Computer Forensics involves identification of computer crimes and finding solutions for them by using analytical and investigative techniques. These analytical and investigative techniques involve the acquisition, analysis and documentation of computer data related to crimes. This paper describes the computer forensics, security issues in computer and network, types of computer crimes, examples of computer crimes, tools of computer forensics, cyber laws, courses and career in computer forensics.
Anybody who has read the exploits of the fictional detectives, Sherlock Holmes of Sir Arthur Conan Doyle and Hercule Poirot of Agatha Christie, will know how Forensic Science coupled with logical reasoning is used in detection and solving criminal cases. Our very own truth seeker Byomkesh Bakshi by Sharadindu Bandyopadhyay is no less an expert in the matters of detection and Forensic Science. Forensic Science involves application of science to collect, preserve and analyze scientific evidence to aid in the investigation of crimes and for use in the court of law. Chemistry and Biology along with many branches of science are involved in Forensic Science [1,3]. With advent of Information age involving computers, various communication technologies, Internet and other digital devices, a huge number of crimes involving these are occurring everyday. These technologies have become so much a part and parcel of the day-to-day life that there is hardly any crime where the digital devices, communication technologies and computers are not involved in either a direct or indirect manner. Digital Forensics or Computer Forensics [4-8] is the branch of Forensic Science which deals with gathering, analyzing and preserving data from Digital devices so that the same can be used to solve criminal cases and can be produced as legally admissible evidence in the court of law. The terms Digital Forensics and Computer Forensics are usually used synonymously. The only difference is that Digital Forensics covers all devices capable of storing digital data [9-12].
The number and types of Computer offences have rapidly increased with various advances in computer technologies and increased usage of computers. Specialized tools have been developed to trace out the crimes done using computers. Various law enforcement agencies take the help of their own cyber-crime cells, software companies, research centers and scientific groups to solve the cases related to computer crime. A variety of computer evidences gathered related to computer crimes help these agencies in solving the cases. Specialists are hired by the agencies to detect and solve various cyber-crimes such as hacking of websites, stealing internal details of the organization and gain access of user personal details. Currently, organizations are struggling with various security issues which can be dealt by effective Computer Forensics strategies.
Today most of us are dependent on various digital technologies in our day-to-day life either directly or indirectly. With the increased use of computers, many are becoming victims of computer-related crimes. Computer crimes can be well understood by knowing about the various threats to security. Some of the requirements to implement computer and network security are given below. Using this, we can understand the types of threats to security.
Computer systems should be in a position to verify and authenticate the identity of user before allowing access to the computer system.
Only authorized parties should be able to access the content in computer systems. When any unauthorized party gets access to the content in the computer system, it can lead to theft of data, printing of authorized documents, loss of valuable information in the system, or other forms of disclosure.
Only authorized parties should be able to modify (i.e. write, change status, delete and create) the assets on the computer system.
Computer Crimes can be categorized by the type of activity that occurs [13,14,15]. Some of the basic categories of computer crimes are interruption, interception, copyright infringement and fabrication.
It mainly relates to destruction or theft of asset (i.e. piece of hardware, hard disk, communication line or file management system) of the system. An example is the theft of files which contain passwords of all employees of an organization.
It is an attack on confidentiality of system by which an unauthorized party gains access to assets stored on the computer system. Examples are the unauthorized capture of data in a network and illicit copy of files or programs.
These computer crimes mainly relate to unauthorized usage of copyrighted work without taking explicit permission from the owner. This can involve illegal reproduction and distribution of work for business or personal use. Example is software piracy which involves usage of licensed software without purchasing it.
It involves insertion of counterfeit objects into the system by an unauthorized party. Examples of Fabrication are addition of unwanted records to a file, insertion of spurious messages in a network by either altering some portion of a legitimate message or by reordering the sequence of message.
Apart from above mentioned computer crimes, there can be many other criminal activities on the internet such as capture of personal information, promotions of various fraudulent financial schemes aiming to swindle money from the naïve and the gullible.
Some of the Computer crimes related cases which hit the headlines or those which we keep hearing frequently in news are listed below.
All the forged content related to stickers of the home ministry, emblems of Government of India and Seals on the fake ID cards of terrorists who attacked the parliament on December 13, 2001 were designed using the laptops of terrorists. These evidences were found by the computer division of Bureau of Police Research and Development.
In this case, a bank management trainee's ex-girlfriend created fraudulent email ids and sent many fake emails to the boy's foreign client using the bank’s computer. Due to this fraudulent activity, there was a huge loss to the bank, as they lost many of their foreign clients.
This case is significant in the aspect that it was the first cyber-crime conviction in India. This case was filed by Sony India Private Limited. This case involved a person who was working at a call center, gained access to the credit card information of a foreigner and misused it for the purpose of buying a Sony color television set and a cordless headphones.
It mainly deals with sending fraud e-mails requesting transfer of funds. The e-mails are sent usually by compromising the e-mail account of the top leaders like CEO or CFO of the organization. E-mails advising to send wire transfers of huge sums of money are sent from this compromised account to the senior financial staff of the organization. Due to this growing financial fraud, several companies in the world are becoming victims with huge financial losses.
This involves fake internet ads and fraud e-mails that offer jobs and online works from home. The victims are usually lured to provide confidential personal information or pay money as a part of this scam.
The above mentioned cyber-crimes are some of the classic examples that can be effectively investigated by the law enforcement authorities by the usage of Computer Forensics tools. The following section deals with tools that can be used by investigation agencies to trace out the origin of problem and effectively solve them.
Computer Forensics tools are used to deal with cyber threats, cyber-attacks, cyber warfare and cyber terrorism. Some of the Computer forensics tools are as follows.
It is a multipurpose forensics platform which is used as a tool for data acquisition, analysis and reporting. It mainly handles real business problems that relate to regulatory compliance, breach detection & response, employee investigation, law enforcement, litigation support and theft of sensitive data.
It is an Unix and Windows based tool that helps in investigating disk images. It mainly focuses on analysis of volume and file system data.
It is a multi-purpose forensic operating system which includes all necessary tools that can perform a detailed digital forensic examination.
It is an advanced platform that can be used by the police investigators, lawyers and auditors [2]. It includes key features such as disk imaging and cloning, automatic detection of deleted or lost hard disk partition and checking data authenticity.
It is the software useful for analyzing and gathering evidence from mobile phones. This tool can be used for analyzing Call Data Record (CDR) files, retrieve subscriber data (including phone type, city, state) from any extracted phone number, gather device information (including manufacturer, retail model name, platform, IMEI, MAC addresses, IMSI, phone number). It helps in getting details of the social connections and contacts of the users of mobile devices who are under investigation. It also enables visualization of complex connections inside crime groups. It provides support for all popular web browsers that include Nokia, Apple iPhone series, Sony Ericsson, Samsung, Motorola, Panasonic and other mobile phones.
Computer crimes are punishable under the sections 65- 74 by Indian law. Very stringent punishments such as life time imprisonment and fines for lakhs of rupees can be the consequences of criminal acts done using computers. Some of the sections are as follows:
Hacking computer systems are punishable under Section 66 with imprisonment up to three years, or with a fine up to five lakh rupees.
Cyber terrorism is punishable under section 66F which may lead to life imprisonment.
Publication and transmission of sexually explicit and child pornography is punishable under Section 67B which may lead to seven years imprisonment and a fine up to ten lakh rupees.
A lot of cyber-crimes that resulted in misuse of social media and internet has made the government to put in place national security architecture to prevent sabotage, espionage and other forms of cyber threats. In this context, there is a big demand for cyber security professional to encounter the various cyber-crimes in the fast growing internet economy. The University Grants Commission in India has introduced courses and curriculum related to Computer Forensics to meet this talenting demand. The courses have subjects related to detection, analysis and response to cyber threats. Undergraduate and postgraduate courses in Computer Forensics are now available. These courses have subjects like Cryptography, Network security, Mobile and wireless security, Virus programming, Information security, Database security and Multimedia security.
After completing these courses, one can choose a career in either government cyber organizations or other private firms where there is need of IT security. The specializations in B.Tech course related to Computer Forensics and postgraduate courses in this area will enable the student to choose his career as Cyber forensics solutions architect, Cyber security architect, Cyber security administrator, Information security analyst and Network security analyst. Various organizations that relate to accounting, law, banks and software development hire these forensic specialists.
With the increased use of computers, internet and digital devices in all aspects of life, the crimes involving these areas are also increasing day-by-day. Some rogue nations and terrorist organizations are also using computers and internet to carry out their evil designs. All countries and their respective law enforcement agencies are increasing getting themselves equipped with the latest developments in Computer Forensics to able to deal with and effectively encounter these cyber-crimes. Also, every police department now has a cyber-crime’s cell manned with forensics specialists. Many large organizations which are vulnerable to cyber-crimes have their own staff who are experts in these areas. This is indeed a good opportunity for all those who wanted to be Digital Sherlock Holmes and Hercule Poirots, to learn and equip themselves in this field of Computer Forensics and do good to the world.