[AusNOG] Metadata retention... it's now (almost) a thing
Narelle
narellec at gmail.com
Mon Nov 3 10:01:33 EST 2014
On Mon, Nov 3, 2014 at 8:28 AM, Ross Wheeler <ausnog at rossw.net> wrote:
>
> Fly, or drive - for what seems stupidly long times (two officers drove
> Sydney to Albury to collect some evidence from me). I believe it has a lot
> to do with the preservation of evience integrity. They had to observe it
> being extracted, copy and certify, then keep it in their posession
> (presumably only until it got back to the office and into evidence locker or
> something).
Making sure that material is captured, preserved and secured to the
appropriate evidentiary standard is imho extremely important.
The fact that much of this stuff is generated and stored via raw text
in barely secured systems seems lost on the politicians and media.
> I still don't see how they (think) they can guarantee any logs extracted
> from a system haven't been "fiddled with" before they get there. It would be
> a trivial task and I should think it would be either undetectable or
> impossible to prove it was either valid OR tainted.
Indeed. Logging was not created for this purpose.
regards
Narelle
--
Narelle
narellec at gmail.com
More information about the AusNOG
mailing list