Security Basics mailing list archives

Re: Minimum Syslog Level Needed for Court Trial

From: John Morrison <john.morrison101 () gmail com>
Date: Tue, 13 Dec 2011 20:37:11 +0000

Thanks, Vic. That is a very handy starting point.

John

On 12 December 2011 18:01, Vic Vandal <vvandal () well com> wrote:

There was an old 2006 SANS article/paper titled "The Log Management Industry: An Untapped Market" that discussed 
regulatory requirements, forensics, etc.  It's something like 20 pages long but can easily be scanned for the good 
parts.  I still have a local copy from when we were looking at centralized log archival from a variety of 
heterogeneous device/system types back then.

We are archiving logs to a central location in real-time.  The log collector and its feeder agents encrypt the system 
logs in transit, and the collector hashes the logs to prevent tampering.  I'd rather not give commercial product 
names in an open email list as not to endorse any specific ones.  But there are also some open source products that 
can provide similar features.  Just do a web search and you'll find them.

Peace,
Vic

----- Original Message -----
From: "David Kovar" <dkovar () gmail com>
To: "Manuel Landron" <mlandron () uspsoig gov>
Cc: "James MacChlerie" <James.MacChlerie () gmail com>, security-basics () securityfocus com
Sent: Friday, December 9, 2011 12:07:32 AM
Subject: Re: Minimum Syslog Level Needed for Court Trial

Greetings,

Part of the collection and forensic analysis process should include documenting the BIOS clock on the system, 
timezone settings, etc.

-David

On Dec 8, 2011, at 10:48 PM, Landron, Manuel wrote:

Better be sure that date/timestamp is accurate though.

Manuel Landron

Sent from my iPhone

On Dec 8, 2011, at 11:46 PM, "David Kovar" <dkovar () gmail com> wrote:

Greetings,

The very short answer is that the court doesn't define the syslog level required for a log file to be accepted as 
digital evidence. A single line from a log file, collected in a forensically sound manner, and presented in context 
by a qualified expert, can be accepted as evidence.

-David

On Dec 8, 2011, at 10:16 PM, James.MacChlerie () gmail com wrote:

Good Day All,

I am looking to see if any of you know what minimum syslog level needs to be set at to be presented as proper 
evidence in a Court of Law?  If you know could please let me know and point me to specific references in the 
Computer Forensics realm?  Thank you for your assistance.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works,
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Minimum Syslog Level Needed for Court Trial James . MacChlerie (Dec 08)
- Re: Minimum Syslog Level Needed for Court Trial David Kovar (Dec 08)
  - Re: Minimum Syslog Level Needed for Court Trial Landron, Manuel (Dec 08)
    - Re: Minimum Syslog Level Needed for Court Trial David Kovar (Dec 08)
    - Re: Minimum Syslog Level Needed for Court Trial Vic Vandal (Dec 12)
    - Re: Minimum Syslog Level Needed for Court Trial John Morrison (Dec 14)
- <Possible follow-ups>
- Re: Minimum Syslog Level Needed for Court Trial james . macchlerie (Dec 14)