One potentially dangerous thing I see developing with this effort is the assumption most people seem to be making that the forensics procedure/technology must withstand legal scrutiny, i.e. under a court of law. This is not always the case. Many sites will want to execute computer forensics for other reasons, such as recovering data, finding out why a server crashed badly, and people who want to gather that data but do not need or want to pursue legal sanctions against the other party (i.e. companies running regular checks on systems to detect anamolous behaviour, a suspicious spouse, a concerned parent, etc.). I feel it is important to remember that not everyone has the same legal/technical requirements for computer forensics and that the guide should reflect this. I.e. offer a set of options/reccomendations (do steps 3 through 7 to recover the data. do steps 1 through 2 and 8 through 10 to recover the data in a fashion that is more likely to withstand legal examination). Kurt Seifried, kurtat_private A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu May 08 2003 - 14:46:49 PDT