admin 
Internet Security Cyber Crime
EVOLUTION OF DIGITAL EVIDENCE
BY-SIMRAN NANGIA
Digital devices are used to commit cyber crime but with the mushroom growth of science of digital evidence forensics the posse can now use these devices in order to combat cyber crime.
Digital evidence or electronic evidence is “any probative information stored or transmitted in digital form that a party to a court case may use at trial” . Section 79A of IT (Amendment) Act, 2008 defines electronic form evidence as
“Any information of probative value that is either stored or transmitted in electronic form and includes computer evidence, digital audio, digital video, cell phones, digital fax machines”.
In an effort to fight e-crime and to collect relevant digital evidence for all crimes, law enforcement agencies are incorporating the collection and analysis of digital evidence into their infrastructure.
HOW DID DIGITAL EVIDENCES EVOLVE?
Initially, computer-generated records such as log files were considered hearsay, therefore, inadmissible in court. Case law and updates to the Federal Rules of Evidence have changed that. Rule 803 provides for the admissibility of a record or report that was “made at or near the time by, or from information transmitted by, a person with knowledge, if kept in the course of a regularly conducted business activity, and if it was the regular practice of that business activity to make the memorandum, report, record or data compilation.” This changed the game regarding the critical role that digital evidence can play in investigations and convictions. It essentially means that activity logs recorded as a part of standard business operations are now admissible. This bolstered the need for employers to have forensic investigation software to monitor user activity, collect activity logs, and securely manage them in case there is ever a need to leverage the data in a legal capacity[1].
Consequently, the role of digital forensics in fighting crime is becoming ever more important and it is critical for law firms and courts to develop a well-thought-out strategy for such investigations. In Penderhill, the Supreme Court clarified that the courts must be appropriately responsive to the technical changes that are taking place[2].
Digital forensics follows a similar process to crime scene forensics when collecting evidence for a potential trial. The digital forensics process involves collecting, analysing and reporting on digital data in a way that is legally admissible. Digital evidence can also be used to prove whether a person has been involved in crimes that are unrelated to technology, such as murder or larceny.
The main repositories of digital evidence are computers, storage devices, telephones, networks, cloud servers and emails. However, as the Internet of Things develops, many other devices will provide digital evidence.
Here, are important landmarks from the history of Digital Forensics:
Hans Gross (1847 -1915): First use of scientific study to head criminal investigations
FBI (1932): Set up a lab to offer forensics services to all field agents and other law authorities across the USA.
In 1978 the first computer crime was recognized in the Florida Computer Crime Act.
Francis Galton (1982 – 1911): Conducted first recorded study of fingerprints
In 1992, the term Computer Forensics was used in academic literature.
1995 International Organization on Computer Evidence (IOCE) was formed.
In 2000, the First FBI Regional Computer Forensic Laboratory established.
In 2002, Scientific Working Group on Digital Evidence (SWGDE) published the first book about digital forensic called “Best practices for Computer Forensics”.
In 2010, Simson Garfinkel identified issues facing digital investigations.
Process of Digital forensics
Digital forensics entails the following steps:
- Identification
It is the first step in the forensic process. The identification process mainly includes things like what evidence is present, where it is stored, and lastly, how it is stored (in which format).Electronic storage media can be personal computers, Mobile phones, PDAs, etc.
- Preservation
In this phase, data is isolated, secured, and preserved. It includes preventing people from using the digital device so that digital evidence is not tampered with.
- Analysis
In this step, investigation agents reconstruct fragments of data and draw conclusions based on evidence found. However, it might take numerous iterations of examination to support a specific crime theory.
- Documentation
In this process, a record of all the visible data must be created. It helps in recreating the crime scene and reviewing it. It Involves proper documentation of the crime scene along with photographing, sketching, and crime-scene mapping.
- Presentation
- In this last step, the process of summarization and explanation of conclusions is done.
CONCLUSION
Digital forensics methods and investigation software are critical elements of cybersecurity programs. Most incidents, whether they are designated as breaches or not, require some level of investigation. In many cases, these investigations may warrant the need to present valid evidence in court. Doing so requires that entities can securely collect, preserve, analyze, and report on findings. Through outsourced or in-house cybersecurity expertise and critical technical capabilities such as insider threat detection technology, businesses can proactively prepare to take on seemingly unavoidable investigations.
[1] The Evolution of Digital Forensics
By Dr. Christine Izuakor – March 03, 2020
[2] Penderhill Holding Limited ao v Ioannis Kloukinas, Civil Appeals 319/11 and 320/11, 13 January 2014.
As the cyber law is still developing the scope of digital evidence is limited as of now in India .
While the process now it carefully documents, I feel the required training should be given to the local law enforcement officials.
Extremely informative and helpful as the law’s in India are still developing.
With the introduction of IT Act 2002 the Indian Evidence Act wasade even more effective then it was before including digital evidence as admissible in court fascilates not only court but also the parties involved however it is really difficult to prove the credibility given the software and their reach nowadays but with time soon we will see an era of digital litigation .
Really good article it really help me to understand things easily
As technology is advancing we need to prevent us to use limited data types or hide from the online world
The article here is an introduction to evolution happening in the area of data evidence under data forensics. Earlier in many articles the readers were made well versed with the concept of data forensics, how it helps in tracking cyber crimes, therein how data is analysed to produce a evidence in cases as mentioned in the above article, etc. There are number of challenges data forensics is facing like, which is hampering them to work with great speed. The article at basic level trying to tell that how mechanism of data evidence has established so far and challenges which will be faced in future…..