Multidimensional Trace Search in IT Forensics

EasyChair Preprint 11565, version 1

Abstract

Both the legal norms and case law leave open how IT traces that can be linked to a perpetrator are to be evaluated. Even with regard to technical standards, there is no approach to systematically evaluate IT traces so that a connection with the perpetrator, the crime scene and the time of the crime can be established or excluded. However, a very useful approach is known from the literature, using a 7-stage rating scale that addresses the combination of probability and security against manipulation of the traces. In order to determine the guilt or innocence of the defendant, it must be established with almost certainty that there is no reason for acquittal, taking into account the free assessment of evidence. On the other hand, in civil proceedings judgment is based on the preponderance of probability. In general, the assessment of IT traces in terms of guilt or lack of training is a vague matter that can only be accomplished with a lot of responsibility and expertise in order to minimize bias as much as possible. There is a complete lack of supporting tools, methods or procedures. This work attempts to expand the 7-stage evaluation scale in a multidimensional manner, so that a systematic approach to trace evaluation in IT is created.

Keyphrases: Beweismittel, IT-Forensik, Strafverfahren

@booklet{EasyChair:11565,
  author    = {Thomas Hrdinka},
  title     = {Multidimensional Trace Search in IT Forensics},
  howpublished = {EasyChair Preprint 11565},
  year      = {EasyChair, 2023}}