ABSTRACT
Over the past few decades, rapid changes in technology have driven a significant increase in the amount and types of data stored on and processed by digital devices. Digital devices may be used in the commission of numerous criminal activities, including unauthorized data exfiltration, fraud, employee misconduct, kidnapping, child pornography, murder, and more. After being accused of committing a crime, a common defense is the so-called Trojan horse defense. In the Trojan defense, the defendant claims that someone or something else is responsible for the crime committed as represented by digital evidence present on one or more devices. Traditionally, the Trojan defense has often been dismissed by investigators after a cursory examination of digital devices for the presence of malware. While this process might have led to fair conclusions in the past, we now face increasingly sophisticated cyberattacks and malware infections, and it is increasingly possible that someone or something (e.g., malware) other than the “obvious” party may be guilty. This chapter discusses the impact of modern malware on digital investigations and examines possible solutions to the problem of unraveling the accuracy of the Trojan defense, including the use of memory forensics techniques. [194]
