On Mon, 31 Mar 2003, Todd E. Tucker watched Inspector Gadget and wrote: > data into a network syslog server, including Ntsyslog. It would not hold up > in a court of law. And Ntsyslog provides no analytical capabilities like IMO, "It would not hold up in a court of law" is a specious claim, could you cite anywhere in, say the US Federal Rules of Evidence where this is explicitly said? (Hint: We've been over this topic on this list before.) I've not studied the rules of evidence for other countries too deeply at this point, but I'm pretty confident that syslog data would be admissable in most of them. What you're saying is like saying a footprint in mud wouldn't hold up in a court of law because anyone could go get any pair of shoes and track around- what's found at the scene is what's found at the scene, and the analysis of that is important, even absent non-repudiation. Plenty of judges have signed pleanty of orders based on syslog data in the discovery phase, which is where it tends to be most useful. You'd be no more likely to get a conviction based solely upon a lossless and cryptographically signed log as a sole source of evidence, and no less likely to recieve warrants or subponeas without it. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions probertsat_private which may have no basis whatsoever in fact." probertsonat_private Director of Risk Assessment TruSecure Corporation _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Apr 01 2003 - 09:51:52 PST