Who here hasn’t watched the American TV show, Mr. Robot? For the uninitiated, Mr. Robot is a digital crime thriller that features the protagonist Elliot. Elliot is a brilliant cyber security engineer and hacktivist who identifies potential suspects and evidences of any crime hard to solve. He does this by hacking into people’s digital devices such as smartphones, computers, machines, printers and so on.
The science of identifying, preserving, and analyzing the evidences through digital media or storage media devices, in order to trace a crime is Digital Forensics. A real world example of digital forensics helping solve crime is the case of a floppy disk that helped investigators to solve the BTK serial killer case in 2005. The killer had eluded police capture since 1974 and had claimed the lives of at least 10 victims before he was caught.
Types of Digital forensics
The Digital world is vast. There are countless ways one can perform illegal or corrupt activities and go undetected. Digital Forensics lends a helping hand in detecting such activities. However, due to the presence of multiple digital media, the forensics carried out for each is also different. Following are some types of forensics which can be conducted over different digital pathways.
Computer Forensics refers to the branch of forensics that obtains evidences from computer systems such as computer hard drives, mobile phones, a personal digital assistant (PDA), Compact Disks CD, and so on. The digital police can also trace suspect’s e-mail or text communication logs, their internet browsing history, system or file transfer, hidden or deleted files, docs and spreadsheets, and so on.
Mobile device Forensics recovers or gathers evidence from the call logs, text messages, and other data stored in the mobile devices. Tracing one’s location info via the inbuilt GPU systems or cell site logs or through in-app communication from apps such as WhatsApp, Skype, and so on on is also possible.
Network forensics monitors and analyzes computer network traffic, LAN/WAN and internet traffic. The aim of network forensics is to gather information, collect evidence, detect and determine the extent of intrusions and the amount of data that is compromised.
Database forensics is the forensic study of databases and their metadata.The information from database contents, log files and in-RAM data can be used for creating timelines or recover pertinent information during a forensic investigation.
Challenges faced in Digital Forensics
Data storage and extraction
Storing data has always been tricky and expensive. An explosion in the volume of data generation has only aggravated the situation. Now data comes from different pathways such as social media, web, IoT, and many more. The real-time analysis of data from IoT devices and other networks also contribute to the data heap. Due to this, investigators find it difficult to store and process data to extract clues or detect incidents, or to track the necessary traffic.
Data gathering over scattered mediums
Investigators have to face a lot of difficulty as evidence might be scattered over social networks, cloud resources, and Personal physical storage. Therefore, increased tools, expertise and time is a requirement to fully and accurately reconstruct the evidence. Automating these tasks partially may lead to deterioration of the quality of investigation.
Investigations to preserve privacy
At times, investigators collect information to reconstruct and locate an attack. This can violate user privacy. Also, when information has to be collected from the cloud, there are some other hurdles, such as accessing the evidence in logs, presence of volatile data, and so on.
Carrying out Legitimate investigations only
Modern infrastructures are complex and virtualized, often shifting their complexity at the border (such as in fog computing) or delegating some duties to third parties (such as in platform-as-a-service frameworks). An important challenge for modern digital forensics lies in executing investigations legally, for instance, without violating laws in borderless scenarios.
Anti-forensics techniques on the rise
Defensive measures for digital forensics comprise of encryption, obfuscation, and cloaking techniques, including information hiding.Therefore new forensics tools should be engineered in order to support heterogeneous investigations, preserve privacy, and offer scalability.
The presence of digital media and electronics is a leading cause for the rise of digital forensics. Also, at this pace, digital media is on the rise, digital forensics is here to stay. Many of the investigators which include CYFOR, and Pyramid CyberSecurity strive to offer solutions to complex cases in the digital world. One can also try to seek employment or specialize in this field by improving the skills needed for a career in digital forensics.