lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030423221951.L39659-100000@sisyphus.iocaine.com>
From: tbird at precision-guesswork.com (Tina Bird)
Subject: admissability of logs in court

Okay, after having discussed this issue on the Log Analysis mailing list
(with pointers previously pointed), here's the extremely brief summary I
wrote to Firewall-Wizards this January.  Technical issues notwithstanding,
unless you can demonstrate that tampering has occured, logs are as
admissable as testimony from a witness (see the reference cited below):

---------- Forwarded message ----------
Date: Wed, 29 Jan 2003 16:52:21 +0000 (GMT)
From: Tina Bird <tbird@...cision-guesswork.com>
To: dave <dave@...medic.net>
Cc: "'Noonan, Wesley'" <Wesley_Noonan@....com>,
     'Brian Monkman' <bmonkman@...cast.net>,
     "firewall-wizards@...or.icsalabs.com" <firewall-wizards@...or.icsalabs.com>
Subject: RE: [fw-wiz] Acqusition of time

On Wed, 29 Jan 2003, dave wrote:

> Actually a good attorney could tear up any log system even with perfect time
> stamps.  All that need would need to be proved was the fact that it could
> have been faked.

>Actually<, current case law on the admissibility of computer log data in
court suggests that the possibility of tampering is not sufficient cause
to throw logs out.  Someone who wants to have log data thrown out because
it may have been tampered with has to show evidence that the data >has<
been tampered with.

See, for instance:
http://www.usdoj.gov/criminal/cybercrime/usamarch2001_4.htm

There was a >long< discussion of this issue on the LogAnalysis mailing
list.  If you want to read it, go to http://www.loganalysis.org, click on
"Library" in the nav bar, then "Frequently discussed topics".

tbird

-- 
I, on the other hand, do not work. I enjoy the slothful life of an artist,
and while away the hours in meaningless aesthetic pursuits punctuated by
bouts of hedonistic debauchery and an occasional nap.
                                              -- David Rinehart

http://www.shmoo.com/~tbird
Log Analysis http://www.loganalysis.org
VPN http://vpn.shmoo.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards@...or.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ