RE: [fw-wiz] Acqusition of time

From: Paul D. Robertson (
Date: 01/29/03

From: "Paul D. Robertson" <>
To: dave <>
Date: Wed Jan 29 11:32:02 2003

On Wed, 29 Jan 2003, dave wrote:

> Actually a good attorney could tear up any log system even with perfect time
> stamps. All that need would need to be proved was the fact that it could
> have been faked.

This simply isn't true. Just as physical evidence can be planted,
photographic evidence could be faked, or forensics could be falsified,
saying "it possibly could have been..." won't win you an instant
acquittal. It takes lots of bumbling by the prosecution and its witnesses
to give you a "Mark Furman" kind of out, even if you hire the dream team
for your defense.

Log files are admissable as machine records, and as such, they're valid
evidence. While it'd be difficult to get a conviction on log files alone,
it's not impossible, and really what you really want is enough to get the
person to plea out anyway, it's much cheaper on the entire system.

If you were to challenge the admissability, you'd have to show why they
weren't admissable, and possibility isn't as strong in admissibility as it
is in guilt.

If I can show that the logs are normal, and how they produce their
records, and what you would have done to make that happen, "they could be
changed!" won't get you off any easier than "my PC was trojaned!" Which
appears to be the new "dog ate my homework" excuse of note. Please note
that for criminal cases (in .us anyway) the standard for not guilty is
_reasonable_ doubt, not _any_ doubt.

Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation