lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <003301c309c5$75bca350$6601a8c0@rms2>
From: rms at computerbytesman.com (Richard M. Smith)
Subject: Break-in discovery and forensics tools

Log files are used fairly often nowadays in both criminal investigations
and trials.  Here are some examples from the past few years:

E-Mail Trail To Pearl Suspects
http://www.cbsnews.com/stories/2002/05/08/world/main508294.shtml

Philippine ISP cooperating with FBI in virus probe 
http://news.com.com/2100-1001-240089.html

Tracking Melissa's alter egos
http://zdnet.com.com/2100-11-514231.html

Arrest made in Bloomberg story hoax 
http://news.com.com/2100-1023-224500.html?legacy=cnet&tag=st.ne.1002.src
hres.ni

Emulex hoax suspect bond set at $100,000 
http://news.com.com/2100-1033-245239.html

A person can't be convicted of a crime just because of log files, but
they certainly can be used in a trial to tell part of the story of a
crime.

Richard


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Hotmail
Sent: Wednesday, April 23, 2003 12:19 PM
To: roman.kunz@...iusbaer.com; full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Break-in discovery and forensics tools


 I realize the importance of after incident forensics... What I dont
understand is logs used in a court for prosecution. Logs are inheritly
not
preservable or physical evidence, it is tamperable from the time the
external data hits a MAC, if that were the case basicly I could take my
logs
and edit any damn originating ip i choose, send thosse logs to law
enforcement, and have an innocent person convicted. Logs are nice.. but
IMHO
defeatable in court.

wood

----- Original Message -----
From: <roman.kunz@...iusbaer.com>
To: <steve.wray@...adise.net.nz>; <full-disclosure@...ts.netsys.com>
Sent: Wednesday, April 23, 2003 2:47 AM
Subject: RE: [Full-Disclosure] Break-in discovery and forensics tools


>
> Hi Steve,
>
> >>steve wrote:
> >>You mean for every OS that runs on a PC, right? Like BeOS for
example?
> >>How about OpenBSD? SCO Unixware? Solaris (PC version)?
>
> BeOS i dunno. But the unix's shouldn't be that hard. simply replace
the
> encrypted pass in the /etc/shadow file is enough.
> you can create your own encrypted passwd's with: perl -e 'print
> substr(crypt("<your pass>", "<salt>"), 0) . "\n"'
> just replace in the shadow file and you can login with <your pass>.
>
>
> cheers
> --r
>
>
> *****Disclaimer*****
> This message is for the addressee only and may contain confidential or
> privileged information. You must delete and not use it if you are not
the
> intended recipient. It may not be secure or error-free. All e-mail
> communications to and from the Julius Baer Group may be monitored.
> Processing of incoming e-mails cannot be guaranteed. Any views
expressed
in
> this message are those of the individual sender. This message is for
> information purposes only. All liability of the Julius Baer Group and
its
> entities for any damages resulting from e-mail use is excluded. US
persons
> are kindly requested to read the important legal information presented
> after clicking here: http://www.juliusbaer.com/maildisclaimer
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ