Digital Forensics

This blog is inscribed by Isha Mittal.

In this digital world, everything has started to become cashless, but at the same time, cyber-crimes have increased a lot, which provide hackers an easy penetration into the network of the user and extract all the important data from the system. If the data is stolen or lost, we have a field of forensic science- digital forensics, which is used by the crime branch generally.

Digital forensics is a branch of forensic science that focuses on recovering and investigating of the material that is found in the digital devices that are capable of storing digital data, relating to the cyber-crimes. This branch of forensic science is also popularly known as computer forensics. Digital forensics has a lot of applications, there are even issues and cases relating to it in the criminal as well as civil courts. [1]

Digital forensics is the process of finding pieces of evidence against the digital data that has to be recovered from digital media like computers, laptops, mobile phones, servers, or networks. This helps the forensic team to complete the investigation at a faster rate and solve those complicated digital-related cases easily, as it helps them to analyze, inspect, identify and preserve the digital evidence that is present on various other devices by the usage of the tools and techniques that have come out to make the work easier. [2]

Illustration: Suppose, if a company’s data is being stolen due to some security breach, and they call a digital forensic expert to recover it back. So, the digital forensic investigator will try to find the shreds of evidence, the way how the attacker attacked the system, to what all sites and networks were been through after gaining the access to the system, what activities were done by the attacker while traversing it, whether the hacked the system, extracted some confidential information or planted some virus or malware to infect it into the system. After analyzing the answers to these questions, the investigator will recover the lost data from the computer hard drives and other sources. And depending upon the situation, the investigator might install some firewall in the system, to protect it from the outer world attacks and create a honeypot for the outer world.

History:

Forensic science is in the world, for a long time. It has been for over 100 years since forensic science is into play. Digital forensics is although a new, younger, and more frequently used field ever since there was an establishment of personalized computers in the 1980s and is mainly relating to the digital world objects and scenarios. [3]

After the digital forensics came into play, the first tools used in digital forensics investigations was developed by FBI labs circa in 1984, which was headed by the FBI’s specialized CART (Computer Analysis and Response Team), which were responsible for assisting the investigators for digital crimes that were reported.

With the establishment of digital forensics in the 1990s, there had to be some laws that govern the working of the cases that would be reported to them regarding digital forensics’ issues. Thus, several law companies came together for its working and regular meetings were kept with the digital forensic investigators to get a better understanding of the situation.

In the year 1847, Hans Gross was the first person to use the scientific study for criminal investigations, after which the FBI lab was established in the year 1932, where the forensics facilities would be provided to the agents and the law authorities within the USA. Further, in 1978, the first computer crime was recognized and later reported in the Florida Computer Crime Act. Francis Galton was the first person, who conducted a recorded study on fingerprints. Later, as the digitization expanded, this came as a subject in academics. Seeing the issues and the risen cases, IOCE (International Organization on Computer Evidence) was formed in 1995.

Later, in 2000, the FBI’s first regional computer forensic laboratory was formed and with this, in 2002, Scientific Working Group on Digital Evidence (SWGDE) published a book on digital forensics. In 2010, Simson Garfinkel became the first person to identify issues related to digital forensics and investigation.

Process of Digital Forensics:

Several process models are present in digital forensics and these models help to define how the investigators should proceed to gather the information and examine the evidence properly. Digital forensics include several steps included in it[4]:

1. Identification: This is the first step in the digital forensics process. This step includes basic things that are required for further investigation. It includes what is the evidence, where was it found, where is it stored, when was it used last, and by whom, etc., mainly all the WH questions are included in this.

2. Preservation: This process includes isolating, preserving, and securing the data from the evidence. It also includes preventing the people to touch, see the evidence, because it increases the chance of tampering it.

3. Analysis: In this step, the digital forensic expert, along with the investigators are called, and the data that is recovered from the evidence is analyzed, and conclusions are drawn from it, depending on which further investigations are done.

4. Documentation: In this phase, a record is prepared for all the data and the information that is gathered from the evidence and the crime scene, along with the photographs, sketches, and the mapping of that area. It helps in reviewing the case in a better way.

5. Presentation: This is the last step, where all the details about the evidence, crime scene are summarised and the explanations for the conclusions that are drawn are explained.

Challenges faced in Digital Forensics

Although Digital forensics has helped a lot in solving the crimes easily and at a faster rate, some challenges are faced by the investigators:

  • There is extensive use of PCs and internet access
  • Hacking tools that are supposed to be used are not found easily
  • Since the physical evidence is lacking, the legal action that has to be brought becomes difficult.
  • There are huge spaces in the PCs, generally in terabytes, so this makes the investigation quite difficult and tireless
  • If there are any technological updates in the software, it produces changes in the solutions later

Fields where Digital Forensics is used:

  • Theft in Intellectual Property
  • Disputes related to Employees in offices and companies
  • Inappropriate use of the Internet and emails at and during workplace
  • Investigations in Bankruptcy
  • Investigations related to Fraud
  • Matters related to forgeries

When we look from the perspective of career purpose in Digital Forensics, one can look into different and unique options [6]. One has options like:

  • Work in a cybersecurity office as a cybersecurity expert
  • Work as a digital forensic investigator
  • Be a crime analyst
  • One can be a business intelligence analyst
  • Digital forensic specialist
  • Can work as a computer forensics investigator
  • Computer systems analyst 
  • Homeland security professional

There are a variety of tools for any digital forensic practitioner. If one is keenly interested in digital forensics, the tools one can use for it[7]:

  • Wireshark or HaskKeeper-These are free to use programs that are used to speed the examination of the database files.
  • Encase or CAINE: These are powerful commercial software platforms that have multiple functions and uses Linux for the entire forensic work. 

Thus, Digital Forensics is a huge and a very broad topic, which is more into light these days, as the world is getting cashless and digitalized. Every crime that is taking place is through online platforms only, like the purchase scams that are taking place are through the online shopping sites, phishing, where the hacker tries to attack the confidential and the personal information, etc. All these cybercrimes involve the use of digital forensics somewhere or the other in its process of investigating. Hence, the usage of digital forensics has increased in this world as compared to the other methods that are present. [5]

References:

[1] https://en.wikipedia.org/wiki/Digital_forensics#:~:text=Digital%20forensics%20(sometimes%20known%20as,in%20relation%20to%20computer%20crime.

[2] https://www.guru99.com/digital-forensics.html

[3] https://subscription.packtpub.com/book/networking_and_servers/9781788625005/1/ch01lvl1sec10/a-brief-history-of-digital-forensics

[4] https://www.eccouncil.org/what-is-digital-forensics/

[5] https://www.enigmasoftware.com/top-5-popular-cybercrimes-how-easily-prevent-them/

[6] https://www.computersciencedegreehub.com/faq/what-is-digital-forensics/

[7] https://www.csoonline.com/article/3334396/what-is-digital-forensics-and-how-to-land-a-job-in-this-hot-field.html

Leave a Reply

Your email address will not be published. Required fields are marked *