Computers don’t commit crimes, people do. 

The most difficult challenge for law enforcement in many cybercrime
cases is “putting a suspect at the keyboard”.   Recent news stories have
highlighted law enforcement’s frustration with the lack of focus on the
human elements of cybercrime.   Too often cybercrime is framed as a
purely technical challenge.  The fact that real human criminals are
behind these schemes can be forgotten.  A  specific individual must be
identified to make an arrest and charge a crime. 

“Attribution” is the task of identifying a specific cybercriminal. 
This process begins often by utilizing digital forensics to examine the
patterns and tools used in an attack.  This is a scientific and complex
process.  During my time as a prosecutor, I worked with many digital
forensic examiners on cases.  The forensic examiner was always the most
important witness at trial.  The examiner  is the witness who  literally
examines the “crime scene” and can provide the evidence that proves
that the suspect was the person  behind a cyber attack.

Some cybercriminals follow known patterns and this may be a way to
identify them.  In one case that I prosecuted, the forensic examiner
reviewed evidence seized from a suspect but there was no way to directly
connect the suspect to the crime.  However, the examiner was able to
identify non-criminal evidence on the computer that was clearly linked
to the suspect.  This circumstantial evidence provided a strong degree
of proof that the suspect used the computer and was at the terminal
close in time to the period during which the crimes occurred.  This
critical evidence, provided by the forensic examiner, resulted in the
successful prosecution of the cybercriminal.

I teach a law school class on cybercrime and at the beginning of the
first class I always remind students that cybercrimes are crimes
committed by real persons abusing technology.  It’s important to
remember that technology is not bad.  Unfortunately, sometimes people do
bad things with technology.