Hi, Here is another contribution to diversifying the discussions on the list. The Institute for Security Technology Studies at Dartmouth College has a paper out titled "Law Enforcement Tools and Technologies for Investigating Cyber Attacks" and you can get it via http://www.ists.dartmouth.edu/TAG/lena.htm. Chapter 3 is of particular interest to this list. One of the items suggested was the creation of a "nationally accessible repository of log file structures for multiple operating systems". This is to assist investigators who are dealing with recovered fragments of deleted logs. Another part suggests the need for a tool to merge multiple logs from multiple machines into a timeline. Hopefully this tool would have the smarts to figure out the differences between the clocks on the system supplying the logs, and to be able to determine the clock drift. B Cing U Buck _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Jan 17 2003 - 09:53:51 PST