Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reacting to a server compromise

From: "SecuresDotComs" <SecuresDotComs () hotmail com>
Date: Sat, 2 Aug 2003 20:47:09 -0700
Oooo I never thought of that. Anybody have a pointer to more relevant legal
response information than what I plagiarized and bastardized?

Intrusion Detection and the Law for the Net/Sys Admin 101?

SDC

----- Original Message -----
From: <devnull () iprimus com au>
To: <full-disclosure () lists netsys com>
Sent: Saturday, August 02, 2003 7:33 PM
Subject: Re: [Full-disclosure] Reacting to a server compromise



On Sun, 3 Aug 2003 01:38 am, Jennifer Bradley wrote:


If this happens again, I would probably make a copy of the hard drive,


Then Saturday, August 02, 2003 7:33 PM  devnull () iprimus com au responded:


Under most jurisdictions, an ordinary disk image produced by Norton Ghost

etc

using standard hardware is completely inadmissible in court, as it is
impossible to make one without possibly compromising the integrity of the
evidence. The police etc use specialised hardware for making such copies,
which ensures that the disk can't have been altered.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: