Digital Forensics includes identification, collection, analysis and interpretation of any valuable digital information related to cyber-crimes stored in the digital devices. Preserving digital evidence is much more complex than preserving physical evidence, thus digital forensics is an advanced and an emerging field of forensic science. Digital forensics is an expanded form of computer forensics as it includes all devices capable of storing digital data.
Digital forensics consists of five steps:
- Policy and Procedure Development: Digital forensics is a field which requires trained personnel in the areas of digital recovery techniques. Considerable efforts need to be spent on the development of policies of digital forensics investigation in order to allow others to follow the same procedure and end up with the same results.
- Evidence Assessment: The possible sources of digital sources should be assessed in a thorough manner in order to establish the size of the investigation and plan the next steps. It is necessary to establish the nature of hardware and software to be seized. The nature of the evidence can be in the form of spreadsheets, photographs, financial records, databases or in some cases additional information is also required like the Internet Service Provider used, passwords etc. Other evidence like scanners, printers, digital cameras etc. can also be a part of evidence assessment depending on the case.
- Evidence Acquisition: Preservation of digital evidence is as important as acquiring it. Digital evidence can be easily tampered or destroyed by mishandling as they are fragile in nature. Failure to preserve such evidence may lead to inaccurate conclusions. For example, an exact copy of the original storage data can be made so that the forensic investigation can be done on the copy instead of the original one.
- Evidence Examination: Different types of cases will require different methods of examination. Firstly, it is important to prepare and decide which files to be recovered for the case. Next comes the extracting the data from digital devices. It is of two types; physical extraction, identifies and recovers data without regard to the file system such as doing a keyword search and finding relevant files. Logical extraction recovers data based on the file system or applications. Then, the extracted data is analyzed to determine their significance in the case.
- Documentation and Reporting: Each step of the investigation must be documented completely in order to allow others to allow others to reproduce the investigation and reach the same conclusion.
The lack of personnel with techno-legal skills has led to a rise in the cyber-crime rates in India. Section 4 of the Information Technology Act, 2000 also talks about the legal recognition of electronic records and states that electronic matter is at par with matter in written form.
Digital forensics is concerned with digital evidence. Section 79A of the IT Act provides the definition of electronic evidence as any information which is either stored, or transmitted in electronic form inclusive of digital audio, digital video, cell phones, computer evidence, digital fax machines etc. Similar definition can be found in Section 3 of the Indian Evidence Act,1872. Section 79A also empowers the Central Government to appoint any agency of the Central and State government as Examiner of Electronic Records.
Section 65A and 65B of the Indian Evidence Act was added by the IT Act, 2000 and deals with the admissibility of electronic records. In the case of State of Delhi v. Mohd. Afzal & Ors., it was held that electronic records can be admitted as evidence. The person challenging the accuracy of the electronic record on any ground must prove the same beyond reasonable doubt. Along with this, the admissibility of storage devices with the digital content from the crime scene can also be admissible in court (Section 65B). Certain computer outputs such as computer printouts, floppy disk, CDs are admissible without proof or production of actual records.
The Central Bureau of Investigation can also be approached for any serious economic offences such as fake currency notes, bank frauds and other financial scams. For this purpose, there are different units named Cyber-crimes Research and Development Unit (CCRDU), Cyber Forensics Laboratory (CFL) and Cyber-crime Investigation Cell (CCIC). CCRDU mainly collects the information on cyber-crime cases and reports it for further investigation. The CCIC has the power to investigate criminal cyber offences and also reports the cyber-crime in India to Interpol. The CFL provides on-site assistance for computer search and provides testimony in the court. It also conducts criminal investigation for various law enforcement agencies. The CBI has also signed a memorandum of understanding with the Data and Security Council of India to seek expert advice in cyber-crime cases and update the officials about the latest technology.
The lack of expertise among the cyber-crime investigation personnel was clearly evident in the Aarushi Talwar murder case. The tampering with the digital and physical evidence, and the non-submission of routers and computers seized by the CBI led to flaws in the case and elongated trials. In the case of State of Punjab v. Amritsar Beverages Ltd. the Supreme Court expressed that the officers lack expertise and insight into digital evidence techniques. The IT Act does not solve all types of problems related to cyber-crime or cyber forensics. Thus, digital forensics being a part of the law enforcement mechanism needs to include the best practices and provide training to the personnel in order to have a fair trial and speed up the process.
By- Mona Das
19 thoughts on “Digital Forensics”
The Arushi Talwar murder case was indeed slap on the face of the cyber security. And although situation is comparitively better, one must remember that the world is going towards a total digital age which means way more possibilities of facing cybercrimes.
Arushi case conclusion was basically the mishandling of evidences.
With the evolution of technology, people’s lives are becoming more dependent on online means. It plays a major role in increasing cases of Digital Forensics.
Inclusion of legal provisions and cases in this article is a good step. Very well written article.
the data privacy security and to protect and prevent the misuse of data and information data forensics play a major role which is defined in the article
Very informative article for all people and evolution of technology and data privacy security
I think you were confused, Because you are not able to decide whether you were writting for data privacy, data tamppering, data thefting.
You discussed a case but how do cyber foresics helped here. You wrote about prons of cyber forensics but you also cons of cyber forensics which are may be myth
Perfectly elaborated and very informative.
There is not only lack of expertise but i think that our law system also lacks resources required for equipment and research also .
The case wa not well studied by the investigators due to wich the problem arises.Not only the officers need to be protected in this online world , all of us nee dto be protcted so the such case eill no arise once again.
Really good article it really help me to understand things easily
this article says about new world new tools and as the digitalization scheme it is very important to know about digital forensics and it can make work easier . but this article can be more explained without confusing the reader.
Dealing with the cyber crimes has been normalized now a days because of the vast usage and life dependency on internet. Very well explained about the digital forensics and most importantly it’s provisions.
Perfect article!!!! The article brings out the concern of digital forensics to be more advanced with separate laws or say specific laws for the same as not widely covered under IT ACT, 2000. The writer on one hand tries to explain the relevance of digital forensics to deal with various cyber crimes commited all around and on another the need for more advancement in the field to deal with cyber crimes down to earth picking up Arushi Talwar murder case into picture. The article is trying to convince the authorities regarding flawness in the area due to which there are various obstacles in the path for proper investigation of the cases. The writer must be appreciated as to able to bring such compliated topic in a nice and understandable manner before readers….
There is a urgent need for training of officers regarding cyberspace and digital evidence. The article perfectly deals with every aspect of digital forensics be it steps of digital forensics to provisions and case laws. A very useful and informative article.
A very informative article on digital forensics and the procedures involved in it like evidence collections, evidence handling ,processing and reporting . the author also highlights the laws related to digital forensics. As the cyber crimes are increasing rapidly , digital forensics is proving to be of great help in solving cases . It help not only in cyber crimes but also in other crimes too as an important part of forensics investigation.
This article is quite useful to understand the concept of digital forensics. Digital forensics is used for identifying direct evidence of a crime as well as to attribute evidence to specific suspects, confirm alibis or statements, determine intent, identify sources(for example, in copyright cases) or authentic documents.
A very informative article on digital forensics .The article explains the procedure of the digital forensic in five simple steps which is easily understandable and also explains the legal provisions which is really helpful.
well done. Just i have to say informative and well structured.
Very informative great article