Authenticity of Logs
Results 1 to 5 of 5

Thread: Authenticity of Logs

  1. #1
    Junior Member
    Join Date
    Oct 2003
    Posts
    1

    Authenticity of Logs

    I often hear that a logfile has the same value than a testimony.
    Some people say a solution to proof the authenticity of a logfile is to sign every logfile with a key.

    Do you know how to use public/private keys to sign a log or other ways to prrof the authenticity of a logilfe?

    oznoG

  2. #2
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    There are a few factors to this to make the logs valid. I would recommend looking up forensic techniques and so on in google as well as going to http://www.sans.org and checking out their reading room.

    Security focus also has some related articles such as - http://www.securityfocus.com/infocus/1639
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  3. #3
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    tripwire and similar applications keep track of important files...
    keeping checksums could help...
    yeah, I\'m gonna need that by friday...

  4. #4
    Interesting subject.

    I often hear that a logfile has the same value than a testimony.
    Do you know how to use public/private keys to sign a log or other ways to prrof the authenticity of a logilfe?
    Like mentioned tripwire and similar application use checksums to verify code. However, if a system is compromised these programs might as well be.

    Logfiles are important in a investigation but I feel they are circumstantial evidence.
    Log files can be manipulated.

    You should definatly keep your eye on the log files but they are not testimonial.

  5. #5
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    Actually most computer evidence is viewed as hearsay I believe. It can be used in cases but you have to prove that due dilligence was done in the collection of the data, handling, etc. As I said before a quick search of google can provide a ton of information on this subject. http://www.sans.org also has quite a bit of info as well as a class (which i went to last summer, it's pretty good) on business law and computer security.


    One link from google - http://www-staff.mcs.uts.edu.au/~jim...l/ComEvid.html
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •