Cyber Forensics Evolution and Its Goals

Cyber Forensics Evolution and Its Goals

Mohammad Zunnun Khan (Integral University, India), Anshul Mishra (City College, Lucknow, India) and Mahmoodul Hasan Khan (Institute of Engineering and Technology, Lucknow, India)
Copyright: © 2020 |Pages: 15
DOI: 10.4018/978-1-7998-1558-7.ch002
OnDemand PDF Download:
No Current Special Offers


This chapter includes the evolution of cyber forensics from the 1980s to the current era. It was the era when computer forensics came into existence after a personal computer became a viable option for consumers. The formation of digital forensics is also discussed here. This chapter also includes the formation of cyber forensic investigation agencies. Cyber forensic life cycle and related phases are discussed in detail. Role of international organizations on computer evidence is discussed with the emphasize on Digital Forensic Research Workshop (DFRWS), Scientific Working Group on Digital Evidence (SWDGE), chief police officers' involvement. Authenticity-, accuracy-, and completeness-related pieces of evidence are also discussed. The most important thing that is discussed here is the cyber forensics data.
Chapter Preview

Evolution Of Cyber Forensics

The 1980s was the era when computer forensics came into existence after personal computers became a viable option for consumers. FBI had created a program in 1984 named as the ‘Magnetic Media Program’, in the current era, it is known as the Computer Analysis and Response Team (CART). Michael Anderson was known as the father of computer forensics because he had started developing measures in this field. He was a special agent in criminal investigation division. He had served the American government until the mid-1990s, after which he founded New Technologies, Inc., a leading computer forensics firm (H. Armstrong, 2004).

Until the late 1990s, what became known as digital forensics was commonly termed ‘computer forensics. At first, computer forensic technicians were law enforcement officers who were also computer hobbyists. In the USA in 1984, work began in the FBI Computer Analysis and Response Team (CART). One year later, in the UK, the Metropolitan Police set up a computer crime unit under John Austen within what was then called the Fraud Squad.

A major change took place at the beginning of the 1990s. Investigators and technical support operatives within the UK law enforcement agencies, along with outside specialists, realized that digital forensics (as with other fields) required standard techniques, protocols, and procedures. Apart from informal guidelines, these standard tools and techniques did not exist and urgently needed to be developed. A series of conferences, initially convened by the Serious Fraud Office and the Inland Revenue, took place at the Police Staff College at Bramshill in 1994 and 1995, during which the modern British digital forensic methodology was established.

In the UK in 1998 the Association of Chief Police Officers (ACPO) produced the first version of its Good Practice Guide for Digital Evidence (Association of Chief Police Officers, 2012). The ACPO guidelines detail the main principles applicable to all digital forensics for law enforcement in the UK.

As the science of digital forensics had matured, these guidelines and best practices have slowly evolved into standards and the field has come under the auspices of the Forensic Science Regulator in the UK.

Formation of Cyber Forensic Investigation Agencies

In the year 1988, a meeting was organized in Oregon that led to the formation of the International Association of Computer Investigative Specialists (IACIS). Soon after that, the first module was designed to teach SCERS (Seized Computer Evidence Recovery Specialists) (M. Meyers, M. Rogers, 2006).

Computer Forensic Timeline is illustrated in Fig.1 and it represents the evolution of the digital forensics domain as such.

Figure 1.

Computer Forensics Timeline


Computer Forensics Timeline is:

  • Ad-hoc phase

In this phase, the lack of structure, lack of clear goals, lack of adequate tools, processes & procedures and further major legal issues on how to proceed with digital evidence was seen.

  • Structured Phase

It is a complex solution for computer forensic in which from accepted procedures, special tools have been developed and most importantly enabling criminal legislation to the wide use of digital evidence.

  • Enterprise Phase

Three areas of this phase are real-time collection of evidence, developing field collection tools and forensic becoming a service in companies.

Key Terms in this Chapter

Evolution of Cyber Forensics: Explores the ways of emerging requirements of the cyber forensics.

Computer Forensics Timeline: Computer forensics is mainly about investigating crime where computers have been involved.

Cyber Forensics: Cyber forensics is the scientific processes of identification, seizure, acquisition, authentication, analysis, documentation, and preservation of digital evidence.

Investigation Agencies: An agency authorized by law or regulation to conduct a counterintelligence investigation.

Cardinal Rules in Cyber Forensics: Ethics and cardinal rules to be followed.

Digital Evidence: Digital evidence is defined as information and data of value to an investigation that is stored on, received, or transmitted by an electronic device.

Complete Chapter List

Search this Book: