Everyday, the Internet sees hundreds of denial of service attacks. Yet, each year, there are only a handful of related arrests, and only for those attacks targeted at major corporate and government sites. Why is there such a discrepancy? An investigation into a denial of service attack is a major operation, and we believe that law enforcement agencies are unwilling to invest the resources to catch the perpetrators of minor attacks. We aim to improve this situation by monitoring traffic not directly associated with the DoS attack itself as well as monitoring and characterizing the DoS attack itself. Our tool provides more useful information to investigators, which could lead to more arrests, and subsequently a decline in denial of service attacks. After all, a hacker will think twice about launching an attack if he feels there is a chance he will get caught. It is a short term solution, and our techniques are admittedly simple to circumvent, but we have laid a solid foundation for a more robust distributed tool. In the future, we hope to extend our technology to provide a means for stopping denial of service attacks before they can even do damage using a variety of methods. Most effective perhaps would be to automatically apply filters to upstream routers by writing agent plug-ins for the more popular routers.