Nowadays, terrorists master technology. They often use electronic devices that allow them to act without being physically exposed. As a consequence, their attacks are quicker, more precise, and even more disastrous. As cyber- terrorism relies on computers, the evidence is distributed on large-scale networks. Internet providers as well as government agencies around the world have set up several advanced logging techniques. However, this kind of information alone is not always sufficient. It is sometimes paramount to also analyse the target and source computers, if available, as well as some networking elements. This step is called cyber-forensics, and allows for precisely reconstructing and understanding the attack, and sometimes for identifying the intruders. In this paper, we present the basics and well-known issues, and we give some related perspectives.