[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030423221951.L39659-100000@sisyphus.iocaine.com>
From: tbird at precision-guesswork.com (Tina Bird)
Subject: admissability of logs in court
Okay, after having discussed this issue on the Log Analysis mailing list
(with pointers previously pointed), here's the extremely brief summary I
wrote to Firewall-Wizards this January. Technical issues notwithstanding,
unless you can demonstrate that tampering has occured, logs are as
admissable as testimony from a witness (see the reference cited below):
---------- Forwarded message ----------
Date: Wed, 29 Jan 2003 16:52:21 +0000 (GMT)
From: Tina Bird <tbird@...cision-guesswork.com>
To: dave <dave@...medic.net>
Cc: "'Noonan, Wesley'" <Wesley_Noonan@....com>,
'Brian Monkman' <bmonkman@...cast.net>,
"firewall-wizards@...or.icsalabs.com" <firewall-wizards@...or.icsalabs.com>
Subject: RE: [fw-wiz] Acqusition of time
On Wed, 29 Jan 2003, dave wrote:
> Actually a good attorney could tear up any log system even with perfect time
> stamps. All that need would need to be proved was the fact that it could
> have been faked.
>Actually<, current case law on the admissibility of computer log data in
court suggests that the possibility of tampering is not sufficient cause
to throw logs out. Someone who wants to have log data thrown out because
it may have been tampered with has to show evidence that the data >has<
been tampered with.
See, for instance:
http://www.usdoj.gov/criminal/cybercrime/usamarch2001_4.htm
There was a >long< discussion of this issue on the LogAnalysis mailing
list. If you want to read it, go to http://www.loganalysis.org, click on
"Library" in the nav bar, then "Frequently discussed topics".
tbird
--
I, on the other hand, do not work. I enjoy the slothful life of an artist,
and while away the hours in meaningless aesthetic pursuits punctuated by
bouts of hedonistic debauchery and an occasional nap.
-- David Rinehart
http://www.shmoo.com/~tbird
Log Analysis http://www.loganalysis.org
VPN http://vpn.shmoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@...or.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Powered by blists - more mailing lists