Digital Forensics

The comparison is still between Sherlock Holmes (who can solve the entire case without even getting up from his sofa) and a certain numerical secret agent (does he have anything to do with thinking at all?). Computer forensics is an alien term to both of them, there is a lack of it in any fiction, and to top it all, the police also seem rather unsure about what it is. But there is no denying its importance if any crime is to be solved today, and there is almost no case registered in a city where the law does not have to depend at all on digital forensics and its relevance.

What it is

A criminal always leaves behind traces at the spot of the crime – even if he is the most careful culprit in the world – and the greatest computer freak. Digital forensics comprises of the gathering, preserving and presentation of digitally preserved evidence in a manner permissible by law. It also involves recovering data that might prove to be incriminating evidence against the guilty and finding proof that someone wrongly accused is not the true perpetrator of the crime.

Why it is Needed

The British Crime Survey had revealed in 2002 - 03 that a lot of home pc users in the UK were aware of the existence of viruses, and admitted that their machines had been attacked. In 2006, the Department of Trade and Industry (DTI) conducted a Security Breaches survey revealing that 62% of UK businesses have experienced data security breaches. However, DTI pointed out that these figures may not be accurate, as many companies are not even aware that their computers are being hacked or their database stolen. The snag is that, when it comes to digital forensics, matters are even more muddy, since the area is still ‘relatively new’. While the law is trying to shake itself out of its slumber, criminals are getting away, and innocent people are being framed. At least the police are now trained to handle digital evidence. But there are jurors and judges who mess up cases just out of sheer ignorance on digital forensics.

What does it Entail?

A digital forensics expert’s work entails four main duties while handling a case.

• Identification of digital evidence: Digital forensics first identifies the hard disk or website or gadget from where the criminal has operated. It may also, on the other hand, identify the gadget or data base or system that has been attacked. Fingerprinting, dusting, and tracking are some of the usual methods used.



• Organising digital evidence: It will not do if the evidence is merely accumulated. It has to be presented to the court in a manner that is acceptable legally, and keeps the evidence in its original state. Any signs of tampering, even on part of the police or detectives, will disqualify the evidence from court submission.



• Analysing digital evidence: The investigator needs to derive from the evidence the ‘path’ that the criminal took and reconstruct it.



• Documenting the evidence: The investigator draws a conclusion and documents it in a legally presentable manner.

What Kinds of Crimes are Tackled?

Let us look at two case studies to understand the wide range of crimes that are tackled by digital forensics. Basically there is no crime that is not tackled by it.

The 2003 case of Aaron Caffrey is still quoted and debated over as an example of confusions in computer-related cases. Caffrey was in his late teens when he was accused of attacking the port of Houston, USA. He insisted that this was the result of a Trojan virus that lodged itself in his system. No Trojan was found in his hard disk. Thereupon, he claimed that the virus has deleted itself. This is technically impossible, but the jury declared him innocent after a three-hour proceeding. Caffrey walked out free, but the digital forensics proof against him makes Caffrey a suspected man till date.

Then there is the case of a perfectly respectable scientist in the US who had big ambitions. He had already joined a rival company and was copying out his present company’s IP research base. Unfortunately, his new employers smelled something fishy and with the help of digital evidence established that he was a thief. His activities were closely shadowed but he did not suspect it. He was caught red-handed destroying stolen data in the peace of his home. The scientist has paid a heavy fine and is in jail at present.