Sunday, January 31, 2010

What is Cyber forensics?

Cyber Forensics and Cyber Crime investigation process goes through: Collecting Evidences from Digital Medias, Analysis of Evidences, Opinion or Report Writing. There are four basic steps that are followed in conducting a cyber forensic analysis: Identifying sources of evidence, Securing found evidences and preserving identified evidences, analyzing the evidences, Documenting found and analyzed evidences.

The evidence must be extracted and presented in a way that preserves its "evidence value" So the cyber forensics can be defined as the process of extracting information and data from computer storage media and guaranteeing its accuracy and reliability. The challenge of course is actually finding this data, collecting it, preserving it, and presenting it in a manner acceptable in a court of law.Cyber Forensics is a challenging and interesting field, which gives a job satisfaction. 

Cyber forensic experts can find employment in both the government and the private sector. To be a Cyber Forensic Expert, person should have a wide range of knowledge and experience about- Cyber Forensics including Cyber Crimes, Hacking, Spamming, Viruses, Tracking user activity, forensic imaging & Verification, Data recovery and analysis, File types (extensions), Encryption, Password breaking etc with basic understandings about programming languages & Operating systems like- Windows, Linux, Mac, Java, Symbian etc, and also have knowledge about legal issues, acts, laws, responsibilities etc related to digital evidence. Person must have interest in Cyber Forensics, who enjoys the investigation process and have ability to work hours continuously.

The global dependency on technology combined with the expanding presence of the Internet as a key and strategic resource requires that corporate assets are well protected and safeguarded. When those assets come under attack, or are misused, infosecurity professionals must be able to gather electronic evidence of such misuse and utilize that evidence to bring to justice those who misuse the technology.

Encase (Guidance Software's)and Forensic Tool Kit (FTK, Access Data) are the widely used tools in Cyber Forensics for Recovery and Imaging of media, all over the world, Opinions based on Encase or FTK are acceptable in any court of world. These tools plays very important role in Cyber Forensics Investigation, but many times success is depend upon the expert's knowledge, skill and experience.

The anonymity provide by the Internet, and the ability for society’s criminal element, to use information technology as a tool for social and financial discourse, mandates that those professionals charged with the responsibility of protecting critical infrastructure resources, have the tools to do so.Every crime scene contains evidence; this is because of Locard's Principle, this principle is also applicable in Cyber Forensics, as every activity on computer leaves its traces.Electronic evidence is fragile and can easily be modified. Additionally, cyber thieves, criminals, dishonest and even honest employees hide, wipe, disguise, cloak, encrypt and destroy evidence from storage media using a variety of freeware, shareware and commercially available utility programs.Cyber Forensics is the process of recovering evidences from Digital Medias. According to Robbins' definition, Computer Forensics involves the preservation, identification, extraction and documentation of computer evidence stored in the form of magnetically encoded information data.

Computer forensics has also been described as the autopsy of computer storage Medias for evidence. Chris LT Brown defined cyber forensics as the art and science of applying computer science to aid the legal processes. 
A simpler definition would be the examination of computers, cyberspace and other electronic devices for evidence that might have forensic value. Cyber Forensics Expert never works on Original or Evidence media. He first create Image file of the original disk and check its signature (MD5 hash) for accuracy and then follow all the investigation on duplicate media.

Cyber forensics, while firmly established as both an art as well as a science, is at its infancy. With technology evolving, mutating, and changing at such a rapid pace, the rules governing the application of cyber forensics to the fields of auditing, security, and law enforcement are changing as well. Almost daily, new techniques and procedures, are designed to provide infosecurity professionals a better means of finding electronic evidence, collecting it, preserving it, and presenting it to client management for potential use in the prosecution of cyber criminals.

1 comment:

  1. The greater challenge is the presentation of forensic evidence by the prosecution in court, and cross-examination by defence lawyer more importantly the appreciation of cyber forensics by the judges.

    Kamal Dave