Re: [logs] Data for Court

From: jamie rishaw (jamieat_private)
Date: Wed Dec 19 2001 - 06:58:42 PST

Next message: Greg Dotoli: "RE: [logs] RE: [[logs] Backup]"

Previous message: todd glassey: "Re: [logs] Data for Court"
In reply to: todd glassey: "Re: [logs] Data for Court"
Next in thread: todd glassey: "Re: [logs] Data for Court"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 18, 2001 at 05:37:15PM -0800, todd glassey wrote:
> 
> ----- Original Message -----
> From: "Tina Bird" <tbird@precision-guesswork.com>
> To: "todd glassey" <todd.glasseyat_private>
> Cc: "Bill Spernow" <bill.spernowat_private>; "'jamie rishaw'"
> <jrishawat_private>; "'Log Analysis Mailing List'"
> <loganalysisat_private>
> Sent: Tuesday, December 18, 2001 3:29 PM
> Subject: Re: [logs] Data for Court
> 
> 
> > I'm not sure what you're quoting, Todd, and I'd love to
> > know, but according to Kerr pg. 2, last complete paragraph
> > at the bottom of the page:
> >
> > "However, the fact that a computer, rather than a human
> > being, has created the record alters the evidentiary issues
> > that the computer-generated records present.  See, eg. 2 J.
> > Strong, McCormick on Evidence 294, at 286 (4th ed. 1992).
> > The evidentiary issue is no longer whether a human's out of
> > court statement was truthful and accurate (a question of
> > hearsay), but instead whether the computer program that
> > generated the record was functioning properly (a question
> > of authenticity).
> 
> This is the key here - The concept of proving that the record was
> functioning properly.  My point is that the burden is shifting to a modality
> wherein we will be called to prove that our systems are functioning properly
> and that there will likely be BCP metrics for looking at what is and is not
> considered "right".

That's why establishing a 'baseline' of what is NORMAL is imperative.

If you have old logs to show: This is how my system functions on a normal,
ordinary day.. and here is my log data on the intrusion day.. which shows
the normal stuff but it also shows this /new/ data.. I don't think there's
much that can be debated, outside of accusations of blatant mischief/
forgery of logfiles, which, when presented as evidence, is comtempt,
perjury, and who knows what else.

-- 
jamie rishaw <jamieat_private>
sr. wan/unix engineer/ninja // playboy enterprises inc.
[opinions stated are mine, and are not necessarily those of the bunny]

"UNIX was not designed to stop people from doing stupid things, because
 that would also stop them from doing clever things." -- Doug Gwyn

---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Greg Dotoli: "RE: [logs] RE: [[logs] Backup]"
Previous message: todd glassey: "Re: [logs] Data for Court"
In reply to: todd glassey: "Re: [logs] Data for Court"
Next in thread: todd glassey: "Re: [logs] Data for Court"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 07:40:39 PST