Cyber Forensics

by Santosh Raut
(Amity University, Noida, India)

Photo Credit: Cayusa

Photo Credit: Cayusa

Cyber Forensics is the process of recovering evidences from Digital Medias. According to Robbins' definition, Computer Forensics involves the preservation, identification, extraction and documentation of computer evidence stored in the form of magnetically encoded information data.

Computer forensics has also been described as the autopsy of computer storage Medias for evidence. Chris LT Brown defined cyber forensics as the art and science of applying computer science to aid the legal processes. A simpler definition would be the examination of computers, cyberspace and other electronic devices for evidence that might have forensic value.

Every crime scene contains evidence; this is because of Locard's Principle, this principle is also applicable in Cyber Forensics, as every activity on computer leaves its traces.

Cyber Forensics and Cyber Crime investigation process goes through: Collecting Evidences from Digital Medias, Analysis of Evidences, Opinion or Report Writing. There are four basic steps that are followed in conducting a cyber forensic analysis: Identifying sources of evidence, Securing found evidences and preserving identified evidences, analyzing the evidences, Documenting found and analyzed evidences. The evidence must be extracted and presented in a way that preserves its "evidence value"

Encase (Guidance Software's)and Forensic Tool Kit (FTK, Access Data) are the widely used tools in Cyber Forensics for Recovery and Imaging of media, all over the world, Opinions based on Encase or FTK are acceptable in any court of world. These tools plays very important role in Cyber Forensics Investigation, but many times success is depend upon the expert's knowledge, skill and experience.

Cyber Forensics Expert never works on Original or Evidence media. He first create Image file of the original disk and check its signature (MD5 hash) for accuracy and then follow all the investigation on duplicate media.

Cyber Forensics is a challenging and interesting field, which gives a job satisfaction. Cyber forensic experts can find employment in both the government and the private sector. To be a Cyber Forensic Expert, person should have a wide range of knowledge and experience about- Cyber Forensics including Cyber Crimes, Hacking, Spamming, Viruses, Tracking user activity, forensic imaging & Verification, Data recovery and analysis, File types (extensions), Encryption, Password breaking etc with basic understandings about programming languages & Operating systems like- Windows, Linux, Mac, Java, Symbian etc, and also have knowledge about legal issues, acts, laws, responsibilities etc related to digital evidence. Person must have interest in Cyber Forensics, who enjoys the investigation process and have ability to work hours continuously.

Comments for Cyber Forensics

Average Rating starstarstarstarstar

Click here to add your own comments

May 06, 2009
Contact me
by: Santosh Raut

Contact with me for any queries...

Jan 20, 2009
Nice Article
by: Shivaji

Very Nice and rare article

Dec 16, 2008
Excellent Forensic Article
by: David

Many thanks for posting this very interesting and informative article on cyber forensics.

Click here to add your own comments

Return to Forensic Science 2.0.

Enjoy this page? Please pay it forward. Here's how...

Would you prefer to share this page with others by linking to it?

  1. Click on the HTML link code below.
  2. Copy and paste it, adding a note of your own, into your blog, a Web page, forums, a blog comment, your Facebook account, or anywhere that someone would find this page valuable.