ABSTRACT
When an information security incident occurs in today’s connected environment, it is unlikely that simply performing a forensic analysis of the hard drive on the victim computer will offer sufficient evidence, by itself, for a successful prosecution. Certainly, we all know of cases where, confronted with the evidence from the victim computer and the results of traditional investigation, the suspect admits guilt or is convicted. However, more and more frequently cyber-trained defense attorneys are taking the position that, without a complete chain of evidence from attacker to victim, their clients should be exonerated.
