Gonzales pressures ISPs on data retention

TalkBack 26 of 40:

Next »

« Previous

• Thread View
• Flat View

Logs

Hi, "none none".

You said:

Except the link you provided doesn't support your statement. According to the link, the most you could say about the logs is they provided probable cause for a search warrant.

If they supported a search warrant, then obviously they were acceptable to a court. Otherwise, the search warrant wouldn't have been granted, or the case would have been thrown out because of the bad warrant.

You also said:

If that's not enough, the "logs" in the cite are not even system logs. They're the output of a userland script written by a system admin to track the defendant after someone blew him in.

Whether they were system logs or some other kind of log is immaterial to the discussion. It was posited that computer logs would never be used in court because of the chance that they'd be doctored. Clearly, that's false.

You concluded:

And if that's not enough, the defendant in the cited case copped a plea so it never got to trial!

Gee, do you think he might have copped a plea because his lawyer knew they had him dead to rights with the log?

Here's another case where the logs (and in this case, it was the system log that was used) leads to a conviction:

http://www.itjungle.com/tfh/tfh121503-story03.html

Here's the relevant paragraph:

"One of the Hellmann IT guys had just attended a SANS Institute security conference," Boscovich says. "He followed their protocol, to take a snapshot copy of the system first, to preserve the evidence. Then they went ahead and did their backups." That snapshot showed information in the system log that revealed Diaz had deleted the directory that housed the critical applications.


And then there's this case:

http://commdocs.house.gov/committees/judiciary/hju72616.000/hju72616_1.HTM

The relevant paragraphs:

The first case was initiated on March 5, 2001, when a local Secret Service field office received information that a medical diagnostic service provider had suffered a catastrophic shutdown of its computer network and communications system. The company reported that they were unable to access doctor schedules, diagnostic images, patient information, and essential hospital records, which adversely affected their ability to provide care to patients and assist dependent medical facilities.

Within a matter of hours, a Secret Service ECSAP agent was able to regain control of the network by coordinating with the facility's system administrator to temporarily shutdown and reconfigure the computer system. The ECSAP agent also essentially ''hacked'' into the compromised system, and modified compromised password files to ''lock out'' the attacker. This was accomplished while maintaining control of the computer system log files containing evidence of how the intrusion had occurred.

Using this evidence, a federal search warrant was obtained for the residence of a former employee of the hospital, who had recently been terminated from his position as system administrator. Computer equipment was seized pursuant to the warrant, the suspect admitted to his involvement, and federal computer fraud charges are pending.

So yes, system logs can and do get used to prosecute computer crimes.

Posted by: bhartman36   Posted on: 05/29/06 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• Open Standards Technologies Provide the Ingredients for Delivering Security Across the Papa Gino's Enterprise Dell Papa Gino's Holdings Corporation founded by the entrepreneur operates one ... Download Now
• VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
• Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now