Computer forensics vital_for_combating_cyber_crimes


Published on

Adapted from Encase Legal Journal.

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Computer forensics vital_for_combating_cyber_crimes

  1. 1. CMYK Crime Computer Forensics Vital for Combating Cyber Crimes By Vicky Shah Cyber crimes are which consists of, committed through the • Arriving at the scene: Initial use of computers or response/ prioritization of efforts computer network • Preliminary Documentation and systems. In these crimes, Evaluation of the scene computers are used as • Processing the scene tools to commit crime • Completing and recording the crime scene and/or as a target where investigation of crime scene equipment an attack or compromise has to be performed and/or as an incidental to a crime in which a computer is used Computer forensics is commonly defined as the to generate fake, forged or authentic looking literature collection, prevention, analysis and court presentation for either committing a physical or virtual crime. of computer-related evidence. Courts mandate the proper seizure and analysis of computer evidence in A thorough crime scene analysis is vitally important to any investigation with respect to the law of the land. effective law enforcement. In particular, rapid logical advances have greatly expanded the amount of The most important tool for a computer forensic information that can be obtained from the analysis of investigator is the software used to perform the physical evidence from a crime scene. In order to take investigation. Without specially designed computer advantage of these new opportunities, the investigator forensic software, there cannot be a true forensic should use sound scene processing practices to analysis. recover useful evidence. Forensics is all about the In general, there are three primary reasons why criticalness to the administration of a crime and the specialized computer forensic software must be objective is all about recognition, documentation, employed in order to conduct a proper computer collection, preservation and transmittal of physical investigation: evidence for analysis. 1. Proper Acquisition and Preservation of Digital Forensic deals with the recognition, Computer Evidence documentation, collection, preservation and transmittal, identification and interpretation of Electronic evidence is fragile by nature and easily can electronic media for evidentiary and/or root cause be altered or erased without proper handling. Merely analysis; especially of secondary memory of computer booting a subject computer into windows environment which is capable of storing data in bits i.e. Hard Disk will alter critical date stamps, erase temporary data, Drive (HDD). and cause hundreds of writes to the drive. Digital Forensic deals with conducting a proper and Specialized computer forensic software, such as FTK, documented investigation of the alleged misuse of a EnCase which are recognized by NIST ensures the system, its users, its facts and services. subject computer's data is not altered in any way during the acquisition process. A file date stamp is critical Prior to the forensic a chain of custody is followed The Mumbai PROTECTOR Jan - Feb 2010 49 CMYK
  2. 2. CMYK Crime piece of evidence in litigation matters. 2. Authentication of collected Data for Court Presentation Computer forensics is based largely on the premise that the data recovered from computer systems will ultimately be presented in court of law. As such, another important feature of computer forensic software is a verification process that establishes that the investigator did not corrupt or tamper with the subject evidence at any time in the course of the investigation. Computer forensic software employs a standard algorithm to generate an image hash value. The algorithm calculates a unique numerical value based upon the exact contents contained in the evidentiary image copy. If one bit of data on the acquired evidentiary bit-stream image changes, even by adding a single space of • Identifying text or changing the case of a single • Recovering character, this value changes. • Reconstructing • Analyzing 3. Recovery of all Available Data. Including Deleted files Goal of Cyber Forensic: Investigate digital systems to: In addition to the active data normally seen • determine if system has been compromised by the computer user, computer forensic • determine extent of damage software allows the examiner to recover all • determine how a system was compromised deleted files that have not been completely • understand intrusion techniques overwritten, as well as other forms of • understand intruder patterns and infer intent unallocated or temporary data. • discover evidence of intruder identity • strengthen protection Forensic science is the application of • strengthen our ability to protect science to law; it deals with applying of any • make new friends and host really fun parties scientific principle or technique... Cyber Forensic is useful for investigating agencies. Conclusion: With organizations incurring excessive losses of intellectual property and other trade secrets, advancements in computer forensics technology are meeting the compelling need to counter this threat. Also, with the volumes of cases, it is important for investigators to use forensic tools with improved technology. Ongoing computer investigations are now the need of the hour for keeping pace to counter crime. Reference: Legal Investigation Manual - Encase Disclaimer: This article is for non-profit/non-commercial purpose. For further queries please contact the author on 1+91-98201-05011. "Human Behaviour is the Biggest Risk in Security - Vicky Shah”. + The Mumbai PROTECTOR Jan - Feb 2010 50 CMYK