Cyber Forensic

“Absence of evidence is not evidence of absence.”

Computers, mobile phones, PDA’s, and other digital devices play an integral part of our lives to such an extent that we have become dependent on these devices for almost everything. For example, for online payment, mobile phones, computers, and the internet are needed, for traveling, there is the usage of different traveling applications like OLA, UBER, etc. As the entire world depends on the internet and computer for carrying out day-to-day activities, so do the criminals. Perpetrators have upgraded themselves to commit the crime on the internet by using computers or other digital devices. Since perpetrators are using the latest technologies to commit the crime, Cyber professionals must be ready to deal with the cases. Cybercrime is considered the unlawful act where a computer is used either as a tool or as a target. Different types of cybercrimes are working on a day-to-day basis, which are-

  • Malware Attacks
  • Phishing Attack
  • Credit Card Fraud
  • Identity Theft
  • Web Jacking and Juice Jacking
  • Intellectual Property Theft
  • Software Piracy
  • Cyberstalking, Cyber Bullying

Cyber Forensics is a forensic science branch that involves identifying, collecting, preserving, analyzing, and presenting digital evidence in the court of law. Digital Evidences can be any physical device used to store the media such as computer systems, Mobile phones, flash drives, memory cards, routers, switches, modems, etc. There is a dire search for hidden folders, slack space, unallocated disk space for deleted, damaged, encrypted, and running suspicious processes, suspicious web activities, extraction and analysis of the mobile data as suspicious network activities.


In the 1980s, when IBM PCs were out for public use Since the use of computer system increased, so is the crime, so to tackle this, the FBI  created  Magnetic Media in 1984, which later on came to be known as Computer Analysis and Response Team (CART). The teams which came forward to tackle cybercrime by acting, i.e., Seized Computer Evidence Recovery Specialists (SCERS), Electronics Crimes Special Agent Program (ECSAP), and Defense Computer Forensic Laboratory (DCFL).

The major frontier in Cyber Forensics- Access Data was formed in 1987. Later on, a body that is a collection of law enforcement personnel, forensic laboratory scientists and commercial company employees who worked together to develop digital evidence guidelines are formed known as the Scientific Working Group on Digital Evidence.

Crimes committed by using computer systems and networks such as child pornography, infringement, etc., were recognized as crimes in 2004 by Budapest Convention on Cybercrime. Since then, Cyber forensics tools came to be widely used for investigation, such as EnCase, FTK by Access Data, and many open-source tools such as Sleuth Kit Autopsy.

Branches of Digital Forensics

There are different branches of Digital Forensics that deals with an investigation of data in other digital devices, and these are-

  1. Disk Forensics
  2. Memory Forensics
  3. Mobile Forensics
  4. Network Forensics
  5. Cloud Forensics
  6. Malware Forensics


Forensics Investigation Process

The various phases involved in the investigation are- Incident Identification, Seizure, Imaging, Hashing, Analysis, Reporting, and Preservation.



Forensic Protocols for Evidence Acquisition

Digital Forensics Standard and Guidelines

The Digital Forensics domain follows specific international standards and regulations, which are-

  • National Institute of Standards and Technology (NIST).
  • National Institute of Justice (NIJ).
  • ISO SC 27 CSI
  • Scientific Working group on Digital Evidence
  • Association of Chief Police Officers


Case Study

Aadhar Data Breach

In 2018, Aadhaar records (12-digit identification number of every Indian citizen). Of 1.1 billion Indian citizens were compromised.

Sim Swapping Fraud

In India, a businessman was conned for USD 2,60,000 through sim swapping fraud. The criminal registers a new sim card with the victim’s existing number, and all the OTPs are received on the perpetrators’ mobile number and can conduct transactions.



Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed