RE: [logs] Logging standards?

From: markkat_private
Date: Fri Oct 26 2001 - 16:39:40 PDT

Next message: Carl Husa: "RE: [logs] Logging standards?"

Previous message: Larry Brown: "Re: [logs] Logging standards?"
Maybe in reply to: Rebecca Kastl: "[logs] Logging standards?"
Next in thread: Carl Husa: "RE: [logs] Logging standards?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Folks,
If you do not use your logs in the normal performance of business and do not
have procedures for processing them (that you really follow) then logs are
considered hearsay evidence and can be dismissed as such. Having had to
testify to this will change your attitude. 

For the record, the court treats all records the same way. When a financial
institution is submitting records with regard to a case (such as check
fraud) the prosecution will build the foundation by questioning the witness
about how the records are generated, kept and what they do with them on a
daily basis. If the answers don't meet muster then the defense will move to
have them struck as hearsay.

Why is this important? Well, if you're using the log evidence in addition to
a bitstream copy of the target you run the risk of losing the logs as
evidence and therefore proof of an extended attack. It could affect the
awarded damages or the final sentence.
m

> -----Original Message-----
> From: gekked [mailto:gekkedat_private]
> Sent: Friday, October 26, 2001 1:34 PM
> To: Rebecca Kastl
> Cc: Log Analysis Mailing List
> Subject: Re: [logs] Logging standards?
> 
> 
> 
> I am not a lawyer.
> But a website I work with has these considerations. For non-regulated
> industries, there is no legal requirement for keeping server logs. 
> 
> For organizations (like financial) that are already regulated, or
> already have record preservation restrictions, those extend to the
> internet. 
> 
> In the current climate of expanding law enforcement power, friends
> from the EFF tell me that required logging legislation is on the
> horizon, with UK and Dutch governments leading the charge.
> 
> gkd/imc
> 
> Rebecca Kastl <rkastlat_private> said:
> > Does anyone know the specific or federal mandates (or legal 
> expectations)
> > within the U.S. for an entity to maintain log information 
> -- specifically
> > within a financial organization?
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> For additional commands, e-mail: loganalysis-helpat_private
>

Next message: Carl Husa: "RE: [logs] Logging standards?"
Previous message: Larry Brown: "Re: [logs] Logging standards?"
Maybe in reply to: Rebecca Kastl: "[logs] Logging standards?"
Next in thread: Carl Husa: "RE: [logs] Logging standards?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 17:35:31 PDT