On Tue, July 5, 2005 3:02 pm, pingywon said: > I have heard on more then one ocassion that Microsoft Event files (.evt) > are admissible.
Like anything, it depends a lot on the situation. It's a log file, so like any log file, it must be relevant and have a clean chain of custody. For anything more specific, it depends on your jurisdiction. Here is a link to the US Federal Rules of Evidence that might provide entertainment for some readers of this list: http://expertpages.com/federal/federal.htm Relevancy is defined in Article 4. Log files are generally considered "records of a regularly conducted activity", which is referenced in Rule 803(6). Note that Article 8 is about hearsay. A log is hearsay, but Rule 803 defines the exceptions to the inadmissibility of hearsay. -Eric -- arctic bears - email and dns services http://www.arcticbears.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
