Full Disclosure mailing list archives
RE: Reacting to a server compromise
From: John.Airey () rnib org uk
Date: Tue, 5 Aug 2003 09:17:48 +0100
-----Original Message----- From: Brad Bemis [mailto:Brad.Bemis () airborne com] Sent: 04 August 2003 17:26 To: James A. Cox; Jennifer Bradley Cc: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Reacting to a server compromise -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In general, digital evidence and the methods used to collect it must stand up to tests of 'reasonableness" as determined by the presiding judge. Thank you for your time and attention,
It's a little more difficult than that. Whilst IANAL, I have taken a case to the second highest Court in England and Wales (and won). This case was referred back to a lower court for a decision. The judge hearing that case refused to allow as evidence the statements made by the defendant in the preceding appeal. She then came to the preposterous conclusion that the defendant had no reason to refuse to return my goods to me, even though after three years he still wasn't returning them. (This man told the Court of Appeal that he was keeping them "to teach me a lesson"). The one good thing that came out of that was that "arbitration" hearings are now more thorough, even though they are still supposedly informal. Getting back to the point, the admissability of evidence is entirely up to the presiding judge. We all know that digital evidence is easy to fake, but what about other evidence, like fingerprints? There's a man in prison in the UK on the basis of one fingerprint found on a vase at a crime scene. This could have gotten onto this vase without him even entering the building. The best you can do is to ensure that the data you collect isn't altered and that only one person collects the data, with a colleague to act as a witness. Even then there is no guarantee that the evidence will be accepted. The evidence of two people should carry more weight than one, but there are no guarantees in taking any kind of legal action. Of course, you are allowed to appeal this but this all costs money. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk The trouble with postmodernism isn't just that no-one actually believes in it, but no-one can believe in it. - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Re: Reacting to a server compromise, (continued)
- RE: Re: Reacting to a server compromise Ron DuFresne (Aug 04)
- RE: Re: Reacting to a server compromise security snot (Aug 04)
- SV: Re: Reacting to a server compromise martin scherer (Aug 04)
- RE: Re: Reacting to a server compromise madsaxon (Aug 04)
- Re: Re: Reacting to a server compromise Darren Reed (Aug 04)
- RE: Re: Reacting to a server compromise Ron DuFresne (Aug 04)
- RE: Reacting to a server compromise Brad Bemis (Aug 04)
- RE: Reacting to a server compromise Brad Bemis (Aug 04)
- RE: Reacting to a server compromise Jones, David H (Aug 04)
- Re: Reacting to a server compromise Jason Ellison (Aug 04)
- Re: Re: Reacting to a server compromise northern snowfall (Aug 04)
- RE: Reacting to a server compromise John . Airey (Aug 05)