This preview shows page 1. Sign up to view the full content.
Unformatted text preview: vidence
that can be used to prove the evidence’s accuracy, trustworthiness, and reliability, such
as the testimony of a businessperson who generated the computer logs and collected
them. This person must generate and collect logs as a normal part of his business activities and not just this one time for court. The value of evidence depends upon the
genuineness and competence of the source.
It is important to show that the logs, and all evidence, have not been tampered with
in any way, which is the reason for the chain of custody of evidence. Several tools are
available that run checksums or hashing functions on the logs, which will allow the
team to be alerted if something has been modified.
When evidence is being collected, one issue that can come up is the user’s expectation of privacy. If an employee is suspected of, and charged with, a computer crime, he
might claim that his files on the computer he uses are personal and not available to law
enforcement and the courts. This is why it is important for companies to conduct security-awareness training, have employees sign documentation pertaining to the acceptable use of the company’s computers and equipment, and have legal banners pop up
on every employee’s computer when they log on. These are key elements in establishing
that a user has no right to privacy when he is using company equipment. The following
banner is suggested by CERT Advisory:
This system is for the use of authorized users only. Individuals using this computer system
without authority, or in excess of their authority, are subject to having all of their
activities on this system monitored and recorded by system personnel.
In the course of monitoring an individual improperly using this system, or in the course of
system maintenance, the activities of authorized users may also be monitored.
Anyone using this system expressly consents to such monitoring and is advised that if such
monitoring reveals possible evidence of criminal activity, syste...
View Full Document
- Fall '12