Digital forensics

Abstract

In recent years, digital attacks against organizations, critical infrastructure and military targets are increasing. Generally, these attacks are summarized under the term Cyberwar and broadly discussed by the press, military experts and politicians. Attribution ("Who did it?") is often a major question in these discussions. But, by using computers and the Internet, these attacks leave digital traces whichmay become digital evidence. Digital forensics as a scientific discipline deals with methodologies to find and handle digital evidence. The main goal of digital forensic investigations is to reconstruct how an attack occurred and who is responsible. In this paper we show up the fundamental principles of digital forensics and discuss the usefulness of digital evidence in the mentioned attack scenarios. By sketching out two concrete examples, we present the capabilities of digital forensics to investigate distributed denial of service attacks and malware attacks.