On Mon, Dec 16, 2002 at 07:01:17PM -0800, Eric Fitzgerald wrote: > 3) Forensics - recording enough information that even if illegitimate > activity wasn't directly detected, that when evidence of illegitimate > activity is discovered via some other mechanism, that the logs can > provide enough information track down the wrongdoer, restore the system > to a trustworthy state, and/or prevent the same attack from occurring > again. I think you can expand that a bit. "Forensics" doesn't always have to mean a baddy is at work. 99-100% of the "forensics" work I've done with system logs has been to track down what went wrong with the system - good ol' fashion Sysadmin stuff :-) ["looky-here: out of disk space - that explains everything..."] -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 12:28:23 PST