1.5 Challenging Aspects of the Cybertrail

The dynamic and distributed nature of networks makes it difficult to find and collect all relevant digital evidence. Data can be spread over a group of adjacent buildings, several cities, states, or even countries. For all but the smallest networks, it is not feasible to take a snapshot of an entire network at a given instant. Also, network traffic is transient and must be captured while it is in transit. Once network traffic is captured, only copies remain and the original data are not available for comparison. The amount of data lost during the collection process can be documented but the lost evidence cannot be retrieved.

Also, networks contain large amounts of data and sifting through them for useful information can be like looking for a needle in a haystack and can stymie an investigation. Even when the vital digital evidence is obtained, networks provide a degree of anonymity making it difficult to attribute online activities to an individual. This text provides methods of addressing these obstacles.