An analysis of forensics evidence gathering for assistance in network intruder prosecution

Abstract

This research develops a roadmap of legal evidence-gathering steps to assist law enforcement agencies in the identification of network intruders. This checklist will not only assist administrators in conducting network defense and safeguarding evidence but will assist them in remaining within the guidelines of the law in their network defense efforts. Legal responsibilities of network managers are highlighted with respect to legal document requirements and issues of U. S. Marine Corps liability. The aforementioned roadmap development is achieved by: 1) examining the latest advances and trends in network intrusion techniques, 2) investigating current U.S. Navy and U.S. Marine Corps Computer Network Incident Response Policies, 3) researching the current and proposed legislation covering the issue of forensic evidence requirements and preservation, and 4) examining forensics evidence gathering techniques with a focus on individual privacy rights.