> >My current thoughts are : > > * they should be archived to tamper proof (write once) > media, such as CD- > >or DVD-R. > > > Could anyone on the list comment about the feasibility/forensic > value of storing logs on spinning media and just burning complete > archives of checksums to CDs and storing the digital signatures > away? Paul? My biggest concern for this system would simply be the reliability of the spinning medium. > > It strikes me that a few hundred gigs of logs is about $255.00 > worth of storage. I have 2 of those in my home MP3 server. ;) > But you can store a LOT of checksums on a CD-R. ;) Indeed, if > you're using a CD-R that allows write-updates, you'd be able > to incrementally add and I don't think it'd be arguable that > you'd be able to erase 'em later. But what happens if you end up finding a log that's been changed? what then? at least if you are burning the logs, you've still got them. what could be interesting however is burning encryption keys as well as a hash .. and encrypting the logs while storing them. > > mjr. > --- > Marcus J. Ranum http://www.ranum.com > Computer and Communications Security mjrat_private > _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 15:14:26 PST