Generally, traces of Internet communications established by a citizen's computer are routinely recorded on and dated by Internet servers in so-called 'log files'. As far as the correct dating of the electronic offence is crucial for the potential identification of the author, convincing traces need to be date- and time-stamped by a Trusted Third Party (TTP). Such a time stamp does not give any assurance about the correctness of the data and dates collected, but only proves that the traffic data were in a given state at a given date and time. If the Internet Provider (IP) address appears to be one used by the company, it is foreseeable that the system administrator within the company will be able to identify the computer owning a particular IP address. In others cases, only law enforcement agencies, in the circumstances and the conditions required by the law, are entitled to identify, with the help of Internet Access Providers (IAPs), the communication line suspected to have been used beside a given IP address. Putting together the traces left at the IAP side and in the log files of the attacked server site may lead, in the best cases, to an identified communication terminal. Nevertheless, in many cases, this will not be a formal authentication of a wrongdoer.