On Sun, 2009-05-17 at 00:22 -0400, C F wrote: > I don't know what to tell you, but you can't close down a data center > for the purpose of collecting evidence. How hard is it to just clone > all the machines in there instead of taking them?
that is not the issue. The federal rules of criminal procedure require that the "best available evidence" be used in court. This means that copies are not allowed if the original is available. In addition, they might be able to clone something and then discover that it doesnt work properly based on that cloned image, why the FBI policy on seizure of systems is to take everything (note they even took power strips per that article). They do this to ensure that they can accurately review the systems for evidence. Now when they do the actual forensic analysis they work off a disk image, that way it cant be said they modified the systems in any way, which would invalidate their submission as evidence (potentially judges call, but the FRCrimP do allow for excluding tampered evidence). I think that some are missing the bigger point here. There are a lot of companies that now have no phone service, but are willing to pay for it (at least some of them are). -- Trixter http://www.0xdecafbad.com Bret McDanel pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721 _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
