Cyber forensics is a challenging field which has been evolving in the last two decades in India with the rise of use of technology and tech gazettes. Forensics analysis for collection of evidences was in use for assisting the police and for the criminal investigations in the past also, however, it was limited to scientific analysis and understanding. With the advent of electronics, telecommunication, mobile phone technology, and the computerized systems in business, Government and personal front a big portion of life of almost every individual is occupied by the computer based technology. Obviously there is a drastic increase in the commission of crimes using the computer based crimes in the virtual world or crimes using the cyber space. Most of the countries have introduced their cyber laws to take care of the cyber crimes. India did introduce the IT Act 2000 which takes care of almost all cyber crimes in association with the Indian Penal Code. The role of cyber forensic is to gather, analyze, and prove the crime. In the view of the big spectrum of cyber crimes like hacking, cyber terrorism, Cyber stalking, Spamming, Cyber pornography, Phishing, Spoofing, Code theft, Worm attacks, Credit card frauds etc., the role of cyber forensic is very crucial in the investigation of the crime and further securing producible evidences in front of the court without affecting the originality of the evidences. Cyber forensic is very much important because without it the cyber crimes may not be proved and the criminals may not be punished.
It is really important to understand meaning of the terms cyber forensic and crime investigation. As cyber forensic has come in the discussion in the recent years, let’s consider crime investigation first to establish its most commonly interpretation.
It is well known to a common man that criminal investigations are carried out to find out information about a crime or a criminal activity. A crime is an act against the law that is known to be prohibited by law. Such act if commissioned against the public then it becomes punishable by law. There are two important things in a crime from the point of view of investigation such as the person committing it and the intension or motive behind it. Generally criminals tend confess after the criminal investigations, however, the investigation helps to find out or to establish suspects involved in commissioning the crime or the criminal act. The crime is social and economical phenomenon as discussed above which involves committing legal wrong that follows legal proceedings that results in to punishments.
Cyber forensic involves two terms such as cyber and forensic. The term cyber denotes the virtual space and the information based space that is defined using computers in which information in the form of data, symbols, pictures exists. It can be called as the space where the computer programs work and data is processed. Whereas forensic involves collecting, analyzing and examining information about a past event to be produced in the court of law. However, cyber forensic is a scientific process that involves recovering evidences from digital medium. It is also termed as preservation, identification, extraction, and documentation of computer evidences stored in a hard disc of a computer system. One can say that it is a process of examination of computers, cyber space, electronic devices etc. for gathering evidences.
The main role of Cyber forensics is to collect evidence from the computers’ hardware or software, computer system and computer network from the crime scene. Cyber forensics may include cracking the password protected information or files, recovering the deleted data, observing the computer, preserving the digital evidence, search the database, tracing of the IP address etc. These evidences are used to catch hold of the culprits or the offenders. One must take precautions while collecting the digital evidence is to collect evidence in a manner accepted as per the court’s rules and regulations, the authenticity of the evidence and the totality of the evidence as well. Any error in collecting the evidence it might adversely affect an innocent person. The computer which is to be scanned should be treated with care as it might contain viruses, logic bombs, booby traps and so on as it can destroy important information or data in it.
As it is established now that cyber forensic is the process of recovering/gathering evidences from the digital media, it would be appreciated that cyber forensic has very important role of detection, and establishment of evidences of the cyber crime. So it may involve so many other allied activities such as retrieving, analyzing, preservation, identification, presentation and detection of data that has been digitally stored on to the computer.
There is another side of cyber forensic which is a positive and protective side of cyber forensic. It also involves data security, preventing data theft, security implementation, prevention of unauthorized access, prevention from cyber attack, prevent phishing, virus attach and prevent hacking.
There are cyber forensic experts who can take such responsibilities to protect systems in the Government and private sectors also. Although police will help people in the investigation of the cyber crime by using cyber forensic, however, one can take preventive measures for the cyber security and even in the investigation of cyber crime.
A new community is rising in India and abroad termed as Cyber Forensic Experts who assist police and public to investigate the Cyber Crimes. Such a person needs diverse techno-legal knowledge and experience. He should know the computer operating systems, computer hardware, networking, in addition to legal aspects of cyber law, legal issues, responsibilities, and last but not the least ability to work congruently for a number of hours during the investigation processes.
It will be evident from the activities and responsibilities of a cyber forensic expert that how important is the role of cyber forensic in the criminal investigations involving cyber crimes. They recover data from a given media. It is to be noted that they have to recover the deleted data many times. In addition they recover data after formatting, virus attacks, and even password protected files. Further, they have to recover data from broken hard ware, damaged hard discs, wiped out files, data without the properties of the data files etc. There is other kind of roles such as finding alternative sources of data recover from the computer systems under investigation. Banking fraud investigation, phishing, cyber stalking are some of the challenging investigations in cyber forensics.
Cyber forensic experts use various tools for data recovery. One of such most talked tool is EnCase. It is a forensic data acquisition and analysis program specifically for Windows platform assisting legal framework, specifications and requirements. It is seen that the cyber forensics establishes if the computer systems or the electronic devices under his custody contain evidences, off course, in the scope of the investigation. Then accessing and understanding the contents of files, data and the time of creation of them. Then acquire the data, authenticate it and build a case out of the available resources. A person with ordinary using ability of computers, electronic devices, or mobile phones will appreciate that such investigation needs diverse experience, knowledge and ability to apply that to practice. The role of cyber forensic is so important that without it one may not establish the case and punish the criminal.