RE: Acqusition of time

["Paul D. Robertson" <proberts () patriot net>]

On Wed, 29 Jan 2003, dave wrote:

> Actually a good attorney could tear up any log system even with perfect time
> stamps.  All that need would need to be proved was the fact that it could
> have been faked.

This simply isn't true.  Just as physical evidence can be planted, 
photographic evidence could be faked, or forensics could be falsified, 
saying "it possibly could have been..." won't win you an instant 
acquittal.  It takes lots of bumbling by the prosecution and its witnesses 
to give you a "Mark Furman" kind of out, even if you hire the dream team 
for your defense.

Log files are admissable as machine records, and as such, they're valid 
evidence.  While it'd be difficult to get a conviction on log files alone, 
it's not impossible, and really what you really want is enough to get the 
person to plea out anyway, it's much cheaper on the entire system.  

If you were to challenge the admissability, you'd have to show why they 
weren't admissable, and possibility isn't as strong in admissibility as it 
is in guilt.  

If I can show that the logs are normal, and how they produce their 
records, and what you would have done to make that happen, "they could be 
changed!" won't get you  off any easier than "my PC was trojaned!"  Which 
appears to be the new "dog ate my homework" excuse of note.  Please note 
that for criminal cases (in .us anyway) the standard for not guilty is 
_reasonable_ doubt, not _any_ doubt.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards