The authorities may be happy with a physical copy of the logs. Of the LE folks I've spoken to, all have told me that their role is to have as little impact on the 'victim's' business as possible. Even in cases in which internal fraud was reported, or the perpetrator is an employee, doing crime against the company itself, there are ways to minimize the impact. Carv --- sween <sweenat_private> wrote: > > Is it true that, in the event of intrusion, the > authorities will > confiscate the machines to apply forensics to the > logs etc.? > > Meaning: if I do not have a logging server available > across nodes, and I > report an intrusion that causes considerable damage, > the authorities will > toss my mission critical machines into a trunk and > withold them evidence. > > So: if I had a logging server that centralized the > logs, in the event of > intrusion, the authorities would just confiscate > IT... right? > > > How accurate is this? > > > -- > > --- -sween > | M | http://www.modelm.org > --- "force feedback computing since 1984." > <meta name="MSSmartTagsPreventParsing" > content="TRUE"> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > loganalysis-unsubscribeat_private > For additional commands, e-mail: > loganalysis-helpat_private > __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:17:18 PDT