- Revanth Reddy Chintam
A crime committed by using a computer system, phone, or any digital device that is connected to the network is known as cyber crime or digital crime. These electronic devices can be used either to commit the cybercrime or they can act as the victim by taking the attack from all those malicious sources on the Internet. Every crime is investigated, it is similar in the case of cyber-crimes too. Cyber-crime investigators must be professionals in computer science, not only understanding file systems, software, and operating systems but also must know how the networks work. The investigators must be familiar enough to determine how the interactions between two or more networks works, to understand what had happened, why it happened, when did it happen, who is all behind this and how to protect the victim from further attacks.
Cyber crime investigations are conducted by Criminal justice agencies, National Security Agencies, and Private Security Agencies, etc., There are various investigation techniques involved in cyber crime investigation. They are:
- Background check: A background check of known facts will help the investigators to set a starting point and understand the problem they are facing and how much additional information is required to start the investigation.
- Information gathering: Facts and clues are very important for any investigation. The cyber security researcher or investigator must gather information as much as possible about the incident.
Some basic questions that need answering are:
- Is the attack an automated one, or a human-based targeted crime?
- What is the scope and impact of this incident?
- Can this kind of attack or crime be performed by anyone or only specific people with some special skills?
- Who can be possibly suspected of such crimes?
- Is there any open opportunity for the attacker to possibly attack again?
- Where to find evidence for such crimes?
- Can the evidence be accessible?
- What other similar digital or cyber-crimes have been committed?
These are questions are very important and are considered very relevant during the information gathering process. It is known that most of the National and Federal agencies of investigation use surveillance reports and interviews to obtain proof of cyber-crimes. Surveillance reports involve security cams, videos, and photos, and also the digital behavior of what is being used, how it is used, and when it is used through electronic device surveillance.
- Tracking and Identifying Cyber Criminals: To track the cyber criminal behind these attacks, after the information gathering process, relying on the amount of information in hand, both the private ad public security agencies work hand in hand. With the help of ISPs and Networking companies, the agencies get valuable information like the log information of the companies’ connections, websites, historical services and data, and protocols used during the time the cyber criminal was connected to the ISPs, and these networking companies. However, this process takes a lot of time as it requires permission from the prosecutors and an order from the court to access the evidence and required data.
- Digital Forensics: It is also very essential to examine the digital system that got affected or those expected to be linked with the origin of the attack. For this, the researcher needs to analyze network connection raw data, hard drives, cache devices, RAM, system files, and many more. Once the forensic work starts, the researcher will follow up looking for trails of criminal activity in system files, emails, browsing, network and service logs, etc.,
Top Cybercrime Investigation and Forensic Tools:
- SIFT Workstation: Useful to examine digital forensic data on several systems.
- The Sleuth Kit: An open source collection of Unix and Windows based forensic tools that helps researchers analyze disk images and recover files from those devices.
- X-Ways Forensics: This Tool is used to perform disk cloning and imaging, read partitions from raw image files, HDDS, RAID arrays, LVM2, etc.,
- Caine: Caine is a full Linux distribution used for digital forensic analysis.
- Digital Forensics Framework: It allows researchers to access local and remote devices and also to reconstruct VMware virtual disks.
- Oxygen Forensic Detective: One of the best multi-platform forensic applications used by security researchers and forensic professionals to browse all the critical data in a single place.
- Open Computer Forensics Architecture: This software is developed to speed up the investigation process, allows the researcher to access data from a unified and UX-friendly interface.
- Bulk Extractor: It is one of the most popular apps used for extracting critical information from digital evidence data.
- ExifTool: It supports extracting EXIF from images and vídeos i.e., common and specific meta-data such as GPS coordinates, thumbnail images, file type, permissions, file size, camera type, etc.,
- SurfaceBrowser™: It is used for detecting the full online infrastructure of any company, and getting valuable intelligence data from DNS records, domain names and their historical WHOIS records, exposed subdomains, SSL certificates data, etc.,