Forensics and Cyber Threat Research Area

Threat Intelligence | Insider Threat Detection | User Behavior Analytics | Cyber Threat Management | Data Security Intelligence | Cloud Security Intelligence Application Security Intelligence | Anomaly & Pattern Detection |  Security Information Event Management | Digital Forensics | Data Recovery | Malware Investigation | Packet Analytics | Packet Forensics | security operations and analytics platform architecture (SOAPA)

Home » Blog » Forensics Analysis in India

 Posted in Digital Forensics

Forensics Analysis in India

   19th December 2014  Leave a Comment on Forensics Analysis in India 0 1140

Forensics Analysis in India

Forensics Analysis in India
Forensics Analysis in India

Computer Forensics: – Computer forensics is the scientific examination and analysis of data held on, or retrieved from, degital storage media in such a way that the information can be used as evidence in a court of law to conclude suspect to culprit.

 The Computer Forensic Objective in India

  • The objective in computer forensics is quite straightforward.
  • It is to recover, analyze and present computer based material in such a way that it is useable as evidence in a court of law.
  • The key phrase here is: ‘useable as evidence in a court of law.’ It is essential that none of the equipment or procedures used during the examination of the computer obviate this single requirement.

 The Computer Forensic Priority in India

  • The science of computer or digital forensics is concerned primarily with forensic procedures, evidence rules of and legal processes.
  • It is only secondarily concerned with digital media.
  • In digital forensics investigation the absolute priority is accuracy.

 The Need for Computer Forensics in India

The need for digital forensic services and equipment has derived from the widespread use of personal degital media in both business and the home and the subsequent needs of crime investigators to have access to digital information.

When handling digital evidence for legal purposes, investigators faced with four main types of issues.

  1. How to recover data from digital media whilst preserving evidential integrity.
  2. How to securely process, store and handle recovered data.
  3. How to find the relevant or significant digital information from large volume of data.
  4. How to produce & present the evidence information in a court of law, and to defense during litigation process.

 Cyber forensics in India

  • Cyber forensics in India can be stated as the process of extracting digital information and data from storage media and assuring its accuracy and reliability.
  • The challenge of electronic evidence is actually finding this data, collecting it, preserving it, and presenting it in a manner acceptable in a court of law.

Electronic evidence in India

  • Electronic evidence is fragile and can easily be modified.
  • Additionally, cyber thieves, criminals, dishonest and even internal honest company employees hide, wipe, disguise, cloak, encrypt and destroy evidence from storage media using a majority of freeware, shareware and commercially available software programs.

Digital Forensic analysis

  • It is the process of understanding, re-constructing and analyzing events that have previously occurred.
    • Logging is the recording of data that will be useful in the future for understanding past events.
    • Auditing involves collecting, forensics examining and analyzing the logged data to understand the events that occurred during the incident in question.
  • The data collected may also involve decompiling binaries or recovering other remaining evidence such as saved memory images.

Successful forensic analysis in India

  • Successful forensic analysis requires the ability to re-construct any event regardless of the intent of the user, the nature & occourance of the previous events, and whether the cause of the events was an illegitimate intruder or an authorized insider.
  • This covers a very high number of possible events and exploits, such as changes to the user environment, covert channels, buffer overflows, and race conditions.
Expert Witness in India
Expert Witness in India

 Expert Witness in India

  • The job of an expert witness is to assist the court in coming to a conclusion. It is not the function of an expert witness to be biased one way or another.
  • He should be an expert in respective field and ready to give his opinion dispassionately.
  • The expert witness should be able to act either for the complainant or the accused being there merely to put forward the facts to allow the Court to come to its own conclusion based on those facts.
  • An expert witness is a witness, who by virtue of education, profession, publication or experience, is believed to have special expertise of respective field beyond that of the average person, sufficient that others may officially (and legally) rely upon his opinion.

What is Digital Forensics?

  • Digital forensics is “the application of digital information investigation and analysis in the interests of determining potential legal evidence”.
  • “finding stuff on degital media and mobile phones to prove allegations”

Digital Forensic Process in India

Digital Forensics Process in India
Digital Forensics Process in India

Preparation (of the investigator, not the data)

  • The investigator must be properly trained & equiped to perform the specific kind of digital investigation that he is going to face.
  • Technology that are used to generate reports for court should be validated. There are many software to be used in the process.
  • One should identify the proper technology to be used based on the case invetigation.

Collection (the data)

  • most of the digital information is easily changed, and once changed it is usually impossible to detect that a change has taken place or to revert the data back to its original state
  • Some of the most valuable digital information obtained in the course of a forensic invetigation will come from the computer user.

Forensics Examination

  • All digital evidence must be examined to determine the type of digital information that is stored upon it.

Forensics Data Analysis

  • Typical forensic data analysis includes a manual review of material on the digital media, reviewing the Windows registry for suspect information, discovering and cracking passwords, keyword searches for topics related to the crime, and extracting e-mail and pictures for review.

Reporting

  • Once the analysis is complete, a report is generated.
  • This report may be a written report, oral testimony, or some combination of the two.
  • Expert Witness

Types of Information

  • Persistent data
    • It is the data that is stored on a local digital storage media (or another medium) and is preserved when the computer is turned off.
  • Volatile data
    • is any data that is stored in memory, or exists in transit, that will be lost when the computer loses power or is turned off.
    • Resides in registries, cache, and random access memory (RAM).
    • Since volatile data is ephemeral, it is essential an investigator knows reliable ways to capture it.

Types of Persistent data

  • Active Data
    • It is the digital information that you and I can see. Data files, programs, and files used by the operating system. This is the easiest type of data to obtain.
  • Archival Data
    • It is data that has been backed up and stored. This could consist of backup tapes, CD’s, floppies, or entire hard drives to cite a few examples.
  • Latent Data
    • It is the information that one typically needs specialized technologies to get at. An example would be information that has been deleted or partially overwritten.

Types of Digital Evidence in India

  • Address Books
  • Audio/Video files
  • Backup files
  • File System Analysis
  • Calendars
  • Compressed Files
  • Configuration files
  • Cookies
  • Internet Cache
  • Database files
  • Documents
  • Email files
  • Encrypted files
  • Password protected File
  • Fragmented Files

 

  • Hidden files
  • History files
  • Image/graphics files
  • Internet bookmarks/favourites
  • Log files
  • Metadata
  • Misnamed files
  • Password-Protected files
  • Printer spool files
  • Steganography
  • Swap files
  • sys
  • System files
  • Next3 Forensics
  • NTFS Forensics
  • EXT4 Forensics
  • Alternate Data Stream

 

  • Temporary files
  • Running processes.
  • Executed console commands.
  • Passwords in clear text.
  • Unencrypted data.
  • Instant messages (IMs).
  • Internet Protocol (IP) addresses.
  • Trojan Horse(s).
  • Rootkit Analysis
  • System event
  • Security Events
  • Application Events
  • Who is logged into the system?
  • Open ports and listening applications.
  • Registry information.
  • System information.
  • Attached devices

Author: Rohit Sadgune
Core Working Areas :- Threat Intelligence, Digital Forensics, Incident Response, Fraud Investigation, Web Application Security Technical Certifications :- Computer Hacking Forensics Investigator | Certified Ethical Hacker | Certified Cyber crime investigator | Certified Professional Hacker | Certified Professional Forensics Analyst | Redhat certified Engineer | Cisco Certified Network Associates | Certified Firewall Solutions | Certified Network Monitoring Solution | Certified Proxy Solutions
Website

Leave a Reply

Your email address will not be published. Required fields are marked *

Enter Captcha Here : *

Reload Image

Indicator of Attacks | Indicator of Compromise

Top SIEM Use Cases | Threat Hunting Hypothesis | Deep Packet Inspection | Insider Threat Hunting | Hunting Data Exfiltration | Banking Fraud | ATM Use Cases | Cross Channel Data Exfiltration | Hunting Endpoint Anomaly | Denial-of-service | Man-in-the-middle (MitM) attack | Spear phishing attacks | Drive-by attack | Eavesdropping attack | Birthday attack