Introduction - Part 1

Digital Forensics is a branch of forensic science that uses scientific knowledge or methods to gather evidence and solve crimes. It has some scientifically proven methods to preserve, collect, validate, identify, analyze, interpret, document and present the digital evidence. The main aim of a digital forensic investigation is to find facts and recreate the truth of an event.

Digital Forensics has three main categories :

  • Acquisition
  • Analysis
  • Presentation

    • 1. Acquisition :
    Acquisition means collecting the digital media to examine. It includes optical media, hard drives, storage cards from camera, mobile phones, embedded chips from devices etc. The collected evidence should be treated delicately and a duplicate should be made of the collected evidence to maintain the record.

    2. Analysis :
    In this category a media is actually examined with appropriate analysis methods. It includes file content examination, file system analysis, statistical analysis etc. and finally the results are intrepreted by the examiner based on his training, expertise, experimentation and experience.

    3. Presentation :
    Presentation is the process by which an examiner shares results of the analysis phase. It includes generating a report, artifacts uncovered and meaning of those artifacts.



    Locard's Principle of Excahnge



    Edmond Locard was known as the "Sherlock Holmes" of France. He said that every contact by a criminal leaves a trace behind. So as per the theory of Edmond Locard if any kind of crime is commited using any kind of digital media, the criminal has left a trace behind.

  • Classification of Crimes

    •
    1. Infractions (violations) :
    They are offences that are punishable by fines but will not send you behind the bars (jail).

    2. Misdemeanors :
    It is a kind of criminal offence that can send you in jail for a year. It also includes payment of fine, probation, community service and restitution.

    3. Felonies :
    It is the most serious type of criminal offence that involves serious physical harm to victims and also include offences like white collar crimes and fraud schemes.


  • List of Some Digital Crimes

    •  1. Hacking
    2. Theft
    3. Financial Frauds
    4. Web Defacement
    5. Cyber Stalking
    6. Identity Theft
    7. Implanting Malware
    8. Child Soliciting and Abuse
    9. IPR Infringement
    10. Document Forgery



    Government and Law Enforcement Initiatives




  • Law Enforcement :

    • It is the activity of some members of government who act in an organized manner to enforce the law by discovering, deterring, rehabilitating, or punishing people who violate the rules and norms governing that society.

  • IT Act 2000 :

    • It stands for "The Information Technology Act, 2000". It is an Act of the Indian Parliament notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce.

  • CERT :

    • CERT stands for computer emergency response team (CERT). It is an expert group that handles computer security incidents. The Indian Computer Emergency Response Team is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security threats like hacking and phishing. It strengthens security-related defence of the Indian Internet domain. Alternative names for such groups include computer emergency readiness team and computer security incident response team (CSIRT).



    Digital Evidence




    Digital Evidence is an information that is stored or transmitted in a binary form that may be relied in court. It can be found in a computer hard drive, mobile phone, personal digital assistant, CD, flash card of a digital camera etc. Digital evidence is commonly associated with electronic crime or e-crime such as child pornography or credit card fraud (carding) etc.

    Digital evidence is now used to prosecute all types of crimes, not just e-crime. For example, suspect's e-mail or mobile phone files might contain critical evidence regarding their intent, their whereabouts at the time of a crime and their relationship with other suspects.

    Digital evidence is an information and data of value to an investigation that is stored, received or transmitted by an electronic device. This evidence is acquired when the data or electronic devices are seized and secured for examination.

  • Digital Evidence Facts :

    • 1. It is latent like fingerprints or DNA evidence
    2. It can cross jurisdictional borders quickly and easily.
    3. It can be easily altered, damaged or destroyed.
    4. It can be time sensitive.


    To Be Continued...

    Comments

    Post a Comment

    Popular posts from this blog

    Exif's Image File Directory - Forensics Perspective (Part 1)

    Image
    Exif IFD Tags Exif data contains different exif tags and each exif tag has its own value (eg. time, data, GPS etc). Exif tags are used to encode additional information related to an image when the image is generated or captured by the digital cameras. NOTE : There are many exif tags in exif's image file directory but I will cover the most important once from which one can find evidences. Tags 1. ExposureTime Exposure time is measured in seconds (eg. 1/500 (0.002 sec)). The main purpose of an exposure time is to describe the brightness of an image or the amount of light a sensor receives. Evidence : You can find out whether the photograhp is taken in brightness or darkness. If the exposure time is around 10 to 30 seconds then you can consider it as a night time photography and if the exposure time is around 1100 to 1125 seconds you can consider it as a day time photography. NOTE : Exposure timings are not always between the above mentioned values, they can set as per the ...
    Read more

    Exif Data - Introduction

    Image
    Exchangeable Image File Format Exif Data is a metadata that is generated and stored by your camera whenever you take a photo and this data is embedded within your images and includes information about GPS coordinates (location), that is why many websites are stripping the exif data from the uploaded images due to privacy concern. Apart from your GPS coordinates exif stored many sensitive information and some of them are Camera Model Name, Modify Date, Date/Time Original, Create Date, File Source, Camera Firmware Version, Owner Name, Image Type etc. and all this information is then processed by Exif/DCF reader of the website, if not stripped by the server. This type of information is formatted according to the TIFF specification and may be found in JPG, TIFF, PNG, JP2, PGF, MIFF, HDP, PSP and XCF images, as well as many TIFF-based RAW images and even some AVI and MOV videos. The EXIF meta information is organized into different Image File Directories (IFD’s) within an image. Exif...
    Read more