The History Of Computer Forensics

Published Date: 02 Nov 2017

ABSTRACT

With a massive increase in crimes related to computers , the most famous being, "Hacking", and the fact that criminals are equally equipped with the latest technology, the need of the hour is to prepare strong, accurate and powerful mechanisms to combat them. This paper defines the term computer forensics, discusses how digital media relates to the legal requirements for admissibility of paper-based evidence and suggests a methodology for dealing with potential evidence. The conclusion is that digitally based evidence must be both scientifically sound and legally acceptable.

KEYWORD

Hacking, criminals, forensics, evidence, technology.

INTRODUCTION

Law enforcement and the legal establishment are facing a new challenge. Criminal acts are being committed and the evidence of these activities are recorded in electronic form. Additionally, crimes are being committed in cyberspace. Evidence in these crimes is almost always recorded in digital fashion. It is important that computer security professionals be aware of some of the requirements of the legal system and understand the developing field of computer forensics.

"Computer forensics is the specialized practice of investigating computer media for the purpose of discovering and analyzing available, deleted, or "hidden" information that may serve as useful evidence in a legal matter."

Computer forensics has become a very important of criminal investigation. Since computers have become mainstream the need for a science that will lead with the technology has become an issue for the judicial and legal system. Some of the areas computer forensics may be utilized are:

Copyright infringement

Industrial espionage

Money laundering

Piracy

Sexual harassment

Theft of intellectual property

Unauthorized access to confidential information

Black mail

Corruption

Decryption

The use of Internet and Information Technology has been increasing tremendously all the over the world.

TRENDS TODAY

Forensic technologies include mechanisms to retrieve data in the form of evidence from a seized computer system. The data can be from any hard drive, computer memory, hard copy taken from any computer or in any other form. This extraction is performed in a manner that it satisfies the requirements of the case and prove as a solid evidence .Typically, the data that resides on the fixed drive of a system has been erased or otherwise altered in order to protect incriminating information. It is Forensic technologies make it possible to retrieve such altered data. It is also recognized that the act of obtaining evidence does not necessarily constitute a forensic act. For example, concluding a blood stained knife identified at the crime scene as the weapon for doing the crime will not be a forensic activity rather it should be derived or concluded from matching attributes of blood stains of both the knife’s and the victim’s apparel by conducting appropriate chemical tests. Similarly concluding a bullet came from a gun by observing the gun when it is shot is a conclusion not derived from forensics. Matching the microscopic groves on a bullet to the barrel of the gun does employ forensic principles. In both the above cases the latter comprises evidence found on the most elementary level while the former does not. It follows that standard file copy programs or routines that search for text do not operate as forensic tools. In the case of programs designed to move data from one place to another, new evidence is not uncovered. Procedures executing a text search are also disqualified since they can be accomplished by standard observation. The reconstruction of files by uncovering patterns of bytes, or obtaining data from a microscopic view of a medium’s magnetic domains does serve as suitable candidates for a forensic research.

Similarly, data manipulations along with other processes that transform information in some fashion cannot be considered as forensic operations. Examples include encryption, data compression and other types of encoding. These methods are only used to transform the same evidence into a different form and do not serve to uncover new evidence. Despite the fact that in a transformed format this type of evidence is not readily understood, it is readily observable and hence does not qualify. Furthermore, the operations on this evidence are not performed on an elementary level but rather on a higher level comprised of characters and text files. These endeavors more appropriately belong to the field of cryptology. An individual skilled in the field of cryptology need not employ an understanding of computer fundamentals in order to perform these operations.

TECHNIQUES

Basic Computer Forensic Techniques:

For Computer Network –For computer networks, the following are the forensic techniques that are most commonly used –

Packet Sniffing – Sniffing as a general term means to sense something and carries the same meaning here. In this,Data flows through network lines like oxygen flows through air, pulling out critical packets from these networks thus making the packets or data to be visible to the intruder. This data may contain usernames or passwords, sent and received emails or it can be any data that flows through the network. This data can easily be misused by the criminals.

IP Address Tracing- Internet Protocol Address Tracing means to trace an IP address right down to its real address. IP Address tracing involves reverse address look up, which means, counting the number of servers that lie between source and destination. These are referred to as hops. One of the lowest address during the tracing process we get is the ISP server. The target IP address is then checked with the ISP and ownership information can be gathered with the help of it.

Email Address Tracing- Sometimes it becomes important to know from where as to an email come from. This is necessary in cases of threatening emails or hacked id’s. This can be achieved by analyzing email headers. Each packet over the network consists of source machine IP address and destination machine IP address apart from other information such as location, time of message etc. which could easily be used for an IP trace.

For Computer Systems:

File Structure- For a physical computer system, the file structure is analysed and a look out is done for suspicious files which are scattered in every nook and corner of the system. Some of these files may be encrypted, garbled or hashed with some algorithms. Such files are then processed and decrypted for gathering digital evidence. Generally, this task is achieved with the use of automated tools and utilities but manual interference also plays an important part.

Storage Media- Storage Media act as a powerful and dangerous device that leads to computer crime. It includes hard disks, portables, external storage devices. Criminals might erase their content after their act completely which makes it extremely difficult for the ethical people to retrieve data.

Steganography- Steganography is the techique of hiding information in images, sounds or any other file format than any normal or routine format like .doc,.xml etc. This makes the data difficult to discover and can easily be hidden and propagated. To overcome the problems, decryption techniques are applied that helps identify data.

Prints- Prints are print outs or hard copies which are taken from a printer device attached to a computer.. Most of the computer forensic experts forget to concentrate AXCC on these print outs. These print outs are taken such that at the first glance they are not visible to the naked eye. Their characters would either be too microscopic and small to be detected by normal human eyes or would be garbled for deception. So while evaluating and gathering of digital evidence analyzing print out becomes a very important aspect and should not be neglected or handled carelessly.

CONCLUSION

We conclude the paper by saying that even though these techniques are advanced and help deal with such crimes, but with the rapid advancement of technology, the computer forensics still need a lot more research and new tools and mechanisms.