Full Disclosure mailing list archives
Re: Reacting to a server compromise
From: "SecuresDotComs" <SecuresDotComs () hotmail com>
Date: Sat, 2 Aug 2003 20:47:09 -0700
Oooo I never thought of that. Anybody have a pointer to more relevant legal response information than what I plagiarized and bastardized? Intrusion Detection and the Law for the Net/Sys Admin 101? SDC ----- Original Message ----- From: <devnull () iprimus com au> To: <full-disclosure () lists netsys com> Sent: Saturday, August 02, 2003 7:33 PM Subject: Re: [Full-disclosure] Reacting to a server compromise
On Sun, 3 Aug 2003 01:38 am, Jennifer Bradley wrote:If this happens again, I would probably make a copy of the hard drive,
Then Saturday, August 02, 2003 7:33 PM devnull () iprimus com au responded:
Under most jurisdictions, an ordinary disk image produced by Norton Ghost
etc
using standard hardware is completely inadmissible in court, as it is impossible to make one without possibly compromising the integrity of the evidence. The police etc use specialised hardware for making such copies, which ensures that the disk can't have been altered. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: [inbox] Re: Reacting to a server compromise, (continued)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Bojan Zdrnja (Aug 06)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 06)
- Re: [inbox] Re: Reacting to a server compromise Valdis . Kletnieks (Aug 05)
- Re: [inbox] Re: Reacting to a server compromise morning_wood (Aug 03)
- Re: [inbox] Re: Reacting to a server compromise Peter Busser (Aug 04)
- Re: Reacting to a server compromise SecuresDotComs (Aug 02)
- Re: Reacting to a server compromise madsaxon (Aug 02)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)
- Re: [inbox] Re: Reacting to a server compromise Gaurav Kumar (Aug 03)
- Re: Reacting to a server compromise Alexandre Dulaunoy (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)
- Re: Reacting to a server compromise David Hayes (Aug 05)
- Re: Reacting to a server compromise Ron DuFresne (Aug 05)
- Re: Hard drive images Craig Pratt (Aug 05)
- RE: [inbox] Re: Hard drive images Curt Purdy (Aug 05)
- Re: Hard drive images ldreamer (Aug 05)