The long way from electronic traces to electronic evidence

$51.63 plus tax (Refund Policy)

Buy Article:


Generally, traces of Internet communications established by a citizen's computer are routinely recorded on and dated by Internet servers in so-called 'log files'. As far as the correct dating of the electronic offence is crucial for the potential identification of the author, convincing traces need to be date- and time-stamped by a Trusted Third Party (TTP). Such a time stamp does not give any assurance about the correctness of the data and dates collected, but only proves that the traffic data were in a given state at a given date and time. If the Internet Provider (IP) address appears to be one used by the company, it is foreseeable that the system administrator within the company will be able to identify the computer owning a particular IP address. In others cases, only law enforcement agencies, in the circumstances and the conditions required by the law, are entitled to identify, with the help of Internet Access Providers (IAPs), the communication line suspected to have been used beside a given IP address. Putting together the traces left at the IAP side and in the log files of the attacked server site may lead, in the best cases, to an identified communication terminal. Nevertheless, in many cases, this will not be a formal authentication of a wrongdoer.

Document Type: Research Article


Publication date: July 1, 2004

More about this publication?
Related content

Share Content

Access Key

Free Content
Free content
New Content
New content
Open Access Content
Open access content
Subscribed Content
Subscribed content
Free Trial Content
Free trial content
Cookie Policy
Cookie Policy
ingentaconnect website makes use of cookies so as to keep track of data that you have filled in. I am Happy with this Find out more