Date: Sat, 14 Jan 2006 09:23:08 -0800 From: Cy Schubert <Cy.Schubert@komquats.com> To: les@safety.net Cc: anchor <jacquejiang@hotmail.com>, Cy Schubert <Cy.Schubert@cwfw.komquats.com>, freebsd-hackers@freebsd.org Subject: Re: My machine been hacked, I need help Message-ID: <200601141723.k0EHN874037714@cwsys.cwsent.com> In-Reply-To: Message from les@safety.net of "Sat, 14 Jan 2006 09:52:28 MST." <200601141652.k0EGqStk006474@ns3.safety.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200601141652.k0EGqStk006474@ns3.safety.net>, les@safety.net writes: > > In message <200601141632.29709.doconnor@gsoft.com.au>, "Daniel O'Connor" > > writes > > Only evidence collected by a forensic analysis tool > > is admissible in court. > > Not necessarily true. Log data that is routinely collected can be > admissible. Though, log data that you collected starting when you > suspected there was something amiss will not be. That is true for logfiles, however Canadian law requires a filesystem analysis tool. As little as fiveyears ago taking a DD dump of a device was admissible but I've been told by the RCMP that a forensic analysis tool is now required. I've been told that this is also true of US law. I'm not sure about British or European law. Unfortunately taking people to court over hacking is difficult but not impossible. Police forces are becoming more receptive to the idea and tools which have been admitted in court previously make the job of preparing a successful case easier. Cheers, Cy Schubert <Cy.Schubert@komquats.com> Web: http://www.komquats.com and http://www.bcbodybuilder.com FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org BC Government: <Cy.Schubert@gov.bc.ca> "Lift long enough and I believe arrogance is replaced by humility and fear by courage and selfishness by generosity and rudeness by compassion and caring." -- Dave Draper
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601141723.k0EHN874037714>