« 2006 CSI/FBI Computer Crime and Security Survey
Windows events links »

Re: Log integrity handling on central logsystem

There’s a very interesting thread being discussed on the log-analysis list. The topic is on “Log integrity handling on central logsystem.”

I think the general consensus is that log signing ALONE is not going to be enough, and that signing just the filtered log is also not enough.

Very interesting read. Should definitely check it out.

I agree with Marcus… log signing [alone] is not going to make or break
a court case — it [alone] might almost be asking for trouble.

As I pointed out later in my earlier response, the big deal is to get
all possible logs, even if they don’t appear relevant to the particular
matter — so you can show the trace, other anomalies (or lack of other
anomalies).

Last Modified: Friday, September 1st, 2006 @ 15:34

This entry was posted on Friday, September 1st, 2006 at 3:34 pm and is filed under Compliance. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

2 Responses to “Re: Log integrity handling on central logsystem”

  1. Michael Said on September 6th, 2006 at 5:13 pm quote

    Jian, You changed the format! I like it. Very clean.

  2. jlz Said on September 7th, 2006 at 8:42 am quote

    Thanks Mike! Glad you like the new look. :)