Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

admissability of logs in court

From: Tina Bird <tbird () precision-guesswork com>
Date: Wed, 23 Apr 2003 22:21:56 +0000 (GMT)
Okay, after having discussed this issue on the Log Analysis mailing list
(with pointers previously pointed), here's the extremely brief summary I
wrote to Firewall-Wizards this January.  Technical issues notwithstanding,
unless you can demonstrate that tampering has occured, logs are as
admissable as testimony from a witness (see the reference cited below):

---------- Forwarded message ----------
Date: Wed, 29 Jan 2003 16:52:21 +0000 (GMT)
From: Tina Bird <tbird () precision-guesswork com>
To: dave <dave () netmedic net>
Cc: "'Noonan, Wesley'" <Wesley_Noonan () bmc com>,
     'Brian Monkman' <bmonkman () comcast net>,
     "firewall-wizards () honor icsalabs com" <firewall-wizards () honor icsalabs com>
Subject: RE: [fw-wiz] Acqusition of time

On Wed, 29 Jan 2003, dave wrote:


Actually a good attorney could tear up any log system even with perfect time
stamps.  All that need would need to be proved was the fact that it could
have been faked.



Actually<, current case law on the admissibility of computer log data in

court suggests that the possibility of tampering is not sufficient cause
to throw logs out.  Someone who wants to have log data thrown out because
it may have been tampered with has to show evidence that the data >has<
been tampered with.

See, for instance:
http://www.usdoj.gov/criminal/cybercrime/usamarch2001_4.htm

There was a >long< discussion of this issue on the LogAnalysis mailing
list.  If you want to read it, go to http://www.loganalysis.org, click on
"Library" in the nav bar, then "Frequently discussed topics".

tbird

-- 
I, on the other hand, do not work. I enjoy the slothful life of an artist,
and while away the hours in meaningless aesthetic pursuits punctuated by
bouts of hedonistic debauchery and an occasional nap.
                                              -- David Rinehart

http://www.shmoo.com/~tbird
Log Analysis http://www.loganalysis.org
VPN http://vpn.shmoo.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: