Are unaudited server logs admissible in a court of law?forinJes c srcu 34rl
Are internal server logs produced by a firm that has no standards compliance certification and does not conduct any third party audits admissible as evidence? If not, what certification is generally sufficient?
2 Answers
Whether evidence is admissible in court or not doesn't depend on whether it conforms to any standard, compliance, or certification.
Those factors may affect how strong the evidence is (i.e how convincing it is), but those factors don't determine whether the evidence may be used at all.
Different jurisdictions have different rules, but in most places, as long as the evidence is relevant to the case in trial, then it is admissible.
There are usually rules which may render evidence inadmissible, such as if it was obtained illegally, or if it would have such a prejudicial effect on proceedings that it would undermine the fairness of the trial.
If you are wondering if evidence is relevent or not, an easy way to determine so is asking yourself: does this evidence help a party's case? Does this evidence undermine a party's case? If yes to either question, then it is relevant.
-
My point is, if there is absolutely no third party involved and there is no guarantee that the logs are immutable, how does one ensure the logs are not fabricated/tampered with. – PulseJet 7 hours ago
-
1@PulseJet somebody(s) testify that they haven’t been – Dale M 7 hours ago
-
I see, good point. So basically, it would depend on how well the the firm (even if they are the defendant) can present the logs and testify how they are genuine, right? – PulseJet 7 hours ago
-
2Yeah. Usually in a civil case the witness will say something like "I am the chief engineer for this website, and we keep logs of activity, the logs are included as exhibit a/1 of my statement, the logs are truthful and represent what happened that day". And then the opposing lawyer will say "you said the logs are truthful, but they arent securely held, are they? Thats correct. They arent held to any standard or compliance, are they? Thats correct." The judge then concludes to himself, in private, whether he the logs were or were not reliable evidence of what happened. – Shazamo Morebucks 6 hours ago
Documents are not evidence - testimony is evidence
Documents don’t just magically become “evidence” - somebody (or more than one somebody) gives evidence about them. That is, they give testimony about what they are, where they come from, how they were created and how they got from there to here - that’s evidence. Those people can be cross-examined to test the strength of their evidence. The trier of fact then decides what weight to give to the testimony if it conflicts with other testimony or is not self-consistent.
If a disinterested third-party testifies to the veracity of a document that would normally give the evidence more weight than if only a party to the case does.
-
2To expand on this, the sysadmin responsible for the server would have to testify that these logs were indeed produced by the server, list anyone who might have had access to interfere with them, etc. The other side can then attempt to introduce doubt about their veracity by asking about security procedures, updates etc. – Paul Johnson 6 hours ago