Вы находитесь на странице: 1из 4

Forensics Computing Technology to Cyber

Bvoc[IT].BMS College For Women
Priyanka20000103@gmail.com Ph:6360243385

Abstract— The advent of technological revolution in communications and information exchange has created
sophisticated form of crime, cyber crime. Cybercrimes have more severe economic impacts than many conventional
crimes and like any other crime, these cyber crimes should be brought to justice. The process of gathering electronic
evidence of a cyber crime is known as forensic computing. This paper addresses the technical aspects, while at the same
time providing insights which would be helpful for the legal profession to better understand the unique issues related
to computer forensic evidence when presented in the court of law.
Keywords— Cyber Crime, Computer Forensics, Electronic/Digital Evidence,piracy..

I. INTRODUCTION Cybercrimes are structurally unique in three main

Cyberspace has no specific jurisdiction; therefore,
criminals can commit crime from any location through
computer in the world leaving no evidence to control . Characteristics of law enforcement agencies

When someone steals‖ data from cyber space or uses  Failure to catchup with cybercrime technologies
 In experience with cybercrimes
information for unintended purposes, it is called cyber 

Inabilituy to solve cybercrimes
Lack of collaboration with industries

crime. With the increase usage of computer Lack of collaboration/global cooperation

technology, cyber crime is on the rise. Like any crime,

Characteristics of Characteristics of
cyber Crime should be investigated and prosecuted cybercrime victims cybercrime victims

where necessary. Computer forensics describes the Lack of confidence with law of
Globalization of cybercrime

practice of retrieving evidence in the form of data Weak defense mechanisms

Increased success/confidence

from a computer that relates to a crime in a manner

Low reporting rates

that meets the requirements of the given legal Compliance with cybercriminals
Sophisticated technologylinks
with organized crimes
system. Computer forensics evidence needs to be
 Figure1:The vicious circle of cYber Expertise,unique profiles

handled with the same care that physical evidence crime

requires. However, there is added complexity due to  They are technologically and skill-intensive.
the technical nature of computer based technology  They have a higher degree of globalization than
Unique profiles

and has added another dimension with digital conventional crimes

evidence. As greater emphasis is placed on digital  Given the Internet’s global nature, cybercrimes entail
evidence, it becomes increasingly critical that the important procedural and jurisdictional issues.
evidence be handled and examined properly.
Cybercrimes includes but not limited to:
 Theft of telecommunications services;
Cyber crime is typically described as any criminal act  Communications in furtherance of criminal
dealing with computers or computer networks. It is conspiracies;
also called by other names (e-crime, computer crime  Information piracy, counterfeiting and forgery;
or Internet crime indifferent jurisdictions), which have  Dissemination of offensive material;
roughly the equivalent meanings. The characteristics  Electronic money laundering and tax evasion;
of cyber criminals, cyber crime victims, and law  Electronic vandalism and terrorism;
enforcement agencies have created a vicious circle of  Sales and investment fraud;
cybercrime. Figure1 shows this circle’s key elements.  Illegal interception of telecommunications; and

Forensics Computing Technology to Cyber Crime
Bvoc[IT].BMS College For Women
Priyanka20000103@gmail.com Ph:6360243385

 Electronic funds transfer fraud. 1. Digital Evidence Recovery – Involves the examination of
electronic devices for information relating to a crime, and
Regardless of the definitions, the use of computers the processes involved in collecting relevant data.
and the Internet in the commission of crimes require 2. Cyber/Intrusion Forensics – Involves detecting computer
investigators applying cyber forensic techniques to security breaches, identifying and preserving digital
extract data for investigating these cases, prosecuting evidence.
these cases and passing the ultimate judgment 3. Forensic Data Analysis – Involves identifying anomalies in
regarding the disposition of offendersanders and the large data sets that may indicate illegal or improper acts.
redress of victims.
Computer forensics refers to the legal processes, rules of
Any criminal investigation follows procedures which vary
evidence, court procedures, and forensic practices used
from one country to another, but the computer forensics
to investigate e-Crimes . Specifically, computer forensics
investigator should follow these steps:
is the application of scientific, forensically sound
procedures in the collection, analysis, and presentation  Secure and isolate.
of electronic data. For computer evidence to be accepted  Record the scene.
in a court of law, the forensic investigation process must  Conduct a systematic search for evidence.
identify, preserve, examine, and document any computer  Collect and package evidence.
evidence retrieved . Computer evidence is entirely  Maintain chain of custody.
different. It cannot be seen, touched or smelled and it
often lasts for only very short periods of time. Computers Phase 1 should be to freeze the scene of crime in order
typically store data in three ways,magnetic, to prevent the ICT context from being modified before
semiconductor, and optical. Other less common data digital traces are collected, and to avoid giving the
storage methods include magneto-optical disk storage, malicious person a chance to modify or destroy evidence
optical jukebox storage and ultra-density optical disk [4]. The goal of phase 1 is to avoid the destruction or the
storage. Potentially significant new developments in dislocation of crucial data. The investigator must classify
technology suggest that techniques like phase-change resources to determine which system must be removed
storage, holographic storage, and use of molecular from the scene. Identifying traces and collecting them
memory may become methods for data storage in the comprises the second phase (phase 2), and this should be
future. Data stored on these devices, while potentially of followed by the data safeguarding and preservation
tremendous value in the investigation, prosecution and phase (phase 3). At this stage, data can be analyzed
prevention of crime, presents unique challenges to (phase 4) and subsequently presented in a
detectives and prosecutors because of its potentially comprehensive way for non-experts and legal experts
volatile nature. Electronic data is fragile. It can easily be (phase 5). The purpose of any investigation is to discover
changed or eliminated by cyber criminals. This means and present facts that contribute to establishing the
that the data must not be compromised in any way. It truth. It is not enough to be a good computer specialist,
must be able to be proven that the data is a true he should be aware of the legal framework and
representation of what happened, that it can not have constraints in order to perform a useful computer
been modified in any way, either by the intruder investigation. If this were not the case, the results of the
themselves, or the collection and examination tools. In investigation could be compromised and thrown out by
other words, the chain of custody must be established the court because of an insufficient or incorrect
(Sommer, 1998), Mc Kemmish (2001) identifies three evidence- gathering process. A common vocabulary
distinct types of forensic computing: between police force, justice and forensics should exist.
Procedures should be set up in order to increase
computer investigation performance and reliability [5].

Forensics Computing Technology to Cyber Crime
Bvoc[IT].BMS College For Women
Priyanka20000103@gmail.com Ph:6360243385

The resulting investigation report should be easily When searching for digitalevidence, many problems
comprehensible and must describe in detail all the arise, including these:
operations performed and procedures followed in order
to gather electronic evidence. Investigators with a  Which elements may contain pertinent information
understanding of information and communication for the case being investigated?
technologies should use in conjunction with effective  How can the relevant data to be seized be identified?
international cooperation, so as to uncover the criminal’s  What are the procedure rules to be followed?
identity. Digital information can help to validate or  How can data be collected, stored and preserved?
dismiss a witness statement, to prove that a specific  How can data be safeguarded?
action was performed at a given time, to determine how  How can digital data be preserved as evidence for
a crime was committed, to reveal links between an apotential hearing?
offender and a victim, [6] etc. Which kind of information  How can data be copied from its support to another
and where it can be found in the system and network is one in order to analyze it without modifying it?
mandatory knowledge for digital investigators? Any  How can a copy be authenticated?
computer systems information and communication  How can the original data be preserved?
device (electronic components, memory devices, hard  How can it be guaranteed that the process of
discs, USB sticks, etc.) or information it contains, are copyingthe data did not modify it?
potential targets or instruments of crime. Each software  How can files that have been deleted be recovered?
or data execution or transaction leaves digital traces.  How can a cyber trail be followed?
Digital traces are volatile and rapidly removed from  How can the origin of a message be proven?
servers. Digital evidence is even more difficult to obtain  How can an IP address that identifies a system in
because ICT transcends international boundaries . In such anetwork and an individual be associated?
cases, success depends on the effectiveness of  How can primary binary data be transformed
international cooperation between legal authorities and intosignificant comprehensible information?
the speed with which action is taken. One of the most  How can results be presented to non-specialists?
important features is the duration during which Internet
Service Providers (ISP) keep information concerning user To answer these questions, some computer forensic
subscriptions and activities (IP addresses, connection tools and procedures should be used by trained and
data, etc.). The retention period, during which data is competent experts but their standardization is also an
available in order to retrieve someone’s identity from his issue On the other hand, criminals could be tracked by
IP address, varies from one country to another . Legal active communication monitoring and live
systems must give law enforcement agencies the surveillance . Telephone, e-mail or instant messaging
appropriate authority to access traffic data. Countries eavesdropping is possible to collect information
should improve international cooperation and be able to related to communication content or non-content
share critical information quickly, otherwise digital such as e-mail headers or IP addresses. In fact,
evidence may disappear. For Instant Messaging services criminals can also be identified through undercover
and Peer-to-Peer or Internet Relay Chat facilities, logs investigation when investigators join instant
and historical content of communications are kept for messaging (IM) services, peer-to- peer networks
only a few days. An IP address identifies a computer, not (P2P), Internet relay chat (IRC), newsgroups,etc. to
a person and criminals use false or stolen identities . It is lure criminals . The chain of custody is a very
always very difficult to establish the identity of a person important concept when dealing with investigation,
on the basis of an IP address, email or web addresses or a forensic science, evidence and the execution of law
digital trace. “How can particular digital information be and it helps to preserve the integrity of evidence. Like
linked to its physicalentity?”‖ Once the IP address of a any material trace, a digital trace must satisfy certain
system involved in a criminal activity has been identified, criteria which include documentation of the trace and
the next step is toinvestigate “The physical entity?”‖

Forensics Computing Technology to Cyber Crime
Bvoc[IT].BMS College For Women
Priyanka20000103@gmail.com Ph:6360243385

the history of the trace handling and must answer the could also enhance nations’ abilities to fight
following questions: cybercrimes.

 Who gathered the evidence? REFERENCES

 How was the evidence collected?
1) Cyber Crimes: A New Challenge, Deputy
 Where was the evidence found and amassed?
Controller(Technology), CCA, Ministry of
 How was the evidence stored, authenticated,
InformationTechnology, India, 2002.
 protected and analyzed?
2) Danquah, P., & Longe, O. B. (2011). An Empirical
 Who handled the evidence? From whom did he Testof the Space Transition Theory of
 receive it? CyberCriminality:The Case of Ghana and Beyond.
 How the evidence is kept safe? How is it African Journal ofComputing & ICTs. 4(2), 37-48.
 authenticated? How is it locked up? Who has access 3) Bossler, A. M., & Holt, T. J. (2010). The Effect of self-
to it? Who took it out of storage and why? By applying control on victimization in the cyber world. Journal
best practices and existing guidelines, what is really ofCriminal Justice, 38, 227-236.
needed in the investigation by cyber scene crime 4) Berg, S. E. (2009). Identity theft causes, correlates,
investigation, could improve and develop the andfactors: A content analysis. In F. Schmalleger &
investigator's efficiency, helping to be accepted by M.Pittaro (Eds.), Crimes of the Internet (pp., 225-250).
legal and technical professionals.


Without appropriate measures to combat

cybercrimes, the vicious circle’s elements reinforce
each other resulting in more and serious cybercrimes.
No pure technological solution exists for such
security-related problems, but combining
technological and non-technological measures are
needed to combat cybercrimes. At the technological
level design of database and network and their
implementation is crucial. Nontechnical measures are
behavioural measures like, a simple training strategy
aimed at creating awareness among consumers,
employees, and the public about cybercrimes.
Developing national technological and manpower
capabilities, enacting new laws, promoting a higher
level of industry- government collaborations, and
pushing for international cooperation are critical to
combating cybercrime. Given cybercrimes’ global
nature, international institutions especially carry
enormous power that we must harness to fight such
crimes example, the International
Telecommunications Union (ITU). Investing in training
people, law enforcement authorities and investigators