[unisog] Log File Retention and Maintence

Eric Pancer epancer at infosec.depaul.edu
Tue Jul 1 05:39:26 GMT 2003


On Mon, 2003-06-30 at 15:14:57 -0400, Jason Brooks proclaimed...

>         If you follow the procedure of dumping your Event Log to a csv 
> file, then batch move those files to another box, and then import them into 
> some RDBMS, does that break the standard for having the original?  E.g., if 
> your records are subpoenaed, would records in the database prove useless 
> legally?

I don't know if there is previous case law to go on here, but my
feeling is that, so long as you can show you have a procedure for
maintaining proper chain-of-evidence and this is documented (tried
and true for your organization), your efforts might withstand
defense examination.

- Eric

-- 
Eric Pancer   :  Computer Security Response Team  :   DePaul University
| PGP   C0 22 49 91 41 E5 51 E7 68 3C F7 65 62 F7 7F 8E 7A CB CF F3   |



More information about the unisog mailing list