Ummm. Write your immutable audit files to WORM media instead of R/W? :-) -- rk
-----Original Message----- From: ProfoxTech [mailto:[email protected]] On Behalf Of Ken Dibble Sent: Thursday, January 10, 2013 2:14 PM To: [email protected] Subject: Re: [NF] Immutable Audit Trails > > Nor would hashing each entry separately prevent them from being > deleted. Deleting an entry indicating that so-and-so accessed > such-and-such a record at such-and-such a time would be a pretty > serious form of tampering. > > There are ways to deal with this, such as hash the previous > record with the current record so that if a record is deleted, the > hash won't match. You won't recover the data, buy you'll know that a > change was made. Okay. But does that comply with the standard? "Immutable" means "incapable of being changed", not "changes can be detected after they occur". _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/DF1EEF11E586A64FB54A97F22A8BD044217A43EEA2@ACKBWDDQH1.artfact.local ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
