Skip to main content
Cyber Security Awareness

Paperless Paper Trails: Establishing a chain of evidence in cybersecurity cases

By March 3, 2017No Comments

In old procedural shows like Dragnet, early episodes of Law & Order, Hill Street Blues, Magnum P.I., they always talk about the paper trail. This is the chain of signed documents and verified contracts and letters and memo that, on TV at least, usually lead us right from the first clue all the way to the guy who committed the crime. Paper trails can also be used to frame an innocent third party or prove one’s innocence, showing that someone was “nowhere near the scene of the crime” at the time of the arson.

In cyber-crime, the chain of evidence, the paperless paper trail, is actually much easier to track than the kind that’s actually printed and written on sheets of paper. Here are a few things not everyone knows about how evidence is tracked from computer to computer:

  • Documents and programs can be traced back to their computer of origin

Every time you send off a .doc file, your computer leaves an impression on it as sure as the signature imprint left on a bullet by a registered firearm. If you post a photo to the internet of yourself at a crime scene, law enforcement can download the picture and trace it back to your computer. A GOP lawmaker actually got busted for libelous emails some years back when the emails were traced back to his wife’s computer.

  • Word documents save every single revision

If you type a word and then backspace over it, the Word file will remember you doing that. This has actually been brought up in some pretty high profile cases. For instance, the Invasion of Iraq.

  • Deleted files leave clues behind

Even if you manage to delete every trace of evidence regarding your cyber-crime, the computer may still show a log of what was deleted, when, and by whom. Combined with a little bit of conventional detective work, this can make it quite easy to figure out what was going on.

You can get rid of a paper trail by shredding it and burning the scraps. Paperless paper trails are a little trickier. If you’ve sent any compromising documents out into the web from your computer, then it’s too late. The evidence is already out there, and zapping your computer with a magnet and smashing it to bits isn’t going to do you any good. With the right cyber-sleuth on the case, a single photo from a hacker’s phone can be as good as a signed confession.