COMPUTER OR CYBER FORENSICS

This article will be discussing about the concept of Computer or Cyber Forensics in cyber-crime investigation including its issues and challenges

 

1. INTRODUCTION:

 

Our world is being developed gradually with the hand of technology which is become more operable with the emergence of internet. The use of computers increasing rapidly day by day as more as users are being connected with others through the internet.  One can easily access any information and can be connected with anyone while sitting far away from the destination and even can destroy any information through the use of internet.

 

The rapid development of information technology globally has led to the occurrence of new form of crime which is termed as Cyber-crime. Such crime has no boundary because it is committed with the use of internet which do not have any territorial boundary.

 

This kind of criminal activities directly relate to the use of computers or any electronic devices run through internet likewise mobile phone, especially trespass into the computer system or database of another, manipulation or theft of stored data, data diddling, tampering with the computer source code.

 

2. COMPUTER OR CYBER FORENSICS:

 

Forensic science is the scientific method of collecting, filtering, analysing and examining of a specific information. This science is being used and important in law enforcement where it plays a vital role in investigation a specific event.

 

Cyber forensics can also be defined as the process of extracting information and data from any specific computer system.

 

Cyber forensic experts can draw an array of method for collecting data that resides in a computer system or recovering deleted, encrypt or damages file information.

 

McCombie and Warren (2003) suggested that computer forensics can be defined as the collection, preservation, analysis and court presentation of computer related evidence.

 

3. EMERGENCE OF COMPUTER OR CYBER FORENSICS:

 

As a result of the first computer virus attacks on the World Wide Web, computer forensics as a field of study began in the late 1980s. The practice became more common and popular with increase in the number of personal computers specifically having access to the internet. Law enforcement agencies started assembling data for investigations into fraud and pornography that predominantly used computers as storage devices. The International Organisation on Computer Evidence was founded in 1995 during an international conference in Baltimore, Maryland, in the United States, with the goal of developing effective techniques for computer analysis. Digital evidence with a focus on computer forensics was acknowledged at the international conference held in Melbourne, Australia, in February 1996, following the establishment of the International Organisation on Computer Evidence. The CCRDU serves as a liaison organisation in India for the assimilation of cutting-edge methods used in other nations.

 

5. TYPES OF COMPUTER OR CYBER FORENSICS:

 

Following are the various types of computer forensics.

 

• o Database Forensics: It focuses on the research and analysis of databases and the associated metadata.
• o Memory Forensics: it focuses on obtaining raw data from system memory and analyzing it for further research.
• o Malware Forensics: It is concerned with locating suspicious code and researching viruses, worms, etc.
• o Email Forensics: It deals with emails, their analysis and recovery, including contacts, calendars, and deleted emails.
• o Disk Forensics: It deals with locating active, modified, or deleted files in order to extract raw data from the device's primary or secondary storage.
• o Network Forensics: The monitoring and analysis of computer network traffic falls under this category of computer forensics.
• o Mobile Phone Forensics: It mainly focuses on the inspection and evaluation of phones and smartphones, and it aids in retrieving contacts, call logs, incoming and outgoing SMS, etc., as well as other data that may be present.

 

6. PROCEDURE OF INVESTIGATION:

 

An investigation conducted using computer forensics typically consists of four steps or stages.  These steps include:

 

a. Collection and preservation of evidence

b. Extraction of evidence

c. Examination of evidence

d. Organization of evidence

 

let’s discuss in detail;

 

a. Collection and preservation of Evidence:

 

The first step in the cyber forensic process is the Collection and preservation of Evidence. The investigator must first ascertain few things, including the type of computer, the use for which it was intended, whether it was used alone or as part of a network, whether it was password-protected, and whether external storage devices were connected to the system or not. The most immediate and important objective of the collection and preservation process is the imaging of the evidentiary device.

 

There are several stages involved in the entire data collection process, including

 

i) identifying the nature and the location of data,

ii) preserving data in such a manner that that causes the least amount of disruption to the original data

iii) analysis of the data for intelligence and evidential purposes

iv) presentation of the data and evidence derived from the investigation in a court of law.

 

Computer forensic specialists must conduct a thorough analysis of the computer system, computer networks, malfunctioning computers, password cracking, audit trails, imaging or cloning of hard drives, etc. The process of imaging is crucial to the collection and preservation of data. The images are accepted as an accurate representation of the original digital media. The image is duplicated several times for various uses. The following are some of the tools that are frequently used for gathering and preserving evidence:

 

i. Hardware Imaging Devices

ii. Software Imaging Tools

iii. Imaging Validation Tools

iv. Write Blocking Tools

 

b. Extraction of Evidence:

 

Extraction of evidence is the second crucial phase after data collection and preservation. Following are the tools frequently used for the purpose of extraction of evidence:

 

i. Hidden data Recovery Tools

ii.  Known File Filtering

iii. Encryption Identification Tools

iv. Password Recovery Utilities

v.  Steganography Detection Tools

vi. Virus Detection Capabilities

 

c. Examination of Evidence:

 

Examination of Evidence means after the extracted evidence need to be examined by the forensic investigator. The expert must refine and examine what has been collected. At the time of, the investigator uses the available tools to examine specific evidence.at the end, the investigator can focus only on relevant information. Searching for documents, deleted files, images, emails, and other items on the computer is a common activity during the examination of the evidence.

 

d. Organization of evidence:

 

This phase of the investigation is the most crucial and significant. The examined data is methodically arranged in order to be produce before the court of law. The Link Analysis tool and time lining utilities are frequently used tools for organization of evidence.

7. CHALLENGES OF COMPUTER FORENSICS TECHNIQUES:

 

One of the biggest challenges posed by information technology is that the cybercrimes are relatively new and that existing legal frameworks are redundant in dealing with them is one of the biggest problems. Similarly, there is a significant gap between the cyber tools used by criminals and those available to law enforcement authorities to investigate and prevent cybercrimes. The tools currently in use to combat cybercrime are insufficient and less effective. Some challenges in the different forensics tools are as follows: Lack of forensic tools that verify data during acquisition, collection of volatile evidence, collection of data from active systems, labour-intensive nature of the current forensic tools, etc.

 

8. LEGAL ISSUES:

 

In the field of law, forensic evidence is crucial. The investigation and recording of data for evidence are extremely vulnerable to claims of error, technical malfunction, or unfair interference from the defence due to the new and constantly evolving information technology. A lack of adequate and proper training of law officers and forensic experts led to difficulty in collecting admissible, authentic, complete, reliable and believable data. There are two key challenges in a digital investigation: firstly; identifying the suspect and obtaining data relevant to the suspect’s criminal activities. Similarly, another challenge is to carry out digital investigation in case of data stored in the form of cloud environment. There are challenges such as lack of framework, lack of specialist tools, data is stored in multiple jurisdictions making it difficult to collect it, lack of tested and certified tools etc. 

 

9. CONCLUSION:

 

The science of computer forensics plays a vital role in the world of cyber law. It is the Combining use of law and technology which makes it easier to identify the crime and the criminal. The greatest challenge to the advancement in technology is the antiqueness of the old criminal justice system. Laws that are coming into force must be in form of tackle the continuous advancement of technology. The police officers and forensic specialists must be trained, and the forensic equipment must be updated. The search, seizure and investigation procedure are required to match with the changes in the manner of committing crime. The forensic expert must always act with care and caution in order to protect the integrity of the data and the evidence.