Matt Pepe wrote: > > > There is one good topic: to define data format for Evidence collection > > capable for court admission. You can touch legal issues as little as > > you > > want but still deal with really CS related issues. > > > > Actually, I dont believe that he would get much credit for such a topic, > unless the professor had little knowledge of evidence collection and the > legal issues involved. This is not a CS problem. Sure we can produce > MD5 and SHA1 hashes for every sector, hash those results, pass the > resultant hashes to five third-party independent data warehouses.. Hell, > print the hashes on the side of a Ariane 5 rocket, launch it into space, and > require the deposition of an astronaut as a fact witness, reading the > values during orbit. > The fact is that the hashes are there for data integrity, mainly to prove that > when the embodiment of the evidence changes (actual device to raw > image to CDs, to Safeback image, etc) the information has not changed. > This technology and mathematics behind the algorithms has been > proven, both in "real life" and in court. When it comes down to the > accuracy of the evidence obtained, that rests on the shoulders of the > investigators involved. This is no different than tracking evidence, both > actual and demonstrative, in any other case. > > > And one more benefits, you can do useful thing for ongoing > development > > of the IODEF (Incident Object Description and Exchange Format) > > > > This looks quite interesting! How widespread is this task force, and does > it mesh with some of the vulnerability databases out there (CVE, for > example)? > I need to repeat urls from my original reply. TERENA's IODEF WG (http://www.terena.nl/tech/iodef/) has finished it's work with the final draft document > http://www.terena.nl/tech/iodef/docs/draft-terena-iodef-xml-005-final.txt Remaining tasks include producing managerial and user guides for IODEF implementation and usage to be completed soon. Ongoing IODEF Project - http://www.surfnetters.nl/meijer/tf-csirt/iodef/pilot.html will produce IODEF API and XML library by September. Further work on IODEF development has moved to IETF http://www.terena.nl/tech/inch/ This week INCH BoF meeting at IETF53 - http://www.ietf.org/ietf/02mar/inch.txt FYI: IETF INCH mailing list: Post: inchat_private Subscribe: send mail to listservat_private with "subscribe inch <first name> <last name>" in the body Mailing List Archive: http://listserv.surfnet.nl/archives/inch.html You are welcome to INCH/IODEF development. Yuri ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Mar 20 2002 - 06:38:51 PST