lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: devnull at (
Subject: Reacting to a server compromise

On Sun, 3 Aug 2003 01:38 am, Jennifer Bradley wrote:

> If this happens again, I would probably make a copy of the hard drive,
> or at the very least the log files since they can be entered as
> evidence of a hacked box.

Under most jurisdictions, an ordinary disk image produced by Norton Ghost etc 
using standard hardware is completely inadmissible in court, as it is 
impossible to make one without possibly compromising the integrity of the 
evidence. The police etc use specialised hardware for making such copies, 
which ensures that the disk can't have been altered.

Powered by blists - more mailing lists