-
October 11th, 2003, 05:42 PM
#1
Junior Member
Authenticity of Logs
I often hear that a logfile has the same value than a testimony.
Some people say a solution to proof the authenticity of a logfile is to sign every logfile with a key.
Do you know how to use public/private keys to sign a log or other ways to prrof the authenticity of a logilfe?
oznoG
-
October 11th, 2003, 07:19 PM
#2
There are a few factors to this to make the logs valid. I would recommend looking up forensic techniques and so on in google as well as going to http://www.sans.org and checking out their reading room.
Security focus also has some related articles such as - http://www.securityfocus.com/infocus/1639
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
October 11th, 2003, 07:43 PM
#3
tripwire and similar applications keep track of important files...
keeping checksums could help...
yeah, I\'m gonna need that by friday...
-
October 11th, 2003, 10:35 PM
#4
Interesting subject.
I often hear that a logfile has the same value than a testimony.
Do you know how to use public/private keys to sign a log or other ways to prrof the authenticity of a logilfe?
Like mentioned tripwire and similar application use checksums to verify code. However, if a system is compromised these programs might as well be.
Logfiles are important in a investigation but I feel they are circumstantial evidence.
Log files can be manipulated.
You should definatly keep your eye on the log files but they are not testimonial.
-
October 12th, 2003, 03:38 AM
#5
Actually most computer evidence is viewed as hearsay I believe. It can be used in cases but you have to prove that due dilligence was done in the collection of the data, handling, etc. As I said before a quick search of google can provide a ton of information on this subject. http://www.sans.org also has quite a bit of info as well as a class (which i went to last summer, it's pretty good) on business law and computer security.
One link from google - http://www-staff.mcs.uts.edu.au/~jim...l/ComEvid.html
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|