RT Article
T1 Network investigations of cyber attacks: the limits of digital evidence
JF Crime, law and social change
VO 46
IS 4/5
SP 239
OP 256
A1 Chaikin, David A.
LA English
YR 2006
UL https://krimdok.uni-tuebingen.de/Record/1882291395
AB Cyber attackers are rarely held accountable for their criminal actions. One explanation for the lack of successful prosecutions of cyber intruders is the dependence on digital evidence. Digital evidence is different from evidence created, stored, transferred and reproduced from a non-digital format. It is ephemeral in nature and susceptible to manipulation. These characteristics of digital evidence raise issues as to its reliability. Network-based evidence - ie digital evidence on networks - poses additional problems because it is volatile, has a short life span, and is frequently located in foreign countries. Investigators face the twin obstacles of identifying the author of a cyber attack and proving that the author has "guilty knowledge." Even more is at stake when the cyber attacker is a trusted insider who has intimate knowledge of the computer security system of the organisation. As courts become more familiar with the vulnerabilities of digital evidence, they will scrutinise the reliability of computer systems and processes. It is likely that defence counsel will increasingly challenge both the admissibility and the weight of digital evidence. The law enforcement community will need to improve competencies in handling digital evidence if it is to meet this trend.
K1 Child Pornography
K1 Intrusion Detection System
K1 Malicious Code
K1 Trojan Horse
K1 Virtual Private Network
DO 10.1007/s10611-007-9058-4