[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Law11-OE39JDx2I5L40000010a4@hotmail.com>
From: se_cur_ity at hotmail.com (Hotmail)
Subject: Break-in discovery and forensics tools
I realize the importance of after incident forensics... What I dont
understand is logs used in a court for prosecution. Logs are inheritly not
preservable or physical evidence, it is tamperable from the time the
external data hits a MAC, if that were the case basicly I could take my logs
and edit any damn originating ip i choose, send thosse logs to law
enforcement, and have an innocent person convicted. Logs are nice.. but IMHO
defeatable in court.
wood
----- Original Message -----
From: <roman.kunz@...iusbaer.com>
To: <steve.wray@...adise.net.nz>; <full-disclosure@...ts.netsys.com>
Sent: Wednesday, April 23, 2003 2:47 AM
Subject: RE: [Full-Disclosure] Break-in discovery and forensics tools
>
> Hi Steve,
>
> >>steve wrote:
> >>You mean for every OS that runs on a PC, right? Like BeOS for example?
> >>How about OpenBSD? SCO Unixware? Solaris (PC version)?
>
> BeOS i dunno. But the unix's shouldn't be that hard. simply replace the
> encrypted pass in the /etc/shadow file is enough.
> you can create your own encrypted passwd's with: perl -e 'print
> substr(crypt("<your pass>", "<salt>"), 0) . "\n"'
> just replace in the shadow file and you can login with <your pass>.
>
>
> cheers
> --r
>
>
> *****Disclaimer*****
> This message is for the addressee only and may contain confidential or
> privileged information. You must delete and not use it if you are not the
> intended recipient. It may not be secure or error-free. All e-mail
> communications to and from the Julius Baer Group may be monitored.
> Processing of incoming e-mails cannot be guaranteed. Any views expressed
in
> this message are those of the individual sender. This message is for
> information purposes only. All liability of the Julius Baer Group and its
> entities for any damages resulting from e-mail use is excluded. US persons
> are kindly requested to read the important legal information presented
> after clicking here: http://www.juliusbaer.com/maildisclaimer
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists