Learning Center
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>



  • pg 1

[1st   International      Conference    on
Management       of      Technology    and
Information Security ( ICMIS-2010 )]
An Examination into Computer Forensic Tools

         Lokendra Kumar Tiwari
   Department of Electronics & Comm. AllD. Univ.

             Arun Kumar Singh
   Department of CSED, MNNIT Allahabad
•   Computer Forensics
•   Forensic Expert.
•   Goals of Comp. Forensics
•   Forensics Procedure
•   Key Principal of Forensics
•   Problems.
•   Forensic Tools.
•   Demonstration of Tools

Forensics is not by itself a science
(‘‘forensic: of, used in, courts of law’’—
Concise Oxford Dictionary).
              Forensics ???
Forensic means to apply a discipline, any
 discipline, to the law. It is the job of forensics
 to inform the court.

So, you can be a computer scientist, and if
 you apply computer science to inform the
 court, you are a forensic computer scientist.

• A key skill in forensic computer science is the
  challenge that lies in ‘‘informing the court’’

• This requires specialized expertise and training
  in a range of computing and non-computing
  skills—legal knowledge, evidence management,
  data storage and retrieval, and not least,
  courtroom presentation.
                Forensic Expert:
The forensic expert is a person who has the knowledge
     Provisions of Indian Evidence Act,

     Code of Criminal Procedure,

     Indian Penal Code,

     Constitution of India and Constitution of other countries,

      and also other related statutes.

    forensic expert has to assist the court hence he must have
    knowledge of any technology (say computer science)
The primary goals of the computer forensic
analysis process are:

 To help participants determine what undesirable
  events occurred, any.

 To gather, process, store, and preserve evidence to
  support the prosecution of the culprit(s), if desired.

 To use that knowledge to prevent future occurrences.
   (Detection & prevention).
         Forensics Procedure


Collection & Preservation. (Chain of custody)


Computer forensic analysis within the forensic

 Alphonse Bertillon- [freezing the scene]: in 1879
  introduce a methodical way of documenting the scene by
  photographing, for example, bodies, items, footprints,
  bloodstains in situ with relative measurements of location,
  position, and size Bertillon is thus the first known forensic

 Bertillonage : system of identifying individuals over 200
  separate body measurements, was in use till 1910 and was
  only rendered obsolete by the discovery that fingerprints
  were unique.
        Key Principal of Forensics

• Edmond Locard articulated one of the forensic
  science’s key rules, known as Locard’s
  Exchange Principle.

• “The principle states that when two items or
  persons come into contact, there will be an
  exchange of physical traces. Something is
  brought, and something is taken away, so that
  suspects can be tied to a crime scene by
  detecting these traces”.
• National security

• Custom & Excise

• Law enforcement agents
• Businesses        (embezzlement,   industrial espionage,
  stealing confidential information, and racial or sexual
• Corporate crime [according to report the accountants and
  auditors for Enron not only used e-mail to communicate but also
  subsequently deleted these e-mails]
        Problems In Indian Context.
 No Standard      for   Computer    Forensic    is    yet

 No Guidelines for Companies            dealing      with
  electronic data, during disputes.

 No recognition to any of the forensics tool.

 Issues related to anti-forensics are not talked
  about. ………………
               Over All Scenario
 To date, computer forensics has been primarily driven by
vendors and applied technologies with very little consideration
being given to establishing a sound theoretical foundation

 The national and international judiciary has already begun
to question the ‘‘scientific’’ validity of many of the ad hoc
procedures and methodologies and is demanding proof of
some sort of theoretical foundation and scientific rigor.

 Commercial software tools are also a problem
because software developers need to protect their
code to prevent competitors from stealing their

 However, since most of the code is not made
public, it is very difficult for the developers to
verify error rates of the software, and so
reliability of performance is still questionable
The specialized tools used by a computer
forensic expert are viewed as intolerably expensive
by many corporations, and as a result many
corporations simply choose not to invest any
meaningful money into computer forensics. This
trend amplifies cyber crime rates

Open source software’s were also not been
tested or verified for the effectiveness to serve the
above purposes (Open for research)
                 Legal Aspects
The growing demand for security and certainty in
cyber space leads to more stringent laws.

The violation and maintaining of these laws (cyber
laws) must be distinguished from classical criminal
activities and criminal law enforcement.

The dynamics between these different forms of law
violation and law enforcement is important and
shall be addressed.
           Government Initiative
• Proposed amendment in IT ACT 2000.
 “70A. (1) The Indian Computer Emergency Response Team (CERT-In)
   shall serve as the national nodal agency in respect of Critical
   Information Infrastructure for coordinating all actions relating to
   information security practices, procedures, guidelines, incident
   prevention, response and report.

  (2) For the purposes of sub-section (1), the Director of the Indian
  Computer Emergency Response Team may call for information
  pertaining to cyber security from the service providers, intermediaries
  or any other person.

• National E-Governance Plan 2007.
 Computer Forensic is the need of an Hour….
Data Protection


          Computer Forensic Tools
Forensic Tool Kit:

 FTK is developed by
 Access              Data
 Corporation (USA); it
 enables law enforcement
 and corporate security
 professionals to perform
 complete and in-depth
 computer         forensic
                             Main Window of FTK

Encase Forensic developed by Guidance
Software USA is the industry standard in
computer forensic investigation technology.
With an intuitive Graphical User Interface
(GUI), superior analytics, enhanced
email/Internet support and a powerful
scripting    engine,   EnCase      provides
investigators with a single robust tool,
capable of conducting large-scale and very
complex investigations from beginning to

                                              Main Window of Encase
Cyber Check Suites:

 The IT Act 2000 is India's first attempt
to combat cyber crime. To assist in the
enforcement of the IT Act, the
Department of Information Technology,
Ministry of Communications and
Information Technology, has setup a
Technical Resource Centre for Cyber
Forensics         at            C-DAC,

Cyber Check is a forensic analysis tool
developed          by          C-DAC
                                            Probe Window of Cyber Check Suite
Comparison between Encase Version 6.0, FTK, and Cyber
Check Suite.

• Encase Forensic is very useful forensic solution
  but it lacks following important feature:

• In Encase forensic there is no password
  cracking/recovery    facility. So    if   during
  investigation process the examiner detected any
  password protected files then he had to rely on
  third party tools.
Recovery of Deleted E-mail

• Computer forensics by Michael Sheetz published by John
  Wiley and Sons

• Cyber crime Impact in the new millennium by R.C Mishra.

• Roadmap for digital forensic Research [Report From the
  First Digital Forensic Research Workshop]

• Forensic Corpora: A Challenge for Forensic Research
  Simson L. Garfinkel April 10, 2007

• Computer and Intrusion Forensics by Mohay,Anderson
  Collie,Devel Published by Artech House.

To top