Security Basics mailing list archives
Re: Minimum Syslog Level Needed for Court Trial
From: John Morrison <john.morrison101 () gmail com>
Date: Tue, 13 Dec 2011 20:37:11 +0000
Thanks, Vic. That is a very handy starting point. John On 12 December 2011 18:01, Vic Vandal <vvandal () well com> wrote:
There was an old 2006 SANS article/paper titled "The Log Management Industry: An Untapped Market" that discussed regulatory requirements, forensics, etc. It's something like 20 pages long but can easily be scanned for the good parts. I still have a local copy from when we were looking at centralized log archival from a variety of heterogeneous device/system types back then. We are archiving logs to a central location in real-time. The log collector and its feeder agents encrypt the system logs in transit, and the collector hashes the logs to prevent tampering. I'd rather not give commercial product names in an open email list as not to endorse any specific ones. But there are also some open source products that can provide similar features. Just do a web search and you'll find them. Peace, Vic ----- Original Message ----- From: "David Kovar" <dkovar () gmail com> To: "Manuel Landron" <mlandron () uspsoig gov> Cc: "James MacChlerie" <James.MacChlerie () gmail com>, security-basics () securityfocus com Sent: Friday, December 9, 2011 12:07:32 AM Subject: Re: Minimum Syslog Level Needed for Court Trial Greetings, Part of the collection and forensic analysis process should include documenting the BIOS clock on the system, timezone settings, etc. -David On Dec 8, 2011, at 10:48 PM, Landron, Manuel wrote:Better be sure that date/timestamp is accurate though. Manuel Landron Sent from my iPhone On Dec 8, 2011, at 11:46 PM, "David Kovar" <dkovar () gmail com> wrote:Greetings, The very short answer is that the court doesn't define the syslog level required for a log file to be accepted as digital evidence. A single line from a log file, collected in a forensically sound manner, and presented in context by a qualified expert, can be accepted as evidence. -David On Dec 8, 2011, at 10:16 PM, James.MacChlerie () gmail com wrote:Good Day All, I am looking to see if any of you know what minimum syslog level needs to be set at to be presented as proper evidence in a Court of Law? If you know could please let me know and point me to specific references in the Computer Forensics realm? Thank you for your assistance. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Minimum Syslog Level Needed for Court Trial James . MacChlerie (Dec 08)
- Re: Minimum Syslog Level Needed for Court Trial David Kovar (Dec 08)
- Re: Minimum Syslog Level Needed for Court Trial Landron, Manuel (Dec 08)
- Re: Minimum Syslog Level Needed for Court Trial David Kovar (Dec 08)
- Re: Minimum Syslog Level Needed for Court Trial Vic Vandal (Dec 12)
- Re: Minimum Syslog Level Needed for Court Trial John Morrison (Dec 14)
- Re: Minimum Syslog Level Needed for Court Trial Landron, Manuel (Dec 08)
- Re: Minimum Syslog Level Needed for Court Trial David Kovar (Dec 08)
- <Possible follow-ups>
- Re: Minimum Syslog Level Needed for Court Trial james . macchlerie (Dec 14)