:: [DNG] ..forensics on systemd or jou…
Góra strony
Delete this message
Reply to this message
Autor: Arnt Karlsen
Data:  
Dla: dng
Stare tematy: Re: [DNG] rc.local removed from Debian 9, rly?
Temat: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?
On Wed, 22 Nov 2017 07:19:20 +0100, John wrote in message
<a2655662-c5ec-7090-a37b-5977fee25556@???>:

> On 22/11/17 02:59, Arnt Karlsen wrote:
> > On Tue, 21 Nov 2017 18:21:14 +0100, John wrote in message
> > <c5185954-4be2-5389-4cfa-9266eed9f4fc@???>:
> >
> >> (Damn but the systemd journal is great :-))
> > ..is there a way to decode and read those binary systemd journal
> > logs on classic POSIX/Unix etc forensic systems _not_ running
> > systemd?
>
> Is there any way to read a file in format X without a program that
> reads format X?


..I'm asking you. Your other "answers" to this question suggests
you may know the true answer to my question.

> I suppose you could scatter iron filings on the disk the use a
> scanning electron microscope to examine their positions and, using
> paper, pencil and a copy of the systemd doc work out the contents by
> hand.
>
> Or, being endowed with the minimum level of foresight necessary for
> survival have a forensic system that includes tools for reading the
> file formats you're likely to find  on the system you want to
> post-mortem.


..correct, that is precisely why I went for devuan and precisely why
I ask you here now.

..you appear to suggest that law enforcement wanting to read systemd
journal logs, _should_ depend on the mercy of systemd developers not
"filtering" away inconvenient evidence of e.g. systemd developer
wrongdoing from said law enforcement.

..depending on your jurisdiction, this feature of systemd is either
a good thing or a bad thing, probably both and probably capable of
facilitating the cover-up of organised crime, AFAICT.

--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.