This article brings a clear perception on forensic investigations, its procedures, issues, challenges and requirement of forensic skills for professionals or investigators.
The past sixty years have witnessed the most rapid transformation of human activity in history, with digital electronic technology as the driving force. Nothing has been left untouched. The way people communicate, live, work, travel, and consume products and services have all changed forever. The digital revolution has spurred the rapid expansion of economic activity across the face of the planet.
Digital Forensics aka digital forensic science, cyber forensic, computer forensic; It is the youngest branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. It’s an art or science where procedures focus on I P A D (Identification, Preservation, Analysis, and Documentation) in such a manner that is legally acceptable by court of law and judiciary.
From conventional crimes to Cyber-Crime, computer digital evidence plays indispensable role in nefarious activities either as a target, medium or containing evidence and thus, requiring specialist to gather evidence. It’s like an old saying quote “Once the documents have been posted online (intentionally or accidently), The genie is out of the bottle”. And then the real proceeding initiates whether on who is going to deal with the case. Most of the people have misconception about forensic, they think it’s all about data recovery and that is just a single part of it. Forensic deals with many upcoming emerging cases such as Scareware’s, Ransomwares, Digital Divorces, IoT Devices, Digital cryptocurrency, Deep Web ToR, Intellectual Property Theft and many more.
Cybercrime has thrust into the forefront of public attention due to a glut of high-profile, well-publicized cases of compromised computer systems at organizations like Sony, Target, Home Depot, J.P. Morgan Chase, Bangladesh Cyber Heist, Twitter, LinkedIn case. Some Political cases (like Vyapam scam, Sunanda Pushkar Tharoor), Bollywood (Aarushi Talwar’s murder, Jiah khan) IPL Match Fixing, piracy movie leaked (udta_punjab, Great Grand masti, Kabali) cases etc.
LECHNO (Legal + Techno) Dimension
Growing volumes of digital storage are making the traditional methods for evaluating electronic evidence unsustainable. In recent years, we have seen law enforcement and corporate investigators taking a different approach, which achieves the same or better results as traditional methods, but much faster. Even the individual must be aware about various computer forensic and Incident Response Procedures guidelines i.e. International Organization of Computer Evidence (IOCE), Scientific Working Group on Digital Evidence (SWGDE), Association Chief Police Officer (ACPO), NIJ (National Institute of Justice), DSCI (Data Security Council of India) Manual etc. When handling electronic evidence, most investigators apply a traditional methodology.
For each device, a forensic technician would typically:
- Plug the device into a write blocker
- Acquire a forensic image of the entire device
- Make a copy of the forensic evidence image
- Analyze the data stored on the forensic image copy
- Write a report on the results of this analysis.
The technician would then repeat this process for each device related to this case. Having completed this process for all devices, investigators would then use human brainpower to find connections and correlations between the data sources. And most important thing about integrity; the hash value plays a significant role in establishing the authenticity and integrity of data/evidence in the digital world particularly in Cryptography, Data Analyses and Forensic Imaging etc. Hash Value popularly known as Fingerprint of data or called Digital Fingerprint.
The investigators are more concentrated about cloud forensics and encryption. The other challenges are legal, device proliferation, cross-border cooperation, lack of training and intelligence, new application artefacts, Tor Proxy.
One of the major challenges for the Government of India in fighting cyber-crime is the lack of analytical and technical training for the law enforcement agencies. India, however, still faces daunting challenges with cyber-crimes as law enforcement agencies that are not well-equipped and oriented about cyber-crime yet. There is lack of policies at the national level as regards to the training of the state police, judges and lawyers on ICT related laws and procedures and essential ways of tackling cyber-crime activities.
The main challenge is the lack of awareness when it comes to reporting cyber-crimes in India. This is partly due to lack of policies on staff rotation within certain law enforcement agencies. There is urgent need for capacity building in the field of cyber forensics as well as cyber security and the government need to put in place proper forensic investigatory infrastructure with legal frameworks and jurisdictions to tackle cyber-crimes. In Short, Ransomware, Piracy, Cloud Forensic, Encryption, Cryptocurrency cases, sophisticated organized crimes these are some measure challenges.
SKILLS FOR FORENSICATORS
The competitive corporate market has to secure there IT assets from sabotage, inherent systems vulnerabilities and prevent intruders from gaining unauthorized access to their business critical data. Organizations need services of computer forensics professionals who can analyze their computer and network systems in case of any break-in to determine how the attacker gained access. This gradual increase in cyber-crime has led to a massive surge in the demand. The main skills every Cyber-Forensic Professionals must possess are:
- Knowledge of Computer Networking Concepts
- Working knowledge of Web Servers, Application and Hacking Technologies
- Sound knowledge of the relevant law, Compliance and Standards
- Well versed with investigating Deep web, Bitcoin and other crypto-currencies
- Strong understanding of incident prevention and incident response
- Thorough understanding of Browser and Social Media Forensics
- Cloud Computing, File System and its architecture
- Smartphones and Anti-Forensic tools concepts
- Reverse Engineering and Malware Analysis
- Working knowledge Cryptography and Steganography
- Cyber Intelligence and Analysis
- Updated knowledge of the latest IT Security and Forensic technologies
Forensic is majorly focused on standards and tools with Proper chain of custody. It’s not at all like what you see on “CSI: Crime Scene Investigation or CID”. Computer forensics can be tiresome, dreary, boring, and downright drudgery.
One way of creating awareness is by utilizing popular mediums such as social networking sites. Social networking sites ideally serve the purpose of awareness creation as users are keen to try out new games and applications.
In Present Scenario, the criminals are becoming technologically sophisticated in committing crimes. Therefore, Forensic needs such a crime analysis technique to catch criminals and to remain ahead in the eternal race between the criminals and the law enforcement.
The police should use the current technologies to give themselves the much-needed edge. Availability of relevant and timely information is of utmost necessity in conducting of daily business and activities by the Forensics, particularly in crime investigation and detection of criminals.
Disclaimer: This does not constitute a legal opinion and would not create Attorney-Client relationship. This article is only for information and awareness purpose and merely a possible interpretation of the law.