Authors
Preeti Kiran, Ranjeet K. Singh
Abstract
As the world is entering into the digital era and the entire information about a person could be found online, so the reporting of computer crimes are increasing daily. To solve computer crimes, it is necessary to study digital forensics, which includes the methodology of retrieving and examination of content stored on digital devices, including desktops, laptops, smartphones, etc. Due to the vulnerabilities that have caused an increase in computer crime, there are numerous tools present for the analysis of these vulnerabilities. Examiners need a solution that puts all of the knowledge together and automates some of the repetitive acquisition and processing processes, freeing up time for deeper study. In this paper, various forensic tools are described which could be used for identification, collection, examination, and analysis, and reporting of digital evidence. Analysis of digital evidence includes disk imaging, memory capture, web browser history analysis, and various logs, etc., found in the system or network. Keywords: Digital Forensics, Computer Forensics, Cybercrime, Computer Crime, Computer Tools.
Introduction
Digital forensic was known little regarding the methodology of retrieving and examination of content stored on digital devices, including desktops, laptops, and smartphones, etc. In recent years, however, as cybercrime is on an increasingly wide scale and digital technologies are being rapidly embraced, the digital forensic field has gained tremendous prominence, contributing to what was historically limited to the recovery and analysis of biological and chemical evidence during criminal investigations (Pande, Jitendra, and Prasad, 2016).
Computer forensic (branch of digital forensics) collects, preserves, analyses, and presents evidence related to computers. Digital evidence is often useful in criminal cases, civil disputes, and human resources or industrial proceedings (Vacca and John, 2005).
Computer crimes are criminal abuses of computer technology expertise for their actions, investigation, or prosecution. Computer-related crimes are white-collar crimes i.e., any criminal act based on computer technology may be a crime against the technology.
Computer crime cannot only include computers actively but passively as the evidence of action is stored in the data form. Computer crime victims and possible victims include anyone who uses or is influenced by computing systems and data processing systems, including those who store and process data on their computers (Parker, 1989).
It is difficult to assess the first or early stage of the “Computer Forensic” analysis. Yet most experts believe that more than 30 years ago, computer forensics started to evolve. The sector started primarily in the United States where police and military authorities started to see criminals getting technical. In response to possible safety breaches, government agencies responsible for securing valuable, privy, and inevitably confidential information performed forensic investigations not to investigate a particular breach, but also learn how to prevent any future violations. Ultimately, the fields of cyber management, focusing on cyber and assets safety and computer forensics focusing on responding to high-tech violations, started to intertwine.
The field is evolving over the following decades and until today. It has been introduced by both the government and private organizations and businesses- using internal information management and forensic computer practitioners and contracting these practitioners or companies as necessary. Significantly, the private legal sector has recently undergone an increase in the area of discovery and the need for computer forensic exams and civil legal disputes (Pande, Jitendra, and Prasad, 2016).
Objectives and Benefits of Computer Forensics
Cyber threats have been a big part of the general public’s everyday lives. According to the data, 85% violation of safety has been identified among businesses and government agencies. Digital evidence analysis offered a medium on which forensic investigators could focus after an accident occurred. A computer forensic investigator’s ultimate purpose is to determine the essence and circumstances of a crime and to classify the suspect in a formal investigation procedure (Wiles, Jack, and Reyes, 2007).
Computer Forensics aims to provide guidelines for:
- During the initial response process and after the incident access to the victim’s computer.
- Plan protocols for a suspected crime scene so as not to distort digital evidence.
- Recovery and duplication of data.
- Recovery of deleted files and partitions removed from digital media to extract and validate the evidence.
- Guidelines are provided to analyze digital media for data security, analysis of logs and findings, network traffic, and log investigations for correlating incidents, wireless and web-based investigations, email monitoring, and email investigations.
- Computer forensic report that gives thorough information on the method of computer forensic investigation.
- Preservation of facts through the chain of custody.
- The use of stringent protocols to allow forensic findings to be investigated in a court of law.
- Digital forensic leads to an expert witness being presented to the court (Pande, Jitendra, and Prasad, 2016).
References
“Evidence Search and Analysis Software for Digital Forensic Investigations and Incident Response.” Belkasoft, Accessed Date 12th October 2020, Accessed from https://belkasoft.com/
“FTK® Imager 4.2.0.” FTK Imager 4.2.0, Accessed Date 10th October 2020, Accessed from https://accessdata.com/products-services/forensic-toolkit-ftk/ftkimager
“Introduction to Magnet AXIOM.” Magnet Forensics, Accessed Date 10th October 2020, Accessed from www.magnetforensics.com/resources/introduction-magnet-axiom/
“OSForensics - Digital Investigation for a New Era by PassMark Software.” PassMark OSForensics - Digital Investigation, Accessed Date 09th October 2020, Accessed from www.osforensics.com/
“Products.” ProDiscover, Accessed Date 09th October 2020, Accessed from www.prodiscover.com/products-services
Altheide, Cory, and Harlan A. Carvey. Digital Forensics with Open Source Tools. Syngress, 2011.
Autopsy, Accessed Date 12th October 2020, Accessed from www.sleuthkit.org/autopsy/.
Balogh, Stefan, and Matej Pondelik. “Capturing Encryption Keys for Digital Analysis.” Proceedings of the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems, 15 Sept. 2011, pp. 759–763., doi:10.1109/idaacs.2011.6072872.
Coronel, Bryan, et al. “A Systematic Literature Review in Cyber Forensics: Current Trends from the Client Perspective.” 2018 IEEE Third Ecuador Technical Chapters Meeting (ETCM), Oct. 2018, pp. 1–6., doi:10.1109/etcm.2018.8580266.
Garfinkel, Simson L. “Digital Forensics Research: The next 10 Years.” The International Journal of Digital Forensics & Incident Response, vol. 7, Aug. 2010, pp. 64–73., doi:10.1016/j.diin.2010.05.009.
Guo, Hong, et al. “Research and Review on Computer Forensics.” Forensics in Telecommunications, Information, and Multimedia, 2010, pp. 224–233., doi: 10.1007/978-3-642-23602-0_21.
Hatole, Pranali P., and Shobha K. Bawiskar. “Literature Review of Email Forensics.” Imperial Journal of Interdisciplinary Research, vol. 3, no. 4, Apr. 2017.
Kaur, Mandeep, et al. “A Literature Review on Cyber Forensic and Its Analysis Tools.” Ijarcce, vol. 5, no. 1, 2016, pp. 23–28., doi:10.17148/ijarcce.2016.5106.
Kumar, Mohit. “A Detailed Study to Examine Digital Forensics and Cyber Security: Trends and Patterns in India.” International Journal of Forensic Science, vol. 5, no. 2, 1st May 2020.
Law, Frank Y.w., et al. “Protecting Digital Data Privacy in Computer Forensic Examination.” 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, 2011, pp. 1–6., doi:10.1109/sadfe.2011.15.
Lim, Kyung Soo, et al. “Applying a Stepwise Forensic Approach to Incident Response and Computer Usage Analysis.” IEEE, 10th Dec. 2009, doi: 10.1109/CSA.2009.5404204.
Marrington, Andrew, et al. “A Model for Computer Profiling.” 2010 International Conference on Availability, Reliability and Security, 2010, pp. 635–640., doi:10.1109/ares.2010.95.
Nassif, Luis Filipe Da Cruz, and Eduardo Raul Hruschka. “Document Clustering for Forensic Computing: An Approach for Improving Computer Inspection.” 2011 10th International Conference on Machine Learning and Applications and Workshops, 2011, pp. 265–268., doi:10.1109/icmla.2011.59.
Pande, Dr. Jeetendra, and Dr. Ajay Prasad. Digital Forensics. Uttrakhand Open University, 2016.
Parker, Donn B. Criminal Resource Justice Manual. National Institute of Justice, 1989, Accessed Date 09th October 2020, Accessed from https://www.ncjrs.gov/pdffiles1/digitization/118214ncjrs.pdf
Raghavan, Sriram, and S V Raghavan. “A Study of Forensic & Analysis Tools.” IEEE, 21st Nov. 2013, doi:10.1109/SADFE.2013.6911540.
Shaaban, Ayman, and Konstantin Sapronov. Practical Windows Forensics: Leverage the Power of Digital Forensics for Windows Systems. Packt Publishing, 2016.
Simou, Stavros, et al. “Cloud Forensics Solutions: A Review.” Lecture Notes in Business Information Processing, June 2014, pp. 299–309, doi: 10.1007/978-3-319-07869-4_28.
Suteva, Natasa, et al. “Computer Forensic Analysis of Some Web Attacks.” World Congress on Internet Security (WorldCIS-2014), 2014, pp. 42–47., doi:10.1109/worldcis.2014.7028164.
Vacca, John R., Computer Forensics: Computer Crime Scene Investigation, Second ed., Charles River Media Inc, 2005.
Wiles, Jack, and Anthony Reyes., Cyber Crime and Digital Forensics, Elsevier Inc., 2007.
How to cite this article?
| APA Style | Kiran, P. (2020). Role of Computer Analysis Tools in Forensic Science. Academic Journal of Forensic Sciences, 3(2), 17-25. |
| Chicago Style | |
| MLA Style | |
| DOI | |
| URL |