On Wed, Dec 11, 2002 at 11:26:15AM -0500, Blaise St-Laurent wrote:
> I'm in the process of setting up a centralized log server here, and i was
> wondering, from a potential forensics point of view, what are the
> requirements for archiving logs such that they are maximally useful down the
> road.
>
> My current thoughts are :
> * they should be archived to tamper proof (write once) media, such as CD-
> or DVD-R.
> * they should have as a minimum a hash applied and stored with them (how to
> implement is the question)
[ ... ]
Here are a couple of papers you might find interesting:
"Forward Integrity For Secure Audit Logs"
ftp://www.cs.ucsd.edu/pub/bsy/pub/fi.ps
"Cryptographic Support for Secure Logs on Untrusted Machines"
http://www.counterpane.com/secure-logs.pdf
Note that the last one is patented.
--
Devin Kowatch
devinkat_private
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 13:38:50 PST