Network investigations of cyber attacks: the limits of digital evidence

Cyber attackers are rarely held accountable for their criminal actions. One explanation for the lack of successful prosecutions of cyber intruders is the dependence on digital evidence. Digital evidence is different from evidence created, stored, transferred and reproduced from a non-digital format....

Descripción completa

Guardado en:  
Detalles Bibliográficos
Autor principal: Chaikin, David A. (Autor)
Tipo de documento: Electrónico Artículo
Lenguaje:Inglés
Publicado: 2006
En: Crime, law and social change
Año: 2006, Volumen: 46, Número: 4/5, Páginas: 239-256
Acceso en línea: Volltext (lizenzpflichtig)
Journals Online & Print:
Gargar...
Verificar disponibilidad: HBZ Gateway
Palabras clave:
Child Pornography
Intrusion Detection System
Malicious Code
Trojan Horse
Virtual Private Network
Descripción
Sumario:Cyber attackers are rarely held accountable for their criminal actions. One explanation for the lack of successful prosecutions of cyber intruders is the dependence on digital evidence. Digital evidence is different from evidence created, stored, transferred and reproduced from a non-digital format. It is ephemeral in nature and susceptible to manipulation. These characteristics of digital evidence raise issues as to its reliability. Network-based evidence - ie digital evidence on networks - poses additional problems because it is volatile, has a short life span, and is frequently located in foreign countries. Investigators face the twin obstacles of identifying the author of a cyber attack and proving that the author has "guilty knowledge." Even more is at stake when the cyber attacker is a trusted insider who has intimate knowledge of the computer security system of the organisation. As courts become more familiar with the vulnerabilities of digital evidence, they will scrutinise the reliability of computer systems and processes. It is likely that defence counsel will increasingly challenge both the admissibility and the weight of digital evidence. The law enforcement community will need to improve competencies in handling digital evidence if it is to meet this trend.
ISSN:1573-0751
DOI:10.1007/s10611-007-9058-4