[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0304231610490.22677-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: Break-in discovery and forensics tools
This thread occuredon another list not long ago, and if I recall, tina
bird had some solid information concerning the amissability of system logs
in courts. Hopefully if she monitors this list, she will share her
knowledge again, and lay this thread to rest.
Thanks,
Ron DuFresne
On Wed, 23 Apr 2003, Richard M. Smith wrote:
> Log files are used fairly often nowadays in both criminal investigations
> and trials. Here are some examples from the past few years:
>
> E-Mail Trail To Pearl Suspects
> http://www.cbsnews.com/stories/2002/05/08/world/main508294.shtml
>
> Philippine ISP cooperating with FBI in virus probe
> http://news.com.com/2100-1001-240089.html
>
> Tracking Melissa's alter egos
> http://zdnet.com.com/2100-11-514231.html
>
> Arrest made in Bloomberg story hoax
> http://news.com.com/2100-1023-224500.html?legacy=cnet&tag=st.ne.1002.src
> hres.ni
>
> Emulex hoax suspect bond set at $100,000
> http://news.com.com/2100-1033-245239.html
>
> A person can't be convicted of a crime just because of log files, but
> they certainly can be used in a trial to tell part of the story of a
> crime.
>
> Richard
>
>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Hotmail
> Sent: Wednesday, April 23, 2003 12:19 PM
> To: roman.kunz@...iusbaer.com; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Break-in discovery and forensics tools
>
>
> I realize the importance of after incident forensics... What I dont
> understand is logs used in a court for prosecution. Logs are inheritly
> not
> preservable or physical evidence, it is tamperable from the time the
> external data hits a MAC, if that were the case basicly I could take my
> logs
> and edit any damn originating ip i choose, send thosse logs to law
> enforcement, and have an innocent person convicted. Logs are nice.. but
> IMHO
> defeatable in court.
>
> wood
>
> ----- Original Message -----
> From: <roman.kunz@...iusbaer.com>
> To: <steve.wray@...adise.net.nz>; <full-disclosure@...ts.netsys.com>
> Sent: Wednesday, April 23, 2003 2:47 AM
> Subject: RE: [Full-Disclosure] Break-in discovery and forensics tools
>
>
> >
> > Hi Steve,
> >
> > >>steve wrote:
> > >>You mean for every OS that runs on a PC, right? Like BeOS for
> example?
> > >>How about OpenBSD? SCO Unixware? Solaris (PC version)?
> >
> > BeOS i dunno. But the unix's shouldn't be that hard. simply replace
> the
> > encrypted pass in the /etc/shadow file is enough.
> > you can create your own encrypted passwd's with: perl -e 'print
> > substr(crypt("<your pass>", "<salt>"), 0) . "\n"'
> > just replace in the shadow file and you can login with <your pass>.
> >
> >
> > cheers
> > --r
> >
> >
> > *****Disclaimer*****
> > This message is for the addressee only and may contain confidential or
> > privileged information. You must delete and not use it if you are not
> the
> > intended recipient. It may not be secure or error-free. All e-mail
> > communications to and from the Julius Baer Group may be monitored.
> > Processing of incoming e-mails cannot be guaranteed. Any views
> expressed
> in
> > this message are those of the individual sender. This message is for
> > information purposes only. All liability of the Julius Baer Group and
> its
> > entities for any damages resulting from e-mail use is excluded. US
> persons
> > are kindly requested to read the important legal information presented
> > after clicking here: http://www.juliusbaer.com/maildisclaimer
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists