—The Operational Complexity Model (OCM) has been used to derive the complexities of the five most prevalent cyber-crimes occurring in southeast Asia, namely peer-to-peer (P2P) multimedia piracy, online auction fraud, online storage of offensive material, theft of online game weapons, and distributed denial of service (DDoS) attacks. In each case the complexity of the simplest Trojan horse process that might be invoked as an alternative explanation for the recovered digital evidence is also determined using the OCM, and the results are used to assess the relative plausibility of the two competing explanations in each case. Finally, the forensically determined circumstances under which a Trojan horse defence is most likely to be successful are outlined. Keywords-Trojan horse defence; operational complexity model; digital forensics; relative plausibility metrics; posterior odds; alternative hypotheses.
Richard E. Overill, Jantje A. M. Silomon