Cyber Forensics

by Santosh Raut
(Amity University, Noida, India)

Cyber Forensics is the process of recovering evidences from Digital Medias. According to Robbins' definition, Computer Forensics involves the preservation, identification, extraction and documentation of computer evidence stored in the form of magnetically encoded information data.

Computer forensics has also been described as the autopsy of computer storage Medias for evidence. Chris LT Brown defined cyber forensics as the art and science of applying computer science to aid the legal processes. A simpler definition would be the examination of computers, cyberspace and other electronic devices for evidence that might have forensic value.

Every crime scene contains evidence; this is because of Locard's Principle, this principle is also applicable in Cyber Forensics, as every activity on computer leaves its traces.

Cyber Forensics and Cyber Crime investigation process goes through: Collecting Evidences from Digital Medias, Analysis of Evidences, Opinion or Report Writing. There are four basic steps that are followed in conducting a cyber forensic analysis: Identifying sources of evidence, Securing found evidences and preserving identified evidences, analyzing the evidences, Documenting found and analyzed evidences. The evidence must be extracted and presented in a way that preserves its "evidence value"

Encase (Guidance Software's)and Forensic Tool Kit (FTK, Access Data) are the widely used tools in Cyber Forensics for Recovery and Imaging of media, all over the world, Opinions based on Encase or FTK are acceptable in any court of world. These tools plays very important role in Cyber Forensics Investigation, but many times success is depend upon the expert's knowledge, skill and experience.

Cyber Forensics Expert never works on Original or Evidence media. He first create Image file of the original disk and check its signature (MD5 hash) for accuracy and then follow all the investigation on duplicate media.

Cyber Forensics is a challenging and interesting field, which gives a job satisfaction. Cyber forensic experts can find employment in both the government and the private sector. To be a Cyber Forensic Expert, person should have a wide range of knowledge and experience about- Cyber Forensics including Cyber Crimes, Hacking, Spamming, Viruses, Tracking user activity, forensic imaging & Verification, Data recovery and analysis, File types (extensions), Encryption, Password breaking etc with basic understandings about programming languages & Operating systems like- Windows, Linux, Mac, Java, Symbian etc, and also have knowledge about legal issues, acts, laws, responsibilities etc related to digital evidence. Person must have interest in Cyber Forensics, who enjoys the investigation process and have ability to work hours continuously.