and forensics tools Shawn McMahon (Apr 23)
- Re: Break-in discovery and forensics tools Hotmail (Apr 23)
- Re: Break-in discovery and forensics tools Shawn McMahon (Apr 23)
- Re: Break-in discovery and forensics tools Hotmail (Apr 23)
- Re: Break-in discovery and forensics tools Hotmail (Apr 23)
- RE: Break-in discovery and forensics tools Richard M. Smith (Apr 23)
- RE: Break-in discovery and forensics tools Ron DuFresne (Apr 23)
- Re: Break-in discovery and forensics tools Valdis . Kletnieks (Apr 23)
- Re: Break-in discovery and forensics tools Tina Bird (Apr 23)
- Re: Break-in discovery and forensics tools Hotmail (Apr 23)
- Re: Break-in discovery and forensics tools Hotmail (Apr 23)
- RE: Break-in discovery and forensics tools batz (Apr 24)
- Re: Break-in discovery and forensics tools Hotmail (Apr 24)
- SPOOFED HOTMAIL ADDRESS --- http://www.security-hotmail.com/ morning_wood (Apr 26)