±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36618
New Yesterday: 10 Visitors: 129

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Business record exception to the hearsay rule

Discussion of legislation relating to computer forensics.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Audio
Senior Member
 

Business record exception to the hearsay rule

Post Posted: Aug 14, 08 22:08

Are there any workarounds to the US business record exception to the hearsay rule, that states records must be kept within the course of normal business in order to be admissible as evidence in court?

What can people do to make digital evidence admissible in court in the these situations:

1. A server is compromised, and you want to capture network traffic with a packet sniffer to collect additional data to help with Incident Response and be used as evidence in court.

2. You suspect an employee of breaking the law or your security policy, and you want to setup additional monitoring/surveillance by enabling the auditing of files and/or surreptitiously installing software like Dameware, VNC or a keylogger.

I'm also curious as to how data collected from Incident Response such as network connections, running programs, open files, etc. can be admitted as evidence. By definition, according to SANS, an incident is a deviation from the norm where harm has occurred, or there was intent to do harm.

So if you have an Incident Response Disk, which by definition is not normally used, it doesn't seem like that would fall under the business record exception to the hearsay rule, so how is that evidence admissible?  
 
  

LarryDaniel
Senior Member
 

Re: Business record exception to the hearsay rule

Post Posted: Sep 16, 08 08:44

Let the attorneys worry about it. That is why they get the big bucks.
_________________
Larry E. Daniel
DFCP, EnCE, BCE, ACE, AME, CTNS , CTA, CWA
Guardian Digital Forensics
"An Envista Forensics Company" 
 

Page 1 of 1