LogBlog

« Don't Ever Find Yourself In This Position! | Main | PCI Updates Coming »

Improving Logs for Evidence

We had a great webcast today with top ecommerce lawyer Ben Wright. He offers his top ten strategies on how to proactively improve the admissibility of log data for evidenciary purposes.

Ben's Ten Steps to Immutable Logs

1 - Process and Control - Document how logs are created, stored and protected to increase admissibility in legal cases.

2 - Retention - Keep logs as long as business records AND for at least 6 months

3 - Define log collection - Leave no logs behind! You CAN collect 100% of logs with LMI.

4 - Unaltered records - Separate out collection, storage and processing.

5 - Improve log data with a time and date stamp.

6 - Prevent alteration or loss of log data with secure transport and storage policies.

7 - Establish a clean and clear chain of custody of log data.

8 - Turn logs into an efficient and valuable asset by centralizing the core data set.

9 - Distributed processing and storage strategy is recommended by FBI for best evidence.

10 - Automate alerting and reporting to establish authenticty of logs and establish admissibility.

Andy joined Ben for the webcast today and you can listen to a free replay at SANS with registration.

Technorati : ,

Posted July 18, 2006 in Log Management & Intelligence | Permalink

TrackBack

TrackBack URL for this entry:
http://www.loglogic.com/mt/mt-tb.cgi/66

Visit loglogic.com

I ♥ Logs

Subscribe to this blog’s feed RSS

November 2007
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
Categories
Archives
Blogroll
Blogroll
Compliance
Good Reading
LogLogic
LogLogic Partners
Sites We Watch