lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20030423194840.V35315-100000@sisyphus.iocaine.com>
From: tbird at precision-guesswork.com (Tina Bird)
Subject: Break-in discovery and forensics tools

On Wed, 23 Apr 2003, Valdis.Kletnieks@...edu wrote:

> On Wed, 23 Apr 2003 09:18:58 PDT, Hotmail <se_cur_ity@...mail.com>  said:
> >  I realize the importance of after incident forensics... What I dont
> > understand is logs used in a court for prosecution. Logs are inheritly not
> > preservable or physical evidence, it is tamperable from the time the
> > external data hits a MAC, if that were the case basicly I could take my logs
> > and edit any damn originating ip i choose, send thosse logs to law
> > enforcement, and have an innocent person convicted. Logs are nice.. but IMHO
> > defeatable in court.

There's been a >long< discussion of this issue on the Log Analysis mailing
list.  For a summary of the most lucid postings, with contributions from
geeks >and< lawyers (scary):

http://www.loganalysis.org/sections/discussions/index.html

cheers -- tbird

-- 
don't worry please please how many times do I have to say it
there's no way not to be who you are and where

                                               -- Ikkyu

http://www.shmoo.com/~tbird
Log Analysis http://www.loganalysis.org
VPN http://vpn.shmoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ