[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: [fw-wiz] Re: Acquisition of time
From: "W.C. Epperson" <epperson () alumni ! unc ! edu>
Date: 2003-01-30 13:33:07
[Download RAW message or body]
Have not read back through the entire thread or cross-referenced
ones, but I've not seen anyone raise the issue of chain of custody. The
general idea is testimony authenticating the item of evidence and the
lack of tampering during possession by each person in the chain. If
there's an issue of possible evidentiary use of a log file, we have two
sysadmins seal a backup in an envelope immediately, sign the sealed
flap, and have the accounting department vault it until needed. In the
face of a documented and attested chain of custody, it's the other
side's burden to establish the probability that tampering occurred.
Also see the USDOJ page on acquisition of electronic evidence,
especially the section "Authenticity and the Alteration of Computer
Records".
http://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic