On Tuesday 22 Jul 2003 9:57 pm, Curt Purdy wrote: >The problem comes from someone cluefull enough to wipe cookies/history and >not keep incriminating files. The best best answer is a proxy server that >logs all access and an email server that keeps a record of all mail. Whilst logs from mail and proxy servers are useful in isolating potential culprits (either in WFA cases or others, such as illicit viewing of pornography), and may possibly count as suitable evidence in internal disciplinary procedures, it generally isn't enough to satisfy courts, if things are likely to reach that level. I've been involved in a number of cases where the powers that be have said that server logs were not sufficient (too easily forged, although if you run them straight to a printer or burn to CD-R etc you might be better off), and even that evidence found on a hard drive can be questioned (can you prove your suspect was using the machine at the time?). However a combination of a network sniffer and a few shell scripts to monitor server logs and page appropriate people have lead to the suspects being caught at the machine, which (combined with extra evidence such as log files), is usually enough to prove the offence conclusively. cheers john ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 24 2003 - 05:21:11 PDT