Full Disclosure mailing list archives
Re: RE: Tools accepted by the courts
From: "Eric Paynter" <eric () arcticbears com>
Date: Tue, 5 Jul 2005 15:33:40 -0700 (PDT)
On Tue, July 5, 2005 3:02 pm, pingywon said:
I have heard on more then one ocassion that Microsoft Event files (.evt) are admissible.
Like anything, it depends a lot on the situation. It's a log file, so like any log file, it must be relevant and have a clean chain of custody. For anything more specific, it depends on your jurisdiction. Here is a link to the US Federal Rules of Evidence that might provide entertainment for some readers of this list: http://expertpages.com/federal/federal.htm Relevancy is defined in Article 4. Log files are generally considered "records of a regularly conducted activity", which is referenced in Rule 803(6). Note that Article 8 is about hearsay. A log is hearsay, but Rule 803 defines the exceptions to the inadmissibility of hearsay. -Eric -- arctic bears - email and dns services http://www.arcticbears.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Tools accepted by the courts Jason Coombs (Jul 05)
- Re: Re: Tools accepted by the courts Gaurav Kumar (Jul 05)
- Re: Re: Tools accepted by the courts Paul Schmehl (Jul 05)
- Re: Re: Tools accepted by the courts Valdis . Kletnieks (Jul 05)
- <Possible follow-ups>
- RE: Tools accepted by the courts Craig, Tobin (OIG) (Jul 05)
- RE: Tools accepted by the courts Evidence Technology (Jul 05)
- Re: RE: Tools accepted by the courts Nick FitzGerald (Jul 05)
- Re: RE: Tools accepted by the courts pingywon (Jul 05)
- Re: RE: Tools accepted by the courts Eric Paynter (Jul 05)
- RE: Tools accepted by the courts Evidence Technology (Jul 05)
- RE: Re: Tools accepted by the courts Lauro, John (Jul 05)
- Re: Re: Tools accepted by the courts KF (lists) (Jul 05)