AC
Anasayfa Makaleler Criminal law

Log/Server Evidence: How to Prepare a Server-side Expert Report?

TL;DR

Server log'ları (HTTP, IIS, AWS CloudTrail) zaman senkronizasyonu + hash + tutarlılık ile bilirkişi raporu zorunlu; aksi takdirde manipülasyon iddiası geçerli.

16 Şubat 2026 Criminal law 3 dk okuma 8 görüntülenme Son güncelleme: 10 Mayıs 2026

Server logs are critical evidence; However, if time synchronization + hash + server ownership is not documented in the expert report, the other party will refute it with the allegation of manipulation.

Common log sources

  • Apache / Nginx access.log + error.log.
  • IIS log (Windows Server).
  • AWS CloudTrail / CloudWatch.
  • Azure Activity Log.
  • Application log (in-application).
  • Database query log.
  • SIEM (Splunk, ELK, Sentinel).

Time synchronization (NTP)

  • Server time synchronized with global atomic clock via NTP — required.
  • If there is no synchronization, the claim that "the clock may have been manipulated" is valid.
  • The expert report should see the NTP config + sync log.

Expert methodology

  • Server physical/logical access is verified.
  • Ownership / authorization documents (cloud account, IAM).
  • Log files are copied; hash (SHA-256) is received.
  • Time synchronization control.
  • Anomaly detection (e.g. multiple logins from single IP).
  • Correlation (application + DB + network).
  • Result + appends (hash + log file).

    • AWS CloudTrail example

    • CloudTrail logs all AWS API calls.
    • Must be stored in S3 with timestamp + immutable ("object lock")
    • Expert: IAM authorized user + downloads log + hash + analysis.
    • S3 access log + KMS encryption log correlation.

    Frequently asked questions

    Log deleted; Will it come back?

    Yes, if there is an S3 versioning + object lock + lifecycle policy. If it has been deleted on the local server, it can be restored with computer forensics. If sent to SIEM, it is available in SIEM.

    The other party says "log was manipulated"; How do we answer?

    NTP sync + immutable storage + hash chain document. Additionally, SIEM resets the risk of manipulation with "tamper detection". The expert report should show these details clearly.

    Third party server (AWS); Is access a problem?

    Access is possible with the permission of the IAM authorized user; The cloud provider may provide additional expert reports (e.g. AWS GovCloud audit). If authorized user is missing, MLAT to AWS with court request.

    How long should the log retention period be?

    KVKK article 7 storage principles; data type + purpose dependent. Common for log: 1-3 years; financial sector 10 years; insurance business 10 years. The company policy must be clear.

    There is personal data in the application log; Is it KVKK compliant?

    Maybe. If there is PII in the log, KVKK Article 5 legal reason + masking + access control is required. Redaction (PII removal) is recommended during expert examination.

    Relevant legislation

    • HMK art.199-205 — Presentation of documents and evidence.
    • HMK art.400-405 — Determination; with witness / expert.
    • CMK art.134 — Computer search, copying; hash chain.
    • TCK art.243-245 — Computer crimes, digital evidence chain.
    • e-Signature Law (5070) — Electronic signature and time stamp.
    Legal notice: This article is for general information purposes; A meeting with a lawyer is required for a concrete case. Durations, rates and practice are shaped by jurisprudence; Check the current legislation before applying.

    Kaynaklar ve referanslar

    Kaynaklar

    Log/Sunucu Delili: Server-side Bilirkişi Raporu Nasıl Hazırlanır? içeriği hazırlanırken resmi mevzuat ve yüksek yargı kaynakları esas alınmıştır.

    Telif bildirimi This content and all related Q&A texts are protected under Turkish Copyright Law No. 5846. Unauthorized copying, reproduction, publication, adaptation, bulk extraction, or commercial use is prohibited; legal and criminal remedies are reserved in case of infringement.

    Hukuki destek arıyorsanız

    Bu konuda profesyonel hukuki destek için Aycan Ceylan Avukatlık Bürosu olarak yanınızdayız.

    Görüşme Planla