Paperless Paper Trails: Establishing a chain of evidence in cybersecurity cases

In old procedural shows like Dragnet, early episodes of Law & Order, Hill Street Blues, Magnum P.I., they always talk about the paper trail. This is the chain of signed documents and verified contracts and letters and memo that, on TV at least, usually lead us right from the first clue all the way to the guy who committed the crime. Paper trails can also be used to frame an innocent third party or prove one's innocence, showing that someone was "nowhere near the scene of the crime" at the time of the arson.

In cyber-crime, the chain of evidence, the paperless paper trail, is actually much easier to track than the kind that's actually printed and written on sheets of paper. Here are a few things not everyone knows about how evidence is tracked from computer to computer:
  • Documents and programs can be traced back to their computer of origin
Every time you send off a .doc file, your computer leaves an impression on it as sure as the signature imprint left on a bullet by a registered firearm. If you post a photo to the internet of yourself at a crime scene, law enforcement can download the picture and trace it back to your computer. A GOP lawmaker actually got busted for libelous emails some years back when the emails were traced back to his wife's computer.
  • Word documents save every single revision
If you type a word and then backspace over it, the Word file will remember you doing that. This has actually been brought up in some pretty high profile cases. For instance, the Invasion of Iraq.
  • Deleted files leave clues behind
Even if you manage to delete every trace of evidence regarding your cyber-crime, the computer may still show a log of what was deleted, when, and by whom. Combined with a little bit of conventional detective work, this can make it quite easy to figure out what was going on.

You can get rid of a paper trail by shredding it and burning the scraps. Paperless paper trails are a little trickier. If you've sent any compromising documents out into the web from your computer, then it's too late. The evidence is already out there, and zapping your computer with a magnet and smashing it to bits isn't going to do you any good. With the right cyber-sleuth on the case, a single photo from a hacker's phone can be as good as a signed confession.
Need insurance for You, Your Family or Your Business?
We can match you to a qualified, local insurance expert!
Further Reading
It's no fun being the tough, no-nonsense boss, but noncompliance in cybersecurity policy is kind of a big deal. There are hackers who don't know a line of code, who can't tell a Mac from a PC, but they know how to get your data through social enginee...
National Cybersecurity Awareness Month (NCSAM) occurs annually in October. Started in 2003 by the U.S. Department of Homeland Security and private sector sponsors and nonprofit collaborators that form the National Cyber Security Alliance, this annual...
Cybersecurity insurance covers liabilities your company faces if you’re the victim of a cybercrime. While important, not all cybersecurity insurance policies are the same. Find the right coverage for your needs and vulnerabilities when you compare se...
Cybersecurity insurance covers liabilities your company faces if you’re the victim of a cybercrime. While important, not all cybersecurity insurance policies are the same. Find the right coverage for your needs and vulnerabilities when you compare se...
"Cybersecurity is definitely no longer a server room issue," says David Finn, Executive Director at the Microsoft Cybercrime Center. "It's a boardroom issue." He notes that on average, it takes 243 days before an organization even knows that it was...