Re: Audit Logs as submissible evidence.

From: Jim Wiedman (jimat_private)
Date: Wed Jun 19 2002 - 13:22:27 PDT

Next message: Christopher L. T. Brown: "RE: Imaging a "live" system"

Previous message: crazytrain.com: "Re: Imaging a "live" system"
In reply to: Jonathan A. Zdziarski: "RE: Audit Logs as submissible evidence."
Next in thread: Hudson, Ed (ISS San Francisco): "RE: Audit Logs as submissible evidence."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just a small legal point:  system logs can never be hearsay.  Only
humans can create a statement that is hearsay; computers cannot. 
However, judges are always free to discard unreliable evidence
because it is not relevant.

Jonathan A. Zdziarski wrote:

 >It all comes down to the credibility/reliability of the data and the
 >authentication of that data.  Evidence such as tape recordings and
 >server logs must be authenticated to be admitted into court, and the
 >authentication always turns out to be your burden.  If the data is
 >credible enough, the judge may allow it but if there is doubt, it will
 >most likely be argued as hearsay (The logs told me this...the sysadmin
 >told me that...)
 >




-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Christopher L. T. Brown: "RE: Imaging a "live" system"
Previous message: crazytrain.com: "Re: Imaging a "live" system"
In reply to: Jonathan A. Zdziarski: "RE: Audit Logs as submissible evidence."
Next in thread: Hudson, Ed (ISS San Francisco): "RE: Audit Logs as submissible evidence."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 15:47:50 PDT