With the widespread use of internet, there are many criminal activities that are taking place on the internet such as stealing of data over the internet, identity thefts, frauds, spreading viruses, hacking into databases of banks and other organisations etc. To deal with such crimes a separate branch of criminology has come up in the past few years known as computer forensics (also known as Digital Forensics). Computer forensics deals not only with the cyber crimes but also, with the other investigations in which the computers can be used successfully.
Thus, computer forensics makes use of the various techniques of computer investigation and analysis to gather evidence that may aid the law. The basic job of such investigators can be divided into four basic categories such as gathering the digital evidence, preserving it, analysing it and then presenting it wherever it is required.
Cyber Crimes that Require Computer Forensics
There are a number of cyber crimes or for that matter even other crimes that may be tackled by making use of computer forensics. For example, if some person is on the run and during that time he is accessing the internet to contact some acquaintances or has been using the internet to plan his travel etc. then, he can be traced by the computer forensics.
Also, possession and transfer of pornographic or censored material is usually traced by making use of computers and the data found on the computer of the suspect can be used as evidence.
Another field where computer forensics is widely used is to prevent unauthorised access to certain websites or to keep a tab over the activities of individuals using a particular local network (especially in offices) etc.
Now, let us have a look at how the various crimes are tackled by making use of computer forensics.
What Computer Forensics involves
While gathering the evidences, it is vital to maintain secrecy and ensure that the suspect is not aware that he is being investigated upon. To do this, many times the investigators have to assume that the suspect is an expert with computers and has sufficient knowledge to have installed software on his computer to detect unauthorised access and act accordingly. It is necessary to ensure that no modifications are made on the computer that is being investigated.
Evidence can be collected from the suspect’s workplace, from the server that he accesses or from the network that he uses to connect to the same. Apart from the digital evidence, the physical evidence surrounding a particular computer is also gathered initially. This may include various printouts or data storage media etc.
A greater amount of information can be gathered from a machine if it is in the active state, when found. The RAM may even contain details regarding the various information that the suspect has accessed recently. Such information may not always be present on the hard drive. Thus, care is taken to keep the RAM powered. Various software available in the market helps to detect and analyse information such as the open ports present on the computer, registry, obtain images of mapped drives, scan Microsoft Outlook and other such applications to obtain the email ids and passwords of the concerned individual etc.
The information present in the email headers proves to be quite useful as well. But, obtaining the same is a complex procedure and many approaches are used for the process.
Apart from the computers, various other digital media such as mobile phones, PDAs can also be scanned for information.
How is Phone use by a Criminal Tracked?
The service providers of most of the phone networks maintain detailed information regarding the calls made to and from a particular number. This can be used for tracking the people whom the suspect is in contact with.
Then, in case of GSM phone users, the GPS satellite can be used to give the approximate location (within a range of 10 metres or so) of a particular phone. This, system is not commonly used in many countries due to legal restrictions.
Thus, investigation of the phone use of a particular person would prove to be useful in establishing certain alibi, getting to know his whereabouts and other activities.
The Final Word
It can be seen that computer forensics is a field that has improved the levels of investigations to a great extent. It shows a lot of scope for development as well and in the years to come, it is likely to replace many of the traditional methods of investigation producing more accurate results.