Full Disclosure mailing list archives

Re: RE: Tools accepted by the courts

From: "Eric Paynter" <eric () arcticbears com>
Date: Tue, 5 Jul 2005 15:33:40 -0700 (PDT)

On Tue, July 5, 2005 3:02 pm, pingywon said:

I have heard on more then one ocassion that Microsoft Event files (.evt)
are admissible.


Like anything, it depends a lot on the situation. It's a log file, so like
any log file, it must be relevant and have a clean chain of custody. For
anything more specific, it depends on your jurisdiction.

Here is a link to the US Federal Rules of Evidence that might provide
entertainment for some readers of this list:

http://expertpages.com/federal/federal.htm

Relevancy is defined in Article 4.

Log files are generally considered "records of a regularly conducted
activity", which is referenced in Rule 803(6). Note that Article 8 is
about hearsay. A log is hearsay, but Rule 803 defines the exceptions to
the inadmissibility of hearsay.

-Eric

--
arctic bears - email and dns services
http://www.arcticbears.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Tools accepted by the courts Jason Coombs (Jul 05)
- Re: Re: Tools accepted by the courts Gaurav Kumar (Jul 05)
- Re: Re: Tools accepted by the courts Paul Schmehl (Jul 05)
- Re: Re: Tools accepted by the courts Valdis . Kletnieks (Jul 05)
- <Possible follow-ups>
- RE: Tools accepted by the courts Craig, Tobin (OIG) (Jul 05)
  - RE: Tools accepted by the courts Evidence Technology (Jul 05)
    - Re: RE: Tools accepted by the courts Nick FitzGerald (Jul 05)
  - Re: RE: Tools accepted by the courts pingywon (Jul 05)
    - Re: RE: Tools accepted by the courts Eric Paynter (Jul 05)
- RE: Re: Tools accepted by the courts Lauro, John (Jul 05)
  - Re: Re: Tools accepted by the courts KF (lists) (Jul 05)