RE: decoy traffic and legal admissibility of logs in court

["Meritt, Jim" <Jim.Meritt () wang com>]

They MAY be used in court as evidence, not "proof" (whatever that means) if:

1. They must be produced, maintained and used in the general course of
business.
2. They must be authenticated - that is, they must be shown, by qualified
witnesses, to be reliable
3. They must meet the "best evidence" rule; that is, what is produced must
be the best evidence available (not simply a copy of it, if the original is
also available)

In addition, the investigators themselves must have the necessary expertise
to testify about the investigation and the evidence collected.

Reference: Computer Crime: A crimefighter's Handbook by O'Reilly &
Associates, Inc.  p. 197

_______________________
The opinions expressed above are my own.  The facts simply are and belong to
none. 
James W. Meritt, CISSP
> Senior Security Systems Engineer at Wang Global
>
>
> ----------
> From:         Sebastian[SMTP:scut () nb in-berlin de]
> Sent:         Saturday, April 10, 1999 5:56 PM
> To:   Ken Williams
> Cc:   Fyodor; nmap-hackers () insecure org
> Subject:      Re: decoy traffic and legal admissibility of logs in court
        [snip]

> But in my view logs have never been a real proof itself. They can just
> give some points where you might find proofs.
[snip]

> In my opinion logs should indeed be used in court, but not as proofs.
[snip]