All,
I was given a computer to analyze, but was told upfront that someone else had logged into the profile to 'look around'. When they didn't find anything, they brought it to me. Should I put that in the report? All of the timestamps are off in relation to when the true person last logged in versus the last person.
Thanks…
Should I put that in the report?
Well, what would be the alternative, hiding/failing to mention such a vital piece of information you were made aware of? ?
jaclaz
I wasn't sure. Personally, I haven't run into an issue in the past where someone actually told me someone else had logged in. With that information, I would assume full transparency, but I wanted to get other opinions…
I wasn't sure. Personally, I haven't run into an issue in the past where someone actually told me someone else had logged in. With that information, I would assume full transparency, but I wanted to get other opinions…
I don't get it.
Possibilities are that the system (or filesystem or *whatever*) was (you choose)
- noticeably modified by *something* or *someone* that is not the "true person" AND you know (because someone told you) that it has been accessed by *something* or *someone* that is not the "true person"
- noticeably modified by *something* or *someone* that is not the "true person" BUT you DO NOT know (because noone told you) that it has been accessed by *something* or *someone* that is not the "true person"
- seemingly (or as far as you can see) not modified BUT you know (because someone told you) that it has been accessed by *something* or *someone* that is not the "true person"
- seemingly (or as far as you can see) not modified AND you DO NOT know (because noone told you) that it has been accessed by *something* or *someone* that is not the "true person"
[/listo]
In case of issues (of *any* kind) you can possibly claim having made a mistake or omission in "good faith" in case #4, and possibly in case #2, BUT NOT in case #3, let alone #1.
jaclaz
Should I put that in the report?
Without a doubt. I would, but I would do so only as far as I could demonstrate through the data. I tend not to rely on what someone told me as "fact", in part because many times what one person refers to as "nothing" is actually quite a lot from a DF perspective.
What I might do is give the facts of the login (log entries, etc.) and then state that someone not the user in question had _reportedly_ logged in.
Without a doubt. I would, but I would do so only as far as I could demonstrate through the data. I tend not to rely on what someone told me as "fact", in part because many times what one person refers to as "nothing" is actually quite a lot from a DF perspective.
What I might do is give the facts of the login (log entries, etc.) and then state that someone not the user in question had _reportedly_ logged in.
Welcome back Dr.House! D
http//
wink
jaclaz
All,
I was given a computer to analyze, but was told upfront that someone else had logged into the profile to 'look around'. When they didn't find anything, they brought it to me. Should I put that in the report?
It's better that you state what input you received for the assignment, than leave it to someone else to imagine. Murphy rules anything will be misunderstood, sooner or later. Much better that you pre-empt any speculations that may arise.
I usually have to discover that someone 'just looked around a little' for myself … but it goes into the report, no matter what the customer says..
Hi,
The best part would be to mention every piece of info right in the beginning.
If no such issue occurs, then that's fine. But if occurs then you will be on the safer side as you did already mentioned all the details.
Regards