U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Network Investigations of Cyber Attacks: The Limits of Digital Evidence

NCJ Number
Crime, Law and Social Change Volume: 46 Issue: 4-5 Dated: 2006 Pages: 239-256
David Chaikin
Date Published
18 pages
This article considers the nature and reliability of digital evidence.
The analysis indicates that the collecting, securing, and analyzing digital evidence is a new forensic field that is experiencing a lack of trained and experienced forensic examiners and investigators. The author urges increased technological efforts toward the improvement of the reliability and security of digital evidence and calls upon investigators of cyber-attacks to gather a wide range of evidence concerning the attack so that the case does not rest solely on digital evidence. The vulnerability of digital evidence to manipulation requires that new processes and policies be adopted by the forensic and legal systems in order to conduct reliable and valid investigations and prosecutions against cyber-attackers. The limits of digital evidence should also be considered, particularly by forensic practitioners who should take on a more careful and skeptical approach to the investigation and analysis of digital evidence. In making this argument, the author examines the characteristics of digital evidence, which reveals its vulnerability to manipulation and reproduction. The methods of computer forensic investigators are explored followed by a discussion of how computer attacks can be tracked in cyberspace. Cyberspace investigations are made complex by jurisdictions, such as Australia, England, and the United States, that have specific hearsay and authenticity rules of evidence that, at times, limit the extent to which digit evidence can be heard and considered in criminal cases. The author offers the example of the admissibility of log files as digital evidence, which may be challenged due to their lack of a robust security control system. Guilty knowledge, known as mens rea, presents another challenge to the admissibility of digital evidence in a courtroom. In this case, the prosecution must prove that the digital evidence was knowingly placed on the computer by the suspect and was not illegally installed without the suspect’s knowledge. Footnotes


No download available