lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <44281.198.162.158.16.1120602820.squirrel@65.61.200.197>
Date: Tue Jul  5 23:34:55 2005
From: eric at arcticbears.com (Eric Paynter)
Subject: RE: Tools accepted by the courts

On Tue, July 5, 2005 3:02 pm, pingywon said:
> I have heard on more then one ocassion that Microsoft Event files (.evt)
> are admissible.

Like anything, it depends a lot on the situation. It's a log file, so like
any log file, it must be relevant and have a clean chain of custody. For
anything more specific, it depends on your jurisdiction.

Here is a link to the US Federal Rules of Evidence that might provide
entertainment for some readers of this list:

http://expertpages.com/federal/federal.htm

Relevancy is defined in Article 4.

Log files are generally considered "records of a regularly conducted
activity", which is referenced in Rule 803(6). Note that Article 8 is
about hearsay. A log is hearsay, but Rule 803 defines the exceptions to
the inadmissibility of hearsay.

-Eric

--
arctic bears - email and dns services
http://www.arcticbears.com

Powered by blists - more mailing lists