Cyberspace as a domain for modern warfare creates a lot of complexities that don’t exist in other types of conflicts. You cannot visually identify the enemy, nor be sure what his nationality is. The one thing that you can count on is that someone has to pay for the necessities of virtual combat. Therefore, one sound strategy in any cyber investigation is to follow the money trail created by the necessary logistics of organizing a cyber attack—domain registration, hosting services, acquisition of software, bandwidth, and so on.
One of the main reasons why malicious activities can prosper online is due to lax verification of domain registration data, also known as WHOIS information. Starting with Internet Corporation for Assigned Names and Numbers (ICANN) and continuing with hosting companies and accredited domain registrars of all sizes, verification is not universally enforced.
Fortunately, one of the forensic methods that can crack false identity data is the global trend toward social computing. In the digital world of the Internet, as in physical space, you leave evidence of where you’ve been.
If you’re an ardent social computing fan who is active in Facebook, MySpace, LiveJournal, or Twitter, your virtual footprint will be very extensive. If you make your living on the Internet as a web service provider or forum administrator, your footprint will be even larger.
The IDC is an organization that studies how much data is generated by individuals ...