SlideShare a Scribd company logo

Role of Digital Forensics in Meeting Indian Legal Requirements for Digital Preservation

S V National Institute of Technology (SVNIT), Surat (NIT, Surat)
S V National Institute of Technology (SVNIT), Surat (NIT, Surat)
1 of 21
Download to read offline
Role of Digital Forensics in Digital Preservation as per the Indian Legal Requirements
Quick OverviewQuick Overview • Indian Legal Requirements – IT Act 2000/2008 • Retention of the electronic records • Facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic records. • Electronic records are retained in the format in which it was originally generated, sent or received • Defines the conditions for legal admissibility of electronic records – RTI Act • Digital information could be searched and reproduced in legally admissible manner to fulfill the right to information where required. • Digital forensics and digital preservation – Technology Watch Report 12-03: Digital Forensics and Preservation by Jeremy Leighton John – The Bit Curator Project – Case Scenarios • Digital forensics for Email preservation • Digital forensics for Storage media preservation • Digital forensics for Mobile data preservation
• Purpose – To find the legal digital evidences – Mapping with preservation metadata of the OAIS • Open Archival Information System(ISO 14721) • Approach – Open source digital forensics tools – Establish the aspects of digital preservation in terms of provenance, integrity, authenticity and reliability Quick OverviewQuick Overview
• Legal requirement of email message preservation – Department of Electronics and Information Technology (DeitY), Government of India is already formulating the e-Mail policy for all central and state government organizations in India for the purpose of e-mail data protection, which will also be subjected to preservation in various cases. • Email is consists of two major sections : – Body • The actual message of the email – Header • Hidden part of the email, extra information • Important evidences can be extracted from header • Each header field is key:value pair, defined in rfc 4021 • Common header fields: – from (sender), to (receivers), and date (time), subject Evidences in e-Mail HeaderEvidences in e-Mail Header
Email Header – 1Email Header – 1
Email Header – 2Email Header – 2
Email Header – 3Email Header – 3
Authentication and IntegrityAuthentication and Integrity IntegrityIntegrity Verifying that the content is not alteredVerifying that the content is not altered in transit.in transit. “Content“Content--MD5”MD5” Authentication:Authentication: Validate the identities of the parties whoValidate the identities of the parties who participated in transferring a message.participated in transferring a message. Domain Authentication:Domain Authentication: DKIMDKIM--SignatureSignature User Authentication:User Authentication: Sender’s digital signatureSender’s digital signature
• Single Email: – Eml format – ASCII file – Open Specification • Email Account: – mbox format – Most email client applications supports mbox – All the emails in single MBOX file – MIME Attachments in base64 • XML – Self descriptive language, suitable for preservation Capturing EmailCapturing Email • Email must have object file which is in – Non-proprietary format – Standard format – Open Specification – Externally Independent • Available File format for email object Extension File Type Description bina Netscape mail file boe Microsoft Outlook Express backup file eml Email message file emlx Apple Mail email message ezm EasyOffice mail file nfs Lotus mailbox file mbs Opera mailbox file mbox Email mailbox file pst Microsoft Outlook personal folder file
• Example: – National Archives receives Hard disk from a government organization for long term preservation • Forensics disk image – Exact replica of the original source media • Preservation metadata of a disk image – Reference information • Serial number of the storage device – Fixity information • Hash value of the disk image – Digital provenance information • Chain of custody information – case number – list of tools used – examiner name – short description – the path where the digital evidence is initially stored, – time of acquisition – MACB times Storage media preservationStorage media preservation
• Disk image formats • Open Source Forensics disk imaging tools – dd – Guymager – dcfldd – dd_rescue – AIR – Autopsy(TSK) Storage media preservationStorage media preservation
Storage media preservationStorage media preservation
• Misuse of cell phone device – Device may be harden to commit criminal activity or destructive purpose • Example: – At crime-scene it is important digital evidence. • Challenges: – Court case runs for 10-15 years. – Rapid Technological obsolescence in mobile industry. • Help in e-court mission mode project – Capturing and preserving mobile data that has evidentiary value. Mobile Data PreservationMobile Data Preservation
• Data-Digital Forensic process • Preservation Metadata – Digital provenance information • Date-Time • IMEI/MEID/ICCID • Make/Model • SW/HW information – Integrity • MD5 or SHA1 checksums – Inferential Authenticity & Reliability • Information such as SMS logs, call logs captured from mobile device. • Corroborated information from service provider. • Capturing identical information from different source. • List of tools – AFLogical OSE – viaForensic viaExtract Mobile Data PreservationMobile Data Preservation
Mobile Data PreservationMobile Data Preservation Source: AFLogical OSE shows digital provenance information
Mobile Data PreservationMobile Data Preservation Source: viaForensic viaExtract shows browser bookmark
Mobile Data PreservationMobile Data Preservation Source: viaForensic viaExtract shows browser history Information such as Call logs, Contacts, SMS logs, installed applications, data stored in external memory such as images, video, audio, etc can be captured.
• Bit curator – Collection of tools for • Disk imaging (Guymager) • Data triage • Private and individually identifying information (PII) discovery • File system analytics and reporting • Metadata exports (Fiwalk and bulk extractor) • XENA (Xml Electronic Normalising for Archives) – Xena Digital Preservation Software, http://xena.sourceforge.net/ • Dd – UNIX tool that copies data from one file to another. • AF Logical OSE – https://viaforensics.com/resources/tools/android-forensics-tool/ • ADB (Android Debug Bridge) – http://developer.android.com/tools/help/adb.html • Fiwalk – http://www.forensicswiki.org/wiki/Fiwalk • viaForensics viaExtract – https://viaforensics.com/products/viaextract/ • Guymager – http://guymager.sourceforge.net/ List of digital forensics tools testedList of digital forensics tools tested
ConclusionConclusion
• Software solution – Pre-ingest process of OAIS to preserve e-mails, storage media and cell phone data – Capture the metadata from e-mails/storage media/ cell phones – Maps metadata with the preservation description information – Filtration of preservation format (Proprietary and Non-proprietary) – Generate Submission information packages Future DirectionsFuture Directions
Thank YouThank You

Recommended

Presentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingPresentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingAmbuj Kumar
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Digital investigation
Digital investigationDigital investigation
Digital investigationunnilala11
 
Pengenalan Forensik Digital
Pengenalan Forensik DigitalPengenalan Forensik Digital
Pengenalan Forensik Digitalyprayudi
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsRamesh Ogania
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...John Bambenek
 

Recommended

Presentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingPresentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingAmbuj Kumar
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Digital investigation
Digital investigationDigital investigation
Digital investigationunnilala11
 
Pengenalan Forensik Digital
Pengenalan Forensik DigitalPengenalan Forensik Digital
Pengenalan Forensik Digitalyprayudi
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsRamesh Ogania
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...John Bambenek
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensicsMarco Alamanni
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensiknewbie2019
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsZyxware Technologies
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsVidoushi B-Somrah
 
cyber Forensics
cyber Forensicscyber Forensics
cyber ForensicsMuzzammil Wani
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsDaksh Verma
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 yearsMehedi Hasan
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...GarethKnight
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Digital Forensics Projects Assistance
Digital Forensics Projects Assistance Digital Forensics Projects Assistance
Digital Forensics Projects Assistance Network Simulation Tools
 
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...AltheimPrivacy
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICSDr. Prashant Vats
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Exercici
ExerciciExercici
Exercicixyangzhan
 
Chazapis cx for better buildings
Chazapis cx for better buildingsChazapis cx for better buildings
Chazapis cx for better buildingsNicholas Chazapis
 

More Related Content

What's hot

Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensicsMarco Alamanni
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensiknewbie2019
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsZyxware Technologies
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsDaksh Verma
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 yearsMehedi Hasan
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...GarethKnight
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...AltheimPrivacy
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 

What's hot (20)

Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensics
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 years
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedure
 
Digital Forensics Projects Assistance
Digital Forensics Projects Assistance Digital Forensics Projects Assistance
Digital Forensics Projects Assistance
 
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 

Viewers also liked

Chazapis cx for better buildings
Chazapis cx for better buildingsChazapis cx for better buildings
Chazapis cx for better buildingsNicholas Chazapis
 
New microsoft word document2
New microsoft word document2New microsoft word document2
New microsoft word document2Katherin Martinez
 
Day2 session 4: Recommendation and next steps
Day2 session 4: Recommendation and next stepsDay2 session 4: Recommendation and next steps
Day2 session 4: Recommendation and next stepsRCREEE
 
Un día común chichiko
Un día común chichikoUn día común chichiko
Un día común chichikoDaniel Mejia
 
Minicurso Educação Ambiental - Biosemana 2013 - EA no contexto escolar
Minicurso Educação Ambiental - Biosemana 2013 - EA no contexto escolarMinicurso Educação Ambiental - Biosemana 2013 - EA no contexto escolar
Minicurso Educação Ambiental - Biosemana 2013 - EA no contexto escolarLeonardo Kaplan
 
Economics report 1
Economics report 1Economics report 1
Economics report 1lohwenjun
 
Diario de doble entrada de arelis pichardo
Diario de doble entrada de arelis pichardoDiario de doble entrada de arelis pichardo
Diario de doble entrada de arelis pichardoArelis Pichardo
 
Introduction to Biomedical Imaging
Introduction to Biomedical ImagingIntroduction to Biomedical Imaging
Introduction to Biomedical Imagingu.surgery
 

Viewers also liked (12)

Exercici
ExerciciExercici
Exercici
 
Chazapis cx for better buildings
Chazapis cx for better buildingsChazapis cx for better buildings
Chazapis cx for better buildings
 
New microsoft word document2
New microsoft word document2New microsoft word document2
New microsoft word document2
 
Day2 session 4: Recommendation and next steps
Day2 session 4: Recommendation and next stepsDay2 session 4: Recommendation and next steps
Day2 session 4: Recommendation and next steps
 
Evaluación
EvaluaciónEvaluación
Evaluación
 
Un día común chichiko
Un día común chichikoUn día común chichiko
Un día común chichiko
 
Medical Care Provider
Medical Care ProviderMedical Care Provider
Medical Care Provider
 
Market trend nov.2016 cyber security
Market trend nov.2016 cyber securityMarket trend nov.2016 cyber security
Market trend nov.2016 cyber security
 
Minicurso Educação Ambiental - Biosemana 2013 - EA no contexto escolar
Minicurso Educação Ambiental - Biosemana 2013 - EA no contexto escolarMinicurso Educação Ambiental - Biosemana 2013 - EA no contexto escolar
Minicurso Educação Ambiental - Biosemana 2013 - EA no contexto escolar
 
Economics report 1
Economics report 1Economics report 1
Economics report 1
 
Diario de doble entrada de arelis pichardo
Diario de doble entrada de arelis pichardoDiario de doble entrada de arelis pichardo
Diario de doble entrada de arelis pichardo
 
Introduction to Biomedical Imaging
Introduction to Biomedical ImagingIntroduction to Biomedical Imaging
Introduction to Biomedical Imaging
 

Similar to Role of Digital Forensics in Meeting Indian Legal Requirements for Digital Preservation

mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
E discovery mallareddy 20160213
E discovery mallareddy 20160213E discovery mallareddy 20160213
E discovery mallareddy 20160213nullowaspmumbai
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collectiongagan deep
 
Computer Forensic Tools.pptx
Computer Forensic Tools.pptxComputer Forensic Tools.pptx
Computer Forensic Tools.pptxKomalNagre4
 
Computer forensics libin
Computer forensics libinComputer forensics libin
Computer forensics libinlibinp
 
Methods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics EnvironmentsMethods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics Environmentspiccimario
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowWinston & Strawn LLP
 
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdfGnanavi2
 
Digital ForensicsThere are three primary goals with digital fore.docx
Digital ForensicsThere are three primary goals with digital fore.docxDigital ForensicsThere are three primary goals with digital fore.docx
Digital ForensicsThere are three primary goals with digital fore.docxmariona83
 

Similar to Role of Digital Forensics in Meeting Indian Legal Requirements for Digital Preservation (20)

mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
Introduction to e-Discovery
Introduction to e-Discovery Introduction to e-Discovery
Introduction to e-Discovery
 
E discovery mallareddy 20160213
E discovery mallareddy 20160213E discovery mallareddy 20160213
E discovery mallareddy 20160213
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collection
 
Computer Forensic Tools.pptx
Computer Forensic Tools.pptxComputer Forensic Tools.pptx
Computer Forensic Tools.pptx
 
Computer forensics libin
Computer forensics libinComputer forensics libin
Computer forensics libin
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools
 
Methods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics EnvironmentsMethods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics Environments
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
 
3871778
38717783871778
3871778
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
File000117
File000117File000117
File000117
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to Know
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
IT forensic
IT forensicIT forensic
IT forensic
 
Internet .ppt
Internet .pptInternet .ppt
Internet .ppt
 
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
 
Digital ForensicsThere are three primary goals with digital fore.docx
Digital ForensicsThere are three primary goals with digital fore.docxDigital ForensicsThere are three primary goals with digital fore.docx
Digital ForensicsThere are three primary goals with digital fore.docx
 

Role of Digital Forensics in Meeting Indian Legal Requirements for Digital Preservation

  • 1. Role of Digital Forensics in Digital Preservation as per the Indian Legal Requirements
  • 2. Quick OverviewQuick Overview • Indian Legal Requirements – IT Act 2000/2008 • Retention of the electronic records • Facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic records. • Electronic records are retained in the format in which it was originally generated, sent or received • Defines the conditions for legal admissibility of electronic records – RTI Act • Digital information could be searched and reproduced in legally admissible manner to fulfill the right to information where required. • Digital forensics and digital preservation – Technology Watch Report 12-03: Digital Forensics and Preservation by Jeremy Leighton John – The Bit Curator Project – Case Scenarios • Digital forensics for Email preservation • Digital forensics for Storage media preservation • Digital forensics for Mobile data preservation
  • 3. • Purpose – To find the legal digital evidences – Mapping with preservation metadata of the OAIS • Open Archival Information System(ISO 14721) • Approach – Open source digital forensics tools – Establish the aspects of digital preservation in terms of provenance, integrity, authenticity and reliability Quick OverviewQuick Overview
  • 4. • Legal requirement of email message preservation – Department of Electronics and Information Technology (DeitY), Government of India is already formulating the e-Mail policy for all central and state government organizations in India for the purpose of e-mail data protection, which will also be subjected to preservation in various cases. • Email is consists of two major sections : – Body • The actual message of the email – Header • Hidden part of the email, extra information • Important evidences can be extracted from header • Each header field is key:value pair, defined in rfc 4021 • Common header fields: – from (sender), to (receivers), and date (time), subject Evidences in e-Mail HeaderEvidences in e-Mail Header
  • 5. Email Header – 1Email Header – 1
  • 6. Email Header – 2Email Header – 2
  • 7. Email Header – 3Email Header – 3
  • 8. Authentication and IntegrityAuthentication and Integrity IntegrityIntegrity Verifying that the content is not alteredVerifying that the content is not altered in transit.in transit. “Content“Content--MD5”MD5” Authentication:Authentication: Validate the identities of the parties whoValidate the identities of the parties who participated in transferring a message.participated in transferring a message. Domain Authentication:Domain Authentication: DKIMDKIM--SignatureSignature User Authentication:User Authentication: Sender’s digital signatureSender’s digital signature
  • 9. • Single Email: – Eml format – ASCII file – Open Specification • Email Account: – mbox format – Most email client applications supports mbox – All the emails in single MBOX file – MIME Attachments in base64 • XML – Self descriptive language, suitable for preservation Capturing EmailCapturing Email • Email must have object file which is in – Non-proprietary format – Standard format – Open Specification – Externally Independent • Available File format for email object Extension File Type Description bina Netscape mail file boe Microsoft Outlook Express backup file eml Email message file emlx Apple Mail email message ezm EasyOffice mail file nfs Lotus mailbox file mbs Opera mailbox file mbox Email mailbox file pst Microsoft Outlook personal folder file
  • 10. • Example: – National Archives receives Hard disk from a government organization for long term preservation • Forensics disk image – Exact replica of the original source media • Preservation metadata of a disk image – Reference information • Serial number of the storage device – Fixity information • Hash value of the disk image – Digital provenance information • Chain of custody information – case number – list of tools used – examiner name – short description – the path where the digital evidence is initially stored, – time of acquisition – MACB times Storage media preservationStorage media preservation
  • 11. • Disk image formats • Open Source Forensics disk imaging tools – dd – Guymager – dcfldd – dd_rescue – AIR – Autopsy(TSK) Storage media preservationStorage media preservation
  • 12. Storage media preservationStorage media preservation
  • 13. • Misuse of cell phone device – Device may be harden to commit criminal activity or destructive purpose • Example: – At crime-scene it is important digital evidence. • Challenges: – Court case runs for 10-15 years. – Rapid Technological obsolescence in mobile industry. • Help in e-court mission mode project – Capturing and preserving mobile data that has evidentiary value. Mobile Data PreservationMobile Data Preservation
  • 14. • Data-Digital Forensic process • Preservation Metadata – Digital provenance information • Date-Time • IMEI/MEID/ICCID • Make/Model • SW/HW information – Integrity • MD5 or SHA1 checksums – Inferential Authenticity & Reliability • Information such as SMS logs, call logs captured from mobile device. • Corroborated information from service provider. • Capturing identical information from different source. • List of tools – AFLogical OSE – viaForensic viaExtract Mobile Data PreservationMobile Data Preservation
  • 15. Mobile Data PreservationMobile Data Preservation Source: AFLogical OSE shows digital provenance information
  • 16. Mobile Data PreservationMobile Data Preservation Source: viaForensic viaExtract shows browser bookmark
  • 17. Mobile Data PreservationMobile Data Preservation Source: viaForensic viaExtract shows browser history Information such as Call logs, Contacts, SMS logs, installed applications, data stored in external memory such as images, video, audio, etc can be captured.
  • 18. • Bit curator – Collection of tools for • Disk imaging (Guymager) • Data triage • Private and individually identifying information (PII) discovery • File system analytics and reporting • Metadata exports (Fiwalk and bulk extractor) • XENA (Xml Electronic Normalising for Archives) – Xena Digital Preservation Software, http://xena.sourceforge.net/ • Dd – UNIX tool that copies data from one file to another. • AF Logical OSE – https://viaforensics.com/resources/tools/android-forensics-tool/ • ADB (Android Debug Bridge) – http://developer.android.com/tools/help/adb.html • Fiwalk – http://www.forensicswiki.org/wiki/Fiwalk • viaForensics viaExtract – https://viaforensics.com/products/viaextract/ • Guymager – http://guymager.sourceforge.net/ List of digital forensics tools testedList of digital forensics tools tested
  • 20. • Software solution – Pre-ingest process of OAIS to preserve e-mails, storage media and cell phone data – Capture the metadata from e-mails/storage media/ cell phones – Maps metadata with the preservation description information – Filtration of preservation format (Proprietary and Non-proprietary) – Generate Submission information packages Future DirectionsFuture Directions