Question 1): Role and Importance of Cyber Forensic Expert in Crime Investigation: Anser:
After India, through India IT Act-2000, has recognized and legalized e-commerce and digital transactions (like email, instant messaging chats, community posts, blogs, forum discussions and various other type of electronic echange of information!, cyber forensic has become much more relevant in India" #ith increasing use of IT in every sphere of day-to-day life, digital evidence has become important and critical source for investigations related relate d to any types of crime or violation of la$" This creates a definite demand for the IT eperts $ho can identify, collect, preserve and analyze any type of digital evidence that may be needed for a successful investigation and help legal process investigation" There is no specific education %ualification re%uired or available for this critical skill of cyber forensics" In fact, this re%uires fairly $ide range of kno$ledge and eperience in the field of Information Technology, both technically as $ell legal vie$ points" The epertise includes cyber crimes, hacking, spamming, viruses, user activity tracking, analyzing system & application logs, pass$ord breaking, encryption, understanding computer storage structure for various ' (#indo$s, (#indo$s, )ac, olaris, *+-, .inu etc"! and application components (.ike /ava cripts, isual 1asic cripts, shell scripts etc"!" isk imaging is one of important area $here eperts re%uire to be $orking etensively" igital imaging, essentially, means creating a copy of original disk3storage media $hich is sub4ect to investigation" ince original media is re%uired to be preserved (as is stage! and shall not be changed in any respect throughout the investigation process" 1eside this another important role of the epert is to recover data from a damaged storage and3or deleted files" This skill re%uire machine level understanding of computer system and normally done via variety of data recovery tools" In addi additi tion on to these these and and othe otherr techn technica icall skil skills ls an epe epert rt shall shall also also posse possess ss kno$ kno$le ledg dgee and and understanding of legal issues, arious .a$s, Acts, and other legal responsibilities etc" 5vidence collection and analysis also re%uire a forensic epert to spend long hours $orking continuously investigating critical cyber incidents and crimes" *ence, like many IT professionals, cyber forensic epert also has a need and necessity to $ork odd and etended $orking $orking hours" In fact the 4ob of a forensic epert is like that of a detective $ho has to keep all their senses engaged to capture the real information underneath" This detective skill re%uire them to do many monitoring as $ell including monitoring net$ork activities in real time to understand post incident behavior and actions of the suspect" Amendments to 5vidence Act, in vie$ of the IT Act, empo$ers a forensic epert for conducting re%uired actions for investigating machines, devices and other IT systems, including, at time, taking possession of such items under their control" In most of the cases, the eperts also need to be under obliga obligatio tion n of protect protecting ing any privat private, e, sensiti sensitive, ve, confid confident ential ial and propri proprietar etary y inform informatio ation n these these systems contains" These cyber crimes investigations investigations and digital digital evidences evidences may be related to various cases including including data theft, *acking, irus attacks, enial of ervice, +hishing, variety of online financial frauds, oft$are +iracy, 6yber 1ullying, 6yber efamation, Identity theft and all other criminal cases $here there is a possible involvement of digital resources" 5ven the cases of misuse of sensitive personal information, may re%uire a cyber forensic epert7s services to investigate the case and gather information information related to the case using various various digital digital resources (email servers, internet internet logs, instant messaging logs, system logs, application logs or even portable storage media like floppy,
1, 63 etc" ! 6yber forensic, as a career option, is very challenging and interesting field" 'ne can get a considerable amount of 4ob satisfaction $hile performing the role and delivering duties of a cyber forensic epert" This role has e%ual importance and position both in private and government3public sector" Though today government sector role are mostly limited to police and other la$ enforcement agencies, this is becoming increasingly important role for almost all IT and service organizations" In vie$ of all the skills a 6yber forensic epert brings along $ith him3her, the importance of this role can be $ell understood" This role is positioning itself as a critical and must have role in today7s $orld of cyber eminence" Today $e are so dependent on cyber $orld for most of our day-to-day needs that opens a definite space for lots of fraud and other criminal offences at the same time" 5ven after putting best defense against such crimes and frauds, $e are definitely going to see lots of incidents $hich need forensic investigations" #ith increasing number of online frauds related to money and finance, $e have to rely upon the skills for a forensic epert to help investigate such incidents and help organizations3governments to prevent future happening of such incidents" In private sector this role has enormous opportunity $ith both IT companies and non-IT companies" 8ot only $ith companies, even independent consultants and cyber forensic services are also very common" In private sector the role of a cyber forensic epert not only limited to post incidents investigations, but it also includes responsibilities to guard data theft, recommend and implement security systems, avoid cyber attacks, find security holes in the IT infrastructure, prevent unauthorized access to system and stop hacking, virus and phishing attacks" A cyber forensic epert en4oys a status of a state authority $ithin organizations" They are important constituent of an emergency incident response system of any organization" The incident response system is a frame$ork that helps organizations to plan and manage security incidents $hen they occur" It creates an organizational structure and chain of commands $hich gets activated in case of the occurrence of a security incident" This cell of cyber forensic eperts is also responsible for collaboration $ith state la$ and compliance agencies" #henever there is a demand or re%uest of forensic investigations comes from state agencies, this internal team of cyber forensic eperts are epected to provide necessary support and cooperation to them" The importance of this role is such that it has ac%uired a position of must have category of roles in IT industry today and demands of the role are increasing day by day" Today every ma4or organization has a team of cyber forensic eperts" ome organization a separate cell or department $hich dedicatedly focus on cyber forensic skill sets and provide the forensic service not only to their internal security and compliance needs but also offer this as a service to their clients and other eternal organizations" Importance of a cyber forensic epert can be understood in vie$ of a police or other la$ enforcement agencies" There are dedicated cyber crime departments in various cities across India $hich supports la$ enforcing agencies for the needs of cyber forensic services" 6yber forensic not only playing important role in legal cases, but this is also becoming increasingly important focus area for organizations for their internal investigations" #ell %ualified and eperience cyber forensic epert are being nurtured or hired by many organizations no$ a days" There are many formal3informal courses available focused on cyber forensic" arious national3international institutions3universities are focusing on designing and delivering courses around cyber forensics" These courses enable students for cyber forensic 4ourney and provide them a career path in this ever gro$ing area of cyber forensic" 6ountries across the globe are amending their criminal la$s to align $ith this gro$ing field of
cyber crime that necessitates cyber forensic as an important profession" Today there are very limited availability of cyber forensic eperts is there" arious institutes and universities across the globe are rapidly coming up $ith various levels of courses focused around the domain of cyber forensic epertise" 'rganizations are also building their cyber forensic skills and capabilities through internal trainings, real-time eposures and formal academic courses" 6ompanies are setting aside specific budget for education and training around cyber security and cyber forensic skills" They are also aggressively promoting their security professionals to develop skills of cyber security and cyber forensics" Available Certifications: There are various cyber forensic certifications also available today such as the I965 6ertified 6omputer 5aminer and IA6:1 6ertified 6omputer 9orensics 5aminer"
IA6I (the International Association of 6omputer Investigative pecialists! offers the 6ertified 6omputer 9orensic 5aminer (6965! program" Asian chool of 6yber .a$s offers international level certifications in igital 5vidence Analysis and in igital 9orensic Investigation" These 6ourses are available in online and class room mode" )any commercial based forensic soft$are companies are no$ also offering proprietary certifications on their products" 9or eample ;uidance oft$are offering (5n65! certification, Accessata offering (A65! and $ays oft$are Technology offering (-+5:T!"
In summary, cyber forensic eperts are in great demand today" Their demand is across the cross section of the industries and domains" +eople from various fields (like 6omputer cience, Information ecurity, *ard$are39irm$are, .a$, :egulatory etc"! are opting for enhancing their skills in the field of cyber security and cyber forensic" 6yber forensic is becoming etremely relevant field of practice across industrial, civil, military and research domains"
