Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Break-in discovery and forensics tools

From: Shawn McMahon <smcmahon () eiv com>
Date: Wed, 23 Apr 2003 13:31:15 -0400
On Wed, Apr 23, 2003 at 09:18:58AM -0700, Hotmail said:

 I realize the importance of after incident forensics... What I dont
understand is logs used in a court for prosecution. Logs are inheritly not
preservable or physical evidence, it is tamperable from the time the
external data hits a MAC, if that were the case basicly I could take my logs
and edit any damn originating ip i choose, send thosse logs to law
enforcement, and have an innocent person convicted. Logs are nice.. but IMHO
defeatable in court.


Logs are testimony.  They're no more tamperable than verbal testimony.
It's up to the judge and/or jury to decide what weight to give them.


-- 
Shawn McMahon     | Let every nation know, whether it wishes us well or ill,
EIV Consulting    | that we shall pay any price, bear any burden, meet any
UNIX and Linux    | hardship, support any friend, oppose any foe, to assure
http://www.eiv.com| the survival and the success of liberty. - JFK

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: