It must depend on the severity of the attack, etc. At a previous job, we had a system get broken into, while the fbi investigated, they didn't ask us to turn over the disks (they did ask for pertinant logs, home directories, files, etc.). Regardless, it probably can't hurt to have a cold backup that you can drop into place, in case it is confiscated, crashed, compromised... "W. Reilly Cooley, Esq." wrote: > > Thus spake Don Tansey: > > <snip>> So: if I had a logging server that centralized the logs, in the > > event of > > > intrusion, the authorities would just confiscate IT... right?</snip> > > > > > > While I have heard tales of confiscating the perpetrator's machines > > I have never heard of the _victims_ machines being lifted. > > > > Perhaps some of the "authorities" on the list would care to comment? > > My friend had a machine that was broken into and used to attack some > .mil sites. I believe he was in fact required to send the machine > (or at least the hard drive) to g-men. > > Wil > -- > W. Reilly Cooley wcooleyat_private > Naked Ape Consulting http://nakedape.cc > LNXS: Get 0.2.0-devel at http://sourceforge.net/projects/lnxs/ > irc.openprojects.net #lnxs > > Mencken and Nathan's Sixteenth Law of The Average American: > Milking a cow is an operation demanding a special talent that > is possessed only by yokels, and no person born in a large city can > never hope to acquire it. > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature -- Joe Callis Susquehanna International Group, LLP phone: 610-747-2534 callisat_private IMPORTANT: The information contained in this email and/or its attachments is confidential. If you are not the intended recipient, please notify the sender immediately by reply and immediately delete this message and all its attachments. Any review, use, reproduction, disclosure or dissemination of this message or any attachment by an unintended recipient is strictly prohibited. Neither this message nor any attachment is intended as or should be construed as an offer, solicitation or recommendation to buy or sell any security or other financial instrument. Neither the sender, his or her employer nor any of their respective affiliates makes any warranties as to the completeness or accuracy of any of the information contained herein or that this message or any of its attachments is free of viruses. --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:43:37 PDT