This
article will be discussing about the concept of Computer or Cyber Forensics in
cyber-crime investigation including its issues and challenges
1.
INTRODUCTION:
Our
world is being developed gradually with the hand of technology which is become
more operable with the emergence of internet. The use of computers increasing
rapidly day by day as more as users are being connected with others through the
internet. One can easily access any
information and can be connected with anyone while sitting far away from the
destination and even can destroy any information through the use of internet.
The
rapid development of information technology globally has led to the occurrence
of new form of crime which is termed as Cyber-crime. Such crime has no boundary
because it is committed with the use of internet which do not have any
territorial boundary.
This
kind of criminal activities directly relate to the use of computers or any
electronic devices run through internet likewise mobile phone, especially
trespass into the computer system or database of another, manipulation or theft
of stored data, data diddling, tampering with the computer source code.
2.
COMPUTER OR CYBER FORENSICS:
Forensic
science is the scientific method of collecting, filtering, analysing and
examining of a specific information. This science is being used and important
in law enforcement where it plays a vital role in investigation a specific
event.
Cyber
forensics can also be defined as the process of extracting information and data
from any specific computer system.
Cyber
forensic experts can draw an array of method for collecting data that resides
in a computer system or recovering deleted, encrypt or damages file
information.
McCombie
and Warren (2003) suggested that computer forensics can be defined as the
collection, preservation, analysis and court presentation of computer related
evidence.
3.
EMERGENCE OF COMPUTER OR CYBER FORENSICS:
As
a result of the first computer virus attacks on the World Wide Web, computer
forensics as a field of study began in the late 1980s. The practice became more
common and popular with increase in the number of personal computers
specifically having access to the internet. Law enforcement agencies started
assembling data for investigations into fraud and pornography that
predominantly used computers as storage devices. The International Organisation
on Computer Evidence was founded in 1995 during an international conference in
Baltimore, Maryland, in the United States, with the goal of developing
effective techniques for computer analysis. Digital evidence with a focus on
computer forensics was acknowledged at the international conference held in
Melbourne, Australia, in February 1996, following the establishment of the
International Organisation on Computer Evidence. The CCRDU serves as a liaison
organisation in India for the assimilation of cutting-edge methods used in
other nations.
5. TYPES OF COMPUTER OR CYBER
FORENSICS:
Following are the various
types of computer forensics.
- o Database Forensics: It focuses on the research and analysis of databases and the associated metadata.
- o Memory Forensics: it focuses on obtaining raw data from system memory and analyzing it for further research.
- o Malware Forensics: It is concerned with locating suspicious code and researching viruses, worms, etc.
- o Email Forensics: It deals with emails, their analysis and recovery, including contacts, calendars, and deleted emails.
- o Disk Forensics: It deals with locating active, modified, or deleted files in order to extract raw data from the device's primary or secondary storage.
- o Network Forensics: The monitoring and analysis of computer network traffic falls under this category of computer forensics.
- o Mobile Phone Forensics: It mainly focuses on the inspection and evaluation of phones and smartphones, and it aids in retrieving contacts, call logs, incoming and outgoing SMS, etc., as well as other data that may be present.
6.
PROCEDURE OF INVESTIGATION:
An
investigation conducted using computer forensics typically consists of four
steps or stages. These steps include:
a.
Collection and preservation of evidence
b.
Extraction of evidence
c.
Examination of evidence
d.
Organization of evidence
let’s
discuss in detail;
a.
Collection and preservation of Evidence:
The
first step in the cyber forensic process is the Collection and preservation of
Evidence. The investigator must first ascertain few things, including the type
of computer, the use for which it was intended, whether it was used alone or as
part of a network, whether it was password-protected, and whether external
storage devices were connected to the system or not. The
most immediate and important objective of the collection and preservation
process is the imaging of the evidentiary device.
There
are several stages involved in the entire data collection process, including
i)
identifying the nature and the location of data,
ii)
preserving data in such a manner that that causes the least amount of
disruption to the original data
iii)
analysis of the data for intelligence and evidential purposes
iv)
presentation of the data and evidence derived from the investigation in a court
of law.
Computer
forensic specialists must conduct a thorough analysis of the computer system,
computer networks, malfunctioning computers, password cracking, audit trails,
imaging or cloning of hard drives, etc. The process of imaging is crucial to
the collection and preservation of data. The images are accepted as an accurate
representation of the original digital media. The image is duplicated several
times for various uses. The following are some of the tools that are frequently
used for gathering and preserving evidence:
i.
Hardware Imaging Devices
ii.
Software Imaging Tools
iii.
Imaging Validation Tools
iv.
Write Blocking Tools
b.
Extraction of Evidence:
Extraction
of evidence is the second crucial phase after data collection and preservation.
Following are the tools frequently used for the purpose of extraction of
evidence:
i.
Hidden data Recovery Tools
ii.
Known File Filtering
iii.
Encryption Identification Tools
iv.
Password Recovery Utilities
v.
Steganography Detection Tools
vi.
Virus Detection Capabilities
c.
Examination of Evidence:
Examination
of Evidence means after the extracted evidence need to be examined by the forensic
investigator. The expert must refine and examine what has been collected. At
the time of, the investigator uses the available tools to examine specific
evidence.at the end, the investigator can focus only on relevant information. Searching
for documents, deleted files, images, emails, and other items on the computer
is a common activity during the examination of the evidence.
d.
Organization of evidence:
This
phase of the investigation is the most crucial and significant. The examined
data is methodically arranged in order to be produce before the court of law. The
Link Analysis tool and time lining utilities are frequently used tools for organization
of evidence.
7.
CHALLENGES OF COMPUTER FORENSICS TECHNIQUES:
One
of the biggest challenges posed by information technology is that the cybercrimes
are relatively new and that existing legal frameworks are redundant in dealing
with them is one of the biggest problems. Similarly, there is a significant gap
between the cyber tools used by criminals and those available to law
enforcement authorities to investigate and prevent cybercrimes. The tools
currently in use to combat cybercrime are insufficient and less effective. Some
challenges in the different forensics tools are as follows: Lack of forensic
tools that verify data during acquisition, collection of volatile evidence,
collection of data from active systems, labour-intensive nature of the current
forensic tools, etc.
8.
LEGAL ISSUES:
In
the field of law, forensic evidence is crucial. The investigation and recording
of data for evidence are extremely vulnerable to claims of error, technical
malfunction, or unfair interference from the defence due to the new and constantly
evolving information technology. A lack of adequate and proper training of law
officers and forensic experts led to difficulty in collecting admissible,
authentic, complete, reliable and believable data. There are two key challenges
in a digital investigation: firstly; identifying the suspect and obtaining data
relevant to the suspect’s criminal activities. Similarly, another challenge is
to carry out digital investigation in case of data stored in the form of cloud
environment. There are challenges such as lack of framework, lack of specialist
tools, data is stored in multiple jurisdictions making it difficult to collect
it, lack of tested and certified tools etc.
9.
CONCLUSION:
The
science of computer forensics plays a vital role in the world of cyber law. It is
the Combining use of law and technology which makes it easier to identify the
crime and the criminal. The greatest challenge
to the advancement in technology is the antiqueness of the old criminal justice
system. Laws that are coming into force must be in form of tackle the continuous
advancement of technology. The police officers and forensic specialists must be
trained, and the forensic equipment must be updated. The search, seizure and
investigation procedure are required to match with the changes in the manner of
committing crime. The forensic expert must always act with care and caution in
order to protect the integrity of the data and the evidence.
.jpeg)
.jpeg)
No comments:
Post a Comment