After the massive DDoS attack in July 7th, 2009, cyber terror attacks such as system down of Nonghyub Bank (March 4th, 2011) occurred continuously. The key word of these cases is DDoS Attack. This study will show the research result of 7.7 DDoS attack investigation case with technical aspects such as evidence types, collecting and analyzing evidences, and problems of its legal responsibility with the view of an individual, company, government and security company. In a technical side, the three factors of DDoS attack are Zombie computer, Command control server and a Master. To arrest the master, all evidences about DDoS attack must be collected and analysed. The evidences in DDoS attack must be collected in a view of the causal relationship of the case damage and punishment. The evidences caused by the causal relationship of DDoS attack case damage are attack packets and malicious programs. The evidences which are applied to criminal code about DDoS attack case and the factor of crime in Information Network Promotion and Information Protection Act are attack packets, malicious programs, use logs, and system fail messages. To analyse evidences collected by the each factor of DDoS attacks systematic, forensic investment method fixed for DDoS attack must be applied. So, in DDoS attack forensic method, evidence analysis follows attack packets, zombie computer, control server and a master. The problems of legal duties about 7.7 DDoS attack in legality side will deal with personal, enterprise, government and security company sides. First, whether each person who is also direct attacker and victim of DDoS attack has willful negligence or not, second, whether Internet infrastructure providers or telecom service providers as a service provider who has a duty to provide a secure Internet service, have responsibility for abetting transmitting packets from zombie computers, or not, third, whether the government have responsibility about preservation control and countermeasure, last, will check whether a foreign company which developed Windows operating system which has security faults has responsibility or not. In between the evidences about the DDoS attack which caused the DDoS attack in March 4th, and the interruption of banking system in Nonghyub Bank in April 12th in this year, it is time to discuss legal responsibility, duty, problems of countermeasure system about DDoS attack and its solutions.