Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: Nein
New Today: 0
New Yesterday: 2
Overall: 29410

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Hostile work enviornment
 Can anyone suggest me a topic under printers forensics
 Unallocated clustered as court evidence
 Encryption
 I know how to recover ost file 2016

Computer Forensics World Forums


Pages Served
We received
52868042
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Syslog Daemon Questions
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Syslog Daemon Questions

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Forensics
View previous topic :: View next topic  
Author Message
savanted1
Newbie
Newbie


Joined: Nov 05, 2004
Posts: 11

PostPosted: Sat Mar 12, 2005 7:32 am    Post subject: Syslog Daemon Questions Reply with quote

Dear, Forum

When searching a computer terminal or server is it imperative to retrieve the syslog daemon log for evidence in a case or just the actual file that is in question or files for investigation?

Regards,
_________________
You Cannot Do Today's Work With Yesterday's Skills®

Microsoft Corporation Research Panelist
Infragard Baltimore Chapter
INETA Member
CompTIA Research Panelist
Back to top
View user's profile Send e-mail Visit poster's website AIM Address Yahoo Messenger
Guest






PostPosted: Mon Mar 14, 2005 12:37 pm    Post subject: Re: Syslog Daemon Questions Reply with quote

savanted1 wrote:
Dear, Forum

When searching a computer terminal or server is it imperative to retrieve the syslog daemon log for evidence in a case or just the actual file that is in question or files for investigation?

Regards,


I would think you would want both to prevent the opposing party to claim evidence tampering or an alternative reason for the suspected activity. With no good system logs, they could claim that some other user did X.

A non digital equivalent-
LEOs are following D whom they suspect of possessing drugs. D walks into his house carrying a package. D leaves house w/o package. LEOs enter house, inspect package and find drugs. It would make the prosecution's case much stronger if they could also show surveillance tapes showing that the only person to enter D's house in the last few days was D (thus foreclosing the alternative explanation)
Back to top
irq13
Newbie
Newbie


Joined: Feb 26, 2006
Posts: 8

PostPosted: Thu May 18, 2006 2:55 am    Post subject: Reply with quote

Logs may also lend insight into how an attacker initialy gained access to a machine too. If you are following best practices the log files will be part of the drive image that you check into evidence so you should be good.
Back to top
View user's profile Visit poster's website
harold007
Newbie
Newbie


Joined: Aug 12, 2010
Posts: 2

PostPosted: Wed Jul 27, 2011 1:16 am    Post subject: syslog.conf Reply with quote

On a linux/unix operating systems always look at the syslog.conf, it will direct you to what are the relevant active logs. If authpriv.* and auth.* are logged you will see where login information is kept locally or where it is forwarded to a remote syslog computer. In a corporate environment syslogs are typically forwarded to a event vault and local logs are kept to a minimum to free the sysadmin from disk managment.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Forensics All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops © 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. © 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.