Full Disclosure mailing list archives
admissability of logs in court
From: Tina Bird <tbird () precision-guesswork com>
Date: Wed, 23 Apr 2003 22:21:56 +0000 (GMT)
Okay, after having discussed this issue on the Log Analysis mailing list (with pointers previously pointed), here's the extremely brief summary I wrote to Firewall-Wizards this January. Technical issues notwithstanding, unless you can demonstrate that tampering has occured, logs are as admissable as testimony from a witness (see the reference cited below): ---------- Forwarded message ---------- Date: Wed, 29 Jan 2003 16:52:21 +0000 (GMT) From: Tina Bird <tbird () precision-guesswork com> To: dave <dave () netmedic net> Cc: "'Noonan, Wesley'" <Wesley_Noonan () bmc com>, 'Brian Monkman' <bmonkman () comcast net>, "firewall-wizards () honor icsalabs com" <firewall-wizards () honor icsalabs com> Subject: RE: [fw-wiz] Acqusition of time On Wed, 29 Jan 2003, dave wrote:
Actually a good attorney could tear up any log system even with perfect time stamps. All that need would need to be proved was the fact that it could have been faked.
Actually<, current case law on the admissibility of computer log data in
court suggests that the possibility of tampering is not sufficient cause to throw logs out. Someone who wants to have log data thrown out because it may have been tampered with has to show evidence that the data >has< been tampered with. See, for instance: http://www.usdoj.gov/criminal/cybercrime/usamarch2001_4.htm There was a >long< discussion of this issue on the LogAnalysis mailing list. If you want to read it, go to http://www.loganalysis.org, click on "Library" in the nav bar, then "Frequently discussed topics". tbird -- I, on the other hand, do not work. I enjoy the slothful life of an artist, and while away the hours in meaningless aesthetic pursuits punctuated by bouts of hedonistic debauchery and an occasional nap. -- David Rinehart http://www.shmoo.com/~tbird Log Analysis http://www.loganalysis.org VPN http://vpn.shmoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- admissability of logs in court Tina Bird (Apr 23)