To my mind, a number of factors come into play with your situation.
Local/State laws that govern your area.
What actual damage your ISP suffered.
Whether you're a dedicated or dialup customer.
Is your ISP running a time client for timestamp accuracy.
The logging tools the ISP uses and the quality of the logs they produce.
How long they keep logs in their course of doing business.
Are they logging all packets in/out (sniffing).
Your online login/logoff relative to the breakin time.
Any logging you are doing on your machine.
Whether access to your machine limited/secured.
Your whereabouts at the time of the breakin.
The ISP's logs, the quality (or lack thereof) of those logs, is the
evidence they are using to support their accusation. Therefore it is your
target to dispute. But that must be done convincingly by either countering
their evidence or discrediting it. I would consider anything less than
accurately timestamped logging of all packets in and out, in combination
with radius/router logging, a weak foundation of documentation supporting
their accusation and position.
However, saying you didn't do it frankly isn't going to fly with anyone,
not with the police and certainly not in a court case. Hijacking an IP
does,after all, require a degree of skill on the hijacker's part.
Spoofing... well... that's a tad easier for evil-doers these days, imo.
Were I in your shoes, I would get an attorney. He should pursue what
evidence the police have and what their intent is regarding possible
charges against you. Then of course, you and he/she will decide a plan of
action for criminal defense and/or the strengths you may have to take any
civil action against your ISP.
As far as an expert is concerned, you might want to consider contacting
SANS. They may be willing to assist you, they're certainly capable.
http://www.sans.org
If your state is like ours, you can likely forget recovering your computer.
Confiscations are done here under a forfeiture law. Law Enforcement
taketh and keepeth, no matter what the outcome of a case.
HTH,
Nikki
>> >How do I find an expert witness who could testify on my
>> behalf (should the
>> >need arise)? My ISP uses RedHat. I already contacted
>> RedHat about their
>> >On-Site Consulting services, but their services do not cover expert
>> >testimony. I am located with the United States of America.
>> I am hoping
>> >for an expert in Linux security, RHCE preferred.
>> >
>> >Any ideas of where to find this kind of help would be appreciated.
>> >
>> >Victim of Police Stupidity
Nikki
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
