“There is a deep connection between digital forensics, development, and maintaining cybersecurity. Democratic values and good governance are everything that is needed for a secure future”

WHAT IS DIGITAL FORENSICS?

Digital forensics can be defined as a branch of forensic science involving the reclamation and inspection of data in digital gadgets in relation to the occurrence of a cybercrime.

Originally used as a synonym for the term ‘computer forensics’, Digital Forensics now includes the inspection & investigation of any gadget accomplished in retaining digital data. The concept sprouted in between the 1970s and 1980s during the personal computing revolution, further developed unsystematically during the 1980s, and finally made its presence felt in national policies during the early years of the 21st century. The investigations carried out under digital forensics can encompass a varied number of implementations. Supporting or rejecting a conjecture before civil & criminal courts being the major one.

Intrusion or Internal corporate investigations in private sectors also seeks the help of digital forensics. Depending on the nature of the investigation required, on technological lines, the investigation is divided into a number of categories such as forensic data analysis, mobile gadget forensics, and network forensics. The conventional digital forensic investigation follows the process of – seizure, forensic imaging, examination of digital media, and finally the production of a concluding report. Forensics not just helps in getting hold of the digital evidence in cybercrime, but also facilitates in recognizing particular suspects, understanding intent, authenticating documents, and identifying alibis.

ORIGINS

One of the first official digital forensics programs was launched by the FBI in 1984 under the name- Magnet Media. When digital forensics was emerging out of the womb in the 1970s, the judicial authorities lacked a clear understanding of cybercrimes and digital forensics. When dealing with cases of cyber-attacks, their foremost concern was the data that was stored digitally.

For obvious reasons, capturing, withholding, and examining the data was a tedious task for the authorities. This is where Magnet Media, the very first forensics program, proved its worth. It was due to the emergence of criminal activities in cyberspace such as the spread of child pornography that gave rise to cybersecurity hackers such as Cliff Stoll who in 1986 invented the first-ever honeypot trap.

HOW IT WORKS

The process of a forensic investigation begins with investigating the digital footprints of a person. Examination of these digital footprints guarantees information about the web pages visited by the said person, their duration and timing on a webpage, and the gadgets they have used. The information received helps in solving criminal cases.

The process includes the following steps-

Identification
Preservation
Analysis
Documentation
Presentation

Using extraordinary forensic tools, these investigators are masters at examining encrypted data. Techniques and technologies to solve cybercrimes are scaling up exponentially. The main tasks of solving a crime involve reclaiming deleted files, cracking passwords, and ultimately tracking down the source of the data breach. In order to make the findings approachable to courts, police, and other authorities, a comprehensive report is created with all the evidence.

Earlier during the 1990s, it was through live analysis that these cyber investigations took place. With an increased amount of information stored in digital gadgets these days, a live analysis wouldn’t be our best bet. For this reason, forensic tools were created in order to analyze data without damaging the device. These tools can be categorized as forensic open source tools, forensic hardware tools, and many others.

LIMITATIONS OF DIGITAL FORENSICS

Encryption is one of the biggest setbacks of a forensic investigation as it disturbs the initial examination. On top of that, the laws which could force users to reveal their encryption keys are fresh & disputed. However, bootloader techniques can many times help in such a situation. Digital forensics investigation constitutes of many branches depending upon the devices in question. It is not only via computers that data can be breached but also through smartphones, flash drivers, and tablets. Depending on the kind of gadgets used, digital forensics has been disseminated into branches.

KINDS OF DIGITAL FORENSICS

Disk Forensics:

This involves taking data from storage media by investigating active, modified, or deleted files.

Network Forensics:

A sub-branch of digital forensics that requires invigilating & analyzing network traffic to get the required information and evidence.

Wireless Forensics:

A division of network forensics, wireless forensics offers the tools required in collecting and examining the data received through the wireless network traffic.

Database Forensics:

It’s the branch of digital forensics that deals with the understanding of databases and metadata.

Malware Forensics:

This branch studies and deals with malware such as viruses, worms, etc.

Email Forensics

Involves the analysis and recovery of deleted emails, calendars, etc.

Memory Forensics:

Involves the collection of data from system memory (registers, cache, RAM) in a raw form and then rebuilding it.

Mobile Phone Forensics:

Involves the examination and analysis of mobiles. In this, information regarding phone calls, messages, audio, and videos are revealed. It helps in recovering a stolen phone.

CHALLENGES FACED BY DIGITAL FORENSICS

A surge in PC’s and unlimited use of internet access
Hacking tools are handy.
Without physical evidence, prosecution becomes very difficult.
Technological changes require an immediate revamping and upscaling of the solutions.