Intrusion Detection Systems mailing list archives

RE: Forensics Methodology

From: ajcblyth () glam ac uk (Blyth A J C (Comp))
Date: Mon, 6 Dec 1999 10:07:04 -0000



That is a very good question - A very simple answer is that you will need to
comply with the rules of evidence for the country that you are in.

I know that in the US logs generated by some IDS products have been accepted
as evidence. I am not aware of this being true in an other country.

regards

Andrew.

-----Original Message-----
From: Subba Rao [SMTP:subb3 () ibm net]
Sent: 04 December 1999 13:01
To:   IDS Discussion List
Subject:      IDS: Forensics Methodology

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
--------------------------------------------------------------------------
-
---

Is there any forensics methodology that is recommended after IDS/NIDS
reports
about an intrusion or missuse?

Thank you.

Subba Rao
subb3 () ibm net
http://pws.prserv.net/truemax/

Current thread:

Forensics Methodology Subba Rao (Dec 04)
- <Possible follow-ups>
- RE: Forensics Methodology Tyzenhaus, Laurie A. (Dec 05)
- RE: Forensics Methodology Blyth A J C (Comp) (Dec 06)