By: KUKUTLA TEJONATH REDDY, International Center for AI and Cyber Security Research and Innovations (CCRI), Asia University, Taiwan, tejonath45@gmail.com
Abstract:
Computer forensics are a branch of forensic science which deals with the investigation and analysis of the digital devices and data for the legal purposes. The major role of computer forensics is to find the digital evidences that can be used in criminal investigation and in legal proceedings. These evidences are very important for identifying the source of a security Breach, track down the cybercriminals and it helps recover lost data. Forensics experts will use several tools and techniques to extract the data from the digital devices like smartphones, tablets, computers, and laptops. They will analyse the data in the digital devices to find any evidence that may relevant to the case. The results of computer forensics investigation can be used to help in law enforcement agencies to solve the crimes.
Introduction:
What is computer forensics
Computer forensics is a branch of forensic science that involves the recovery and investigation of material found in computer devices [3]. It encompasses the investigation into all devices capable of storing digital data, such as smartphones, surveillance cameras, digital recorders, sensors, network switches, and black boxes [3]. The goal of computer forensics is to collect and analyze digital evidence in order to uncover and understand the events that occurred on a computer system or network [3].
One of the challenges in computer forensics is the increasing complexity of cloud and edge computing environments [1]. These environments provide benefits such as data computation and storage, faster understanding and actions, and continuous operation [1]. However, they also present technical challenges for computer forensics due to their complexity and key features [1]. The use of cloud and edge computing can make it more difficult to collect and analyze digital evidence in a forensically sound manner [1].
Another challenge in computer forensics is the lack of suitable tools and technical expertise for analyzing electromagnetic (EM) side-channel radiation from Internet of Things (IoT) devices [2]. EM side-channel analysis has shown to be effective at acquiring forensic insights during digital investigations [2]. However, the real-world application of EM side-channel analysis is obstructed by the lack of tools and expertise among law enforcement communities [2].
Digital forensic logistics is another area that can optimize the information flows and build effective analytical human and computer processing in computer forensics [4]. Working with big data in digital forensics involves the accumulation, processing, and analysis of forensic information [4]. The use of digital forensic logistics can help optimize these processes and automate the organizational activities of investigators [4].
In the context of the Internet of Things (IoT), digital forensic readiness is an important component to ensure that computer systems or networks record activities and data in a manner that is sufficient for subsequent forensic purposes [5]. This includes ensuring that the records are acceptable in terms of their perceived authenticity as evidence in forensic investigations [5].
Overall, computer forensics is a multidisciplinary field that involves the recovery and investigation of digital evidence from various devices and environments. It faces challenges related to cloud and edge computing, EM side-channel analysis, digital forensic logistics, and ensuring digital forensic readiness in IoT environments. Addressing these challenges is crucial for conducting effective and reliable digital investigations.
Goals of Computer Forensics
In this digitally driven world, the computer forensics plays a major role to solve crimes and legal cases. Computer forensics is method how we need to find important information on digital devices [6]-[10] The important goals of computer forensics are: preservation, identification, extraction, documentation, and interpretation of the computer data. In this article we can see some of the key elements of computer forensics and the challenges facing in computer forensics.
Key Elements of Computer Forensics
- Evidence Preservation: The initial step in computer forensics is to ensure that the digital evidence is not altered. In this we need to create a forensic image, which is an exact replica of the digital device. We need work on the replica and preserving the original data. The chain of custody is carefully recorded to ensure that the evidence can be used in court.
- Data Recovery: Frequently investigators come across data that has been intentionally erased or concealed by individuals with malicious intet. For retrieving the erased or concealed data without any compromising it’s integrity computer forensic specialists employ will use specialized tools and techniques.
- Analysis: Professional forensic experts often examine the retrieved data, searching for patterns, timelines, and connections. They will search for the clues that can aid in the identification of culprits, their motives, or any other information
- Timeline Reconstruction: Creating a timeline of events is important in understanding the context of digital evidence. This timeline proves high valuable in reconstructing cybercrimes or incidents.
- Hashing and verification: Hash values will play major role in conforming the legitimacy and unaltered state of digital evidence. These values will be generated by applying a mathematical function to the data, resulting in a distinct hash value that gives as unique identity for the data. Hash values will play important role in digital investigations, especially in court because even tiny changes in data creates a completely different hash value. Investigators will identify if any data has been altered or tampered.
Some Forensic software
- Encase
- Autopsy
- FTK
- ProDiscovery
- CAINE
Challenges Facing in Computer Forensics
- One of the key challenges is the increasing complexity of cloud and edge computing environments. These environments offer benefits such as data computation and storage, faster understanding and actions, and continuous operation. However, they also present technical challenges for computer forensics due to their complexity and key features. The heterogeneity of ICT technologies and the volume of information in these environments further compound the challenges [12]-[14].
- Another challenge in computer forensics is the proliferation of Internet of Things (IoT) devices. Smartphones, in particular, have become prevalent in legal and corporate investigations. However, forensic analysis of smartphones is challenging due to their limited interfaces for retrieving information of forensic value. Electromagnetic side-channel analysis has been proposed as an alternative method for acquiring forensic insights from smartphones and other IoT devices[15]-[17].
- Encryption: Encrypted data can be almost impossible to get the data without the proper decryption keys, it will be problematic for investigators
- Anti-Forensic Techniques: Cybercriminals will select the anti-forensic tools and technique to cover their traces, making investigation much more difficult
- Jurisdictional Issues: Cybercrimes will be difficult to solve because they can happen in different countries, and that can make it much more difficult to figure out who should be in charge of the investigation.
- Data Volume: There are more and more digital data getting day by day and it is getting harder to work with data and understand all the data
- Privacy Concerns: Finding the correct balance between collecting digital proof and respecting people’ privacy will be tricky matter
Conclusion
Now a days in the world digital evidence are important in investigation. Computer forensics will help to identify, collect, and store the evidence from the digital evidence.it plays a major role in identifying cybercriminals and protecting the integrity of data. In computer forensics we can face challenges in encryption and jurisdictional issues. yet it will continue to develop and adapt to safeguard the digital world.
References
- V. Prakash, A. Williams, L. Garg, C. Savaglio, & S. Bawa, “Cloud and edge computing-based computer forensics: challenges and open problems“, Electronics, vol. 10, no. 11, p. 1229, 2021.
- A. Sayakkara and N. Le-Khac, “Electromagnetic side-channel analysis for iot forensics: challenges, framework, and datasets“, Ieee Access, vol. 9, p. 113585-113598, 2021.
- S. Lee, S. Lee, & J. Lee, “Spare: efficient sqlite recovery using database schema patterns“, Ksii Transactions on Internet and Information Systems, vol. 11, no. 3, 2017.
- S. Zuev and D. Bakhteev, “Digital forensic logistics: the basics of scientific theory“, International Journal of Law and Society, vol. 4, no. 2, p. 83, 2021.
- V. Kebande, N. Karie, & H. Venter, “Adding digital forensic readiness as a security component to the iot domain“, International Journal on Advanced Science Engineering and Information Technology, vol. 8, no. 1, p. 1, 2018.
- P. D. Dixon, “An overview of computer forensics,” in IEEE Potentials, vol. 24, no. 5, pp. 7-10, Dec. 2005.
- A. Yasinsac, R. F. Erbacher, D. G. Marks, M. M. Pollitt and P. M. Sommer, “Computer forensics education,” in IEEE Security & Privacy, vol. 1, no. 4, pp. 15-23, July-Aug. 2003, doi: .
- Yusoff, Yunus & Ismail, Roslan & Hassan, Zainuddin. (2011). Common Phases of Computer Forensics Investigation Models. International Journal of Computer Science & Information Technology (IJCSIT). 3. .
- Gupta, B. B., & Lytras, M. D. (2022). Fog-enabled secure and efficient fine-grained searchable data sharing and management scheme for IoT-based healthcare systems. IEEE Transactions on Engineering Management.
- Dahiya, A., Gupta, B. B., Alhalabi, W., & Ulrichd, K. (2022). A comprehensive analysis of blockchain and its applications in intelligent systems based on IoT, cloud and social media. International Journal of Intelligent Systems, 37(12), 11037-11077.
- Prakash, V., Williams, A., Garg, L., Savaglio, C., & Bawa, S. (2021). Cloud and edge computing-based computer forensics: challenges and open problems. Electronics, 10(11), 1229.
- Dahiya, A., Gupta, B. B., Alhalabi, W., & Ulrichd, K. (2022). A comprehensive analysis of blockchain and its applications in intelligent systems based on IoT, cloud and social media. International Journal of Intelligent Systems, 37(12), 11037-11077.
- Rajput, R. K. S., Goyal, D., Pant, A., Sharma, G., Arya, V., & Rafsanjani, M. K. (2022). Cloud data centre energy utilization estimation: Simulation and modelling with idr. International Journal of Cloud Applications and Computing (IJCAC), 12(1), 1-16.
- Sayakkara, A. and Le-Khac, N. (2021). Forensic insights from smartphones through electromagnetic side-channel analysis. Ieee Access, 9, 13237-13247.
- Gupta, B. B., & Sheng, Q. Z. (Eds.). (2019). Machine learning for computer and cyber security: principle, algorithms, and practices. CRC Press.
- Gupta, B. B., Perez, G. M., Agrawal, D. P., & Gupta, D. (2020). Handbook of computer networks and cyber security. Springer, 10, 978-3.
- Gupta, B. B., & Lytras, M. D. (2022). Fog-enabled secure and efficient fine-grained searchable data sharing and management scheme for IoT-based healthcare systems. IEEE Transactions on Engineering Management.
Cite As
REDDY K. T. (2023) The World of Computer Forensics and Its Challenges, Insights2Techinfo, pp.1