Firewall Wizards mailing list archives
Re: Acquisition of time
From: "W.C. Epperson" <epperson () alumni unc edu>
Date: Thu, 30 Jan 2003 08:33:07 -0500
Have not read back through the entire thread or cross-referenced ones, but I've not seen anyone raise the issue of chain of custody. The general idea is testimony authenticating the item of evidence and the lack of tampering during possession by each person in the chain. If there's an issue of possible evidentiary use of a log file, we have two sysadmins seal a backup in an envelope immediately, sign the sealed flap, and have the accounting department vault it until needed. In the face of a documented and attested chain of custody, it's the other side's burden to establish the probability that tampering occurred.
Also see the USDOJ page on acquisition of electronic evidence, especially the section "Authenticity and the Alteration of Computer Records". http://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Acquisition of time W.C. Epperson (Jan 30)