> There is one good topic: to define data format for Evidence collection > capable for court admission. You can touch legal issues as little as > you > want but still deal with really CS related issues. > Actually, I dont believe that he would get much credit for such a topic, unless the professor had little knowledge of evidence collection and the legal issues involved. This is not a CS problem. Sure we can produce MD5 and SHA1 hashes for every sector, hash those results, pass the resultant hashes to five third-party independent data warehouses.. Hell, print the hashes on the side of a Ariane 5 rocket, launch it into space, and require the deposition of an astronaut as a fact witness, reading the values during orbit. The fact is that the hashes are there for data integrity, mainly to prove that when the embodiment of the evidence changes (actual device to raw image to CDs, to Safeback image, etc) the information has not changed. This technology and mathematics behind the algorithms has been proven, both in "real life" and in court. When it comes down to the accuracy of the evidence obtained, that rests on the shoulders of the investigators involved. This is no different than tracking evidence, both actual and demonstrative, in any other case. > And one more benefits, you can do useful thing for ongoing development > of the IODEF (Incident Object Description and Exchange Format) > This looks quite interesting! How widespread is this task force, and does it mesh with some of the vulnerability databases out there (CVE, for example)? -- Matt ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Mar 19 2002 - 08:51:44 PST