Adapted from Encase Legal Journal.

1. CMYK
Crime
Computer
Forensics Vital
for Combating
Cyber Crimes
By Vicky Shah
Cyber crimes are which consists of,
committed through the
• Arriving at the scene: Initial
use of computers or
response/ prioritization of efforts
computer network
• Preliminary Documentation and
systems. In these crimes,
Evaluation of the scene
computers are used as
• Processing the scene
tools to commit crime
• Completing and recording the crime scene
and/or as a target where
investigation of crime scene equipment
an attack or compromise has to be performed and/or
as an incidental to a crime in which a computer is used Computer forensics is commonly defined as the
to generate fake, forged or authentic looking literature collection, prevention, analysis and court presentation
for either committing a physical or virtual crime. of computer-related evidence. Courts mandate the
proper seizure and analysis of computer evidence in
A thorough crime scene analysis is vitally important to
any investigation with respect to the law of the land.
effective law enforcement. In particular, rapid logical
advances have greatly expanded the amount of The most important tool for a computer forensic
information that can be obtained from the analysis of investigator is the software used to perform the
physical evidence from a crime scene. In order to take investigation. Without specially designed computer
advantage of these new opportunities, the investigator forensic software, there cannot be a true forensic
should use sound scene processing practices to analysis.
recover useful evidence. Forensics is all about the
In general, there are three primary reasons why
criticalness to the administration of a crime and the
specialized computer forensic software must be
objective is all about recognition, documentation,
employed in order to conduct a proper computer
collection, preservation and transmittal of physical
investigation:
evidence for analysis.
1. Proper Acquisition and Preservation of
Digital Forensic deals with the recognition,
Computer Evidence
documentation, collection, preservation and
transmittal, identification and interpretation of Electronic evidence is fragile by nature and easily can
electronic media for evidentiary and/or root cause be altered or erased without proper handling. Merely
analysis; especially of secondary memory of computer booting a subject computer into windows environment
which is capable of storing data in bits i.e. Hard Disk will alter critical date stamps, erase temporary data,
Drive (HDD). and cause hundreds of writes to the drive.
Digital Forensic deals with conducting a proper and Specialized computer forensic software, such as FTK,
documented investigation of the alleged misuse of a EnCase which are recognized by NIST ensures the
system, its users, its facts and services. subject computer's data is not altered in any way during
the acquisition process. A file date stamp is critical
Prior to the forensic a chain of custody is followed
The Mumbai PROTECTOR Jan - Feb 2010 49
CMYK

2. CMYK
Crime
piece of evidence in litigation matters.
2. Authentication of collected Data for
Court Presentation
Computer forensics is based largely on the
premise that the data recovered from
computer systems will ultimately be
presented in court of law. As such, another
important feature of computer forensic
software is a verification process that
establishes that the investigator did not
corrupt or tamper with the subject evidence
at any time in the course of the
investigation.
Computer forensic software employs a
standard algorithm to generate an image
hash value. The algorithm calculates a
unique numerical value based upon the
exact contents contained in the evidentiary
image copy. If one bit of data on the
acquired evidentiary bit-stream image
changes, even by adding a single space of • Identifying
text or changing the case of a single • Recovering
character, this value changes. • Reconstructing
• Analyzing
3. Recovery of all Available Data.
Including Deleted files Goal of Cyber Forensic: Investigate digital systems to:
In addition to the active data normally seen • determine if system has been compromised
by the computer user, computer forensic • determine extent of damage
software allows the examiner to recover all • determine how a system was compromised
deleted files that have not been completely • understand intrusion techniques
overwritten, as well as other forms of • understand intruder patterns and infer intent
unallocated or temporary data. • discover evidence of intruder identity
• strengthen protection
Forensic science is the application of • strengthen our ability to protect
science to law; it deals with applying of any • make new friends and host really fun parties
scientific principle or technique...
Cyber Forensic is useful for investigating agencies.
Conclusion:
With organizations incurring excessive losses of intellectual
property and other trade secrets, advancements in computer
forensics technology are meeting the compelling need to counter
this threat. Also, with the volumes of cases, it is important for
investigators to use forensic tools with improved technology.
Ongoing computer investigations are now the need of the hour for
keeping pace to counter crime.
Reference: Legal Investigation Manual - Encase
Disclaimer: This article is for non-profit/non-commercial purpose.
For further queries please contact the author on
vicky@cybercrimes.in 1+91-98201-05011. "Human Behaviour is
the Biggest Risk in Security - Vicky Shah”. +
The Mumbai PROTECTOR Jan - Feb 2010 50
CMYK