CYBER FORENSIC

Dr. Twisha Shah

Senior Teaching and Research Associate
Department of Biochemistry and Forensic Science
School of Sciences
Gujarat University
 DEFINITION OF CYBER CRIME

• Police and Public Order are State subjects as per Seventh Schedule of
the Constitution of India. The State/UTs are primarily responsible for
the prevention, detection, investigation and prosecution of crimes
including cyber-crime through their law enforcement agencies.

• “Any Crime Committed By Using Computer, Internet Or Any

Other Digital Medium As A Tool Or Target.”
 TYPES OF CYBER CRIME

• Cyber crime can be basically divided into three major categories:

1. Cyber crimes against persons- like harassment occur in cyberspace or using

cyberspace. Harassment can be sexual, racial, religious, or other.

2. Cyber crimes against property- like computer wreckage (destruction of others'

property), transmission of harmful programs, unauthorized trespassing, unauthorized
possession of computer information.

3. Cyber crimes against government -like Cyber terrorism

• "Cyber Terrorism" is committed with intent to threaten the unity, integrity, security or sovereignty of India
or to strike terror in the people or any section of the people by -
• denying or cause the denial of access to any person authorized to access computer resource; or
• attempting to penetrate or access a computer resource without authorization or exceeding authorized access;
or
• introducing or causing to introduce any computer contaminant, and by means of such conduct causes or is
likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that
it is likely to cause damage or disruption of supplies or services essential to the life of the community or
adversely affect the critical information infrastructure.

• Cyberterrorism is also committed when somebody knowingly or intentionally penetrates or accesses a

computer resource without authorization or exceeding authorized access, and by means of such conduct
obtains access to information, data or computer data base that is restricted for reasons of the security of the
State or foreign relations; or any restricted information, data or computer data base, with reasons to
believe that such information, data or computer data base so obtained may be used to cause or likely to cause
injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with
foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement
to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the
offence of cyber terrorism.
 CYBER FORENSICS

• Cyber Forensics is a branch of digital forensics that deals with gathering, conserving,
analyzing, and presenting digital evidence in court.
• Computer forensics is most employed to detect evidence of criminal behavior, such as
hacking, fraud, or embezzlement, as well as evidence that can be utilized in civil action.
The goal of computer forensics is to retrieve and preserve electronic evidence from a
variety of digital devices, including as computers, servers, mobile devices, and storage
media.
• Computer forensics requires the use of specialized tools and software, the ability to
extract and analyze data from a wide range of digital devices and storage media, and the
ability to present evidence clearly.
• Cyber forensics encompasses various aspects, including the identification, acquisition,
preservation, analysis, and presentation of digital evidence in a legally admissible manner..
• It involves investigating computer systems, networks, digital devices, and digital
environments to uncover evidence of cybercrimes, such as hacking, data breaches,
financial fraud, intellectual property theft, and other illicit activities conducted in the
digital realm The main objectives of cyber forensics are to identify and attribute
cybercrimes, reconstruct digital events and timelines, determine the extent of the
compromise.
• Cyber forensic professionals, often referred to as cyber forensic analysts or
investigators, employ a range of techniques and tools to extract and analyze digital
evidence.
• These may include forensic imaging, data carving, network traffic analysis, memory
analysis, log analysis, and malware analysis. They follow strict procedures and
guidelines to maintain the integrity and confidentiality of the evidence, ensuring it can
withstand legal scrutiny.
• The findings and conclusions derived from cyber forensic investigations can support
various stakeholders, including law enforcement agencies, organizations, legal
entities, and incident response teams.
• Cyber forensics plays a critical role in identifying and prosecuting cybercriminals,
enhancing cyber security measures, facilitating incident response, supporting
litigation, and contributing to the overall security and trust in digital environments.
 TYPES OF CYBER FORENSICS
• Cyber forensics, also known as digital forensics, encompasses various sub-disciplines that focus on investigating and
analysing digital evidence related to cybercrimes.
• Here are some common types of cyber forensics:
1.NETWORK FORENSICS:
• Network forensics involves the examination and analysis of network traffic, logs, and devices to identify and investigate
security incidents, unauthorized access, network breaches, and other network-related cybercrimes. It helps in
reconstructing network activities, determining attack vectors, and identifying compromised systems.
2.COMPUTER FORENSICS:
• Computer forensics deals with the investigation and analysis of digital evidence from computers and storage media. It
involves recovering and examining data from hard drives, memory, operating systems, applications, and other computer-
related artifacts. Computer forensics helps in identifying unauthorized access, data breaches, intellectual property theft,
and other computer-based crimes.
3.MOBILE DEVICE FORENSICS:
• Mobile device forensics focuses on the investigation and analysis of digital evidence from smart phones, tablets, and
other mobile devices. It includes data extraction, recovery, and analysis of various mobile device artifacts, such as call
logs, text messages, emails, social media data, GPS information, and installed applications. Mobile device forensics helps
in uncovering evidence related to mobile device misuse, data leakage, communication breaches, and other mobile-centric
crimes.
4.MEMORY FORENSICS:
• Memory forensics involves the analysis of volatile memory (RAM) to extract valuable information related to running
processes, network connections, encryption keys, malware presence, and other active system activities. It helps in
identifying malicious processes, root kits, advanced persistent threats (APTs), and other memory-based cyber threats
that may not be visible through traditional disk forensics.

5.MULTIMEDIA FORENSICS:
• Multimedia forensics focuses on the analysis of digital images, videos, and audio files to determine their authenticity,
integrity, source, and any potential manipulations. It involves techniques such as image and video enhancement,
metadata analysis, steganography detection, and audio analysis to identify tampering, forgery, or manipulation of
multimedia files.

6.INCIDENT RESPONSE FORENSICS:

• Incident response forensics involves the collection, analysis, and preservation of digital evidence during and after a
cyber security incident. It aims to identify the root cause, extent of damage, and the actions taken by threat actors.
Incident response forensics helps in containing and remediating the incident, as well as providing evidence for legal
proceedings, if required. These are some of the key types of cyber forensics that are employed to investigate and
analyze digital evidence in the context of cybercrimes. Each type has its specific techniques, tools, and methodologies
tailored to address different aspects of digital investigations.
 SIGNIFICANCE OF CYBER FORENSICS
1.Investigate Cybercrimes:
Cyber forensics plays a crucial role in investigating and solving cybercrimes such as hacking, data breaches, online fraud,
intellectual property theft, and cyber harassment. It helps identify perpetrators, gather evidence, and provide crucial
information for legal proceedings.

2.Preserve Digital Evidence:

Cyber forensics ensures the proper preservation of digital evidence in a forensically sound manner. By following rigorous
procedures and techniques, it maintains the integrity and admissibility of evidence, making it usable in legal proceedings.

3.Uncover Digital Trails:

Cyber forensics helps uncover digital trails left behind by cybercriminals. It can trace their activities, including unauthorized
access, data manipulation, network intrusions, and malware infections. This helps in understanding the methods and motives
of cybercriminals.

4.Support Incident Response:

During cyber incidents, cyber forensics helps identify the extent of the breach, the entry point, and the compromised data. It
aids in incident response by providing valuable insights to contain the incident, recover systems, and prevent future attacks.
5.Enhance Cybersecurity Measures:

By analyzing digital evidence and identifying vulnerabilities, cyber forensics helps organizations improve their cyber
security measures. It provides insights into weaknesses in systems, networks, or policies, allowing organizations to
implement necessary security enhancements.

6.Ensure Compliance and Legal Admissibility:

Cyber forensics ensures compliance with legal and regulatory requirements related to digital evidence. It helps ensure that
evidence collection and analysis adhere to legal standards, increasing the likelihood of admissibility in court.

7.Support Risk Mitigation:

By investigating cyber incidents and identifying their root causes, cyber forensics helps organizations mitigate risks and
prevent future attacks. It enables organizations to learn from incidents, improve their security posture, and implement
preventive measures to safeguard against similar threats.