[logs] Audit - Log Retention - How Long - Legal Requirements?

From: Port 911 (port911at_private)
Date: Mon Sep 08 2003 - 16:14:26 PDT

  • Next message: Rainer Gerhards: "RE: [logs] Audit - Log Retention - How Long - Legal Requirements?"

    Hi - new to the list. This question may be off topic since it's not directly
    related to analysis but .. here goes. I have gotten little or no response
    from several security and legal discussion boards, nothing definitive off
    I'm setting up policies for auditing, backing up, and storing logs.
    I have read many recommendations and requirements ranging from 7
    years to one year.
    Don't find any legal precedence (gigalaw.com etc.) We are:
    A Publicly traded, New York incorporated, non-government, non-healthcare,
    non-financial US
    Company thus not governed by HIPAA or GLBA requirements.
    Also - regarding Windows logs -
    Should they be archived in native .evt format?
    What does law enforcement consider acceptable evidence?
    I know that if data is modified in certain ways it beomes disallowed in a
    court of law.
    Any experience and opinions would be appreciated.
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Mon Sep 08 2003 - 16:18:08 PDT