Loading

Introduction

“Standards establish specifications and procedures designed to ensure products, services and systems are safe, reliable and consistently perform as intended.”[1] Standards can be used to accredit forensic laboratories or facilities, as well as to certify products and services. Several worldwide actions have taken place in recent years with the goal of producing forensic science standards and recommendations. The establishment of International Organization for Standardization (ISO) standards is the most significant endeavour now undertaken in the worldwide forensic community.

Standards for forensic technology analysis address the convergence of forensic investigation and electronic records. Forensic technology standards, which deal with both the analysis of collected evidence and the electronic storage of forensic information, strive to preserve information in its original form for reliable retrieval, whether it is immediate, later in the inquiry, or during future investigations. A focus is on the use of electronic records as legal evidence and the precise procedures put in place to achieve that purpose.

Forensic investigation standards guide and provide the accepted standard practise for a variety of procedures, ranging from the broad and widely applicable, such as the standard guide for physical evidence labelling and related documentation, to the nuanced and specific, such as cocaine microcrystal testing. Given the emphasis on testing, ASTM International, formerly known as the American Society for Testing and Materials, is the standards developing organisation responsible for the vast majority of forensics standards. Many standards were produced by the International Organization for Standardization (ISO) and industry-specific organisations such as the National Fire Protection Association (NFPA), contributing to the collection of standard procedures. These standards serve as a guide for the forensic field, ensuring consistency and dependability in the collection, processing, storage, and retrieval of forensic evidence.

Guidelines for Identification, Collection, Acquisition, and Preservation of Digital Evidence

The International Organization for Standardization (ISO), a non-governmental international organisation, and the International Electrotechnical Commission (IEC), a non-profit international organisation, establish and publish international standards to harmonise practises between countries. International guidelines for digital evidence processing were published in 2012 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

These guidelines solely addressed the early processing of digital evidence. The recommended four stages for dealing with digital evidence are as follows:

Identification

This phase entails searching for and recognising significant evidence, as well as documenting it. The priorities for evidence collecting are determined in this phase based on the value and volatility of the material.

Collection

This phase entails gathering all digital devices that may hold evidence-worthy material. These devices are then returned to a forensic laboratory or other facility for the collection and examination of digital evidence. This is known as static acquisition. However, static acquisition is not always possible. In such cases, data is collected in real time. Consider critical infrastructure systems (i.e., industrial control systems). These systems cannot be turned off because they provide important services. As a result, live acquisitions are carried out to capture volatile and non-volatile data from live functioning systems. These live acquisitions, however, have the potential to disrupt the routine operations of the industrial control system (e.g., by slowing down services).

Acquisition

Digital evidence is gathered without jeopardising the data’s integrity. This was emphasised as an important principle of digital forensics practise by the United Kingdom National Police Chiefs Council (NPCC), formerly known as the United Kingdom Association of Chief Police Officers (i.e., Principle 1: “No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data which may subsequently be relied upon in court”). This is performed by producing a duplicate copy of the digital device’s content (a process known as imaging) while utilising a device (write blocker) that is designed to prevent data tampering during the copying process.
A hash value is created using mathematical computations to determine whether the duplicate is an exact copy of the original; in this case, a cryptographic hash function is utilised to generate a hash value. If the hash values for the original and copy match, the duplicate’s contents are identical to the original. Recognizing that there are “circumstances where a person finds it necessary to access original data [i.e., during live acquisitions],” the United Kingdom National Police Chiefs Council emphasises that “the person [accessing this data] must be competent to do so and be able to give evidence explaining the relevance and implications of their actions.”

Preservation

A chain of custody, which is described as the method by which investigators retain the crime (or event) scene and evidence throughout the life cycle of a case, can be used to demonstrate the integrity of digital devices and digital evidence. It contains details on who gathered the evidence, where and how the evidence was gathered, who took ownership of the evidence, and when they did so. To ensure that evidence is admissible in court, meticulous documentation at each stage of the digital forensics process is required.

The ISO/IEC 27037 does not cover the remaining stages of the digital forensics procedure (analysis and reporting). To reveal digital data, the analysis (or investigation) phase necessitates the employment of proper digital forensic tools and methodologies. On the market, there are various digital forensics tools of varied quality. Encase, FTK, and X-Ways Forensics are examples of digital forensics tools. The type of digital forensics tools used varies depending on the type of digital forensics investigation conducted (for example, the Oxygen Forensics Suite can be used for mobile forensics and cloud services on mobile devices; for network forensics, which involves the use of scientifically proven techniques to investigate [crimes committed against and via] computer networks. Existing digital forensics solutions (for example, EnCase, FTK, and NUIX) are intended to operate in traditional computing settings. Specialized digital forensics techniques are required, for example, for critical infrastructure networks, interfaces, and operating systems.

Situation in India

“In the first half of 2018, 945 incidents of online hacking all over the world led to a staggering 4.5 billion (450 crore) data records being compromised, equivalent to 291 records being exposed every second (Gemalto, Netherlands). Digitalisation of lifestyles is making cybersecurity increasingly important to governments, organizations and people. It is, therefore, important to understand the what, why, and how of cybersecurity and the Indian government’s plan of action to tackle this growing menace.”[2]

Forensic science is a young field, and cyber forensics is much younger. There are various domains of cyber forensics, each of which is extremely tough to practise. Nonetheless, the importance of cyber forensics cannot be overstated, especially in these days of space laws, artificial intelligence, and the Internet of Things (IoT). India has developed technology-driven projects such as the National E-Governance Plan (NeGP), Digital India, and others. Cyber forensics will play a significant part in instances ranging from basic broadband theft to sophisticated satellite hacking. Of course, India is a novice in this subject, therefore we must begin with the fundamentals of cyber forensics.

Even for simple applications of cyber forensics principles, law enforcement agencies, public prosecutors, and judges are having difficulty. The moment a defective police investigation begins, the entire case against a cybercriminal is jeopardised. In India, we have police personnel and intelligence officers with excellent investigative skills. However, not all of them are capable of deploying these investigation tools in cyberspace.  We have two acts: the law of evidence and the law of information technology. It is critical to understand that, in order for an act to be investigated as a cyber-crime under Section 66 of the Information Technology (Amendment) Act, 2008, it must be an act as defined in Section 43 of the Act committed with dishonest and fraudulent intent, as defined in Sections 24 and 25 of the Indian Penal Code. If the act does not meet the above criteria, it is brought into the authority of the adjudicating officer and becomes an offence solely, rather than being investigated as a cybercrime.

Conclusion

With the advancement of science and technology, cyber forensics has become increasingly crucial. Furthermore, as the number of cyber crimes such as hacking has increased, so has the necessity for cyber forensics. As a result, numerous tools and procedures for tracing the crime and creating a precise report in order to make it admissible in court of law have been developed. The present forensic tools are critical in the recovery process. Each instrument has its own set of drawbacks and limits. There is a need to progress and improve these tools and procedures in order to make computer forensics a complete success and legally valid in law.

Computer forensics has an infinite potential. With the advancement of technology, the field’s benefits and hurdles will continue to grow. Use only tools and processes that have been tested and reviewed for accuracy and reliability. The evidence gathered by the specialist must be handled and stored properly so that it may be presented to the court in its entirety. Any flaws in the process or approach of cyber forensics implementation may jeopardise the case.


References:

[1] Linzi-Wilson Wilde, “The international development of forensic science standards — A review”, Forensic Science International, Vol. 288, July 2018, pg. 1-9.

[2] Bishwa Pandey, “Cybersecurity in India: A Primer”, URL https://sprf.in/cybersecurity-in-india-a-primer/ .


0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *