Cyber Forensics: Its Importance, Cyber Forensics Techniques, and Tools

Cyber Forensics: Its Importance, Cyber Forensics Techniques, and Tools

Sonali Yadav (Integral University, India)
Copyright: © 2020 |Pages: 15
DOI: 10.4018/978-1-7998-1558-7.ch001
OnDemand PDF Download:
No Current Special Offers


Today one of the major difficulties facing all organizations is cybercrime. Cybercrime is any crime related to computers or the internet. Cybercrimes cover a vast range, from sending fake emails to downloading and distributing copyrighted material. Cyber forensics is among one of the important branches of computer science. It deals with cybercrime investigation. In this chapter, the author provides an overview of cyber forensics. The chapter focuses on its importance and some of the techniques and tools used by cyber forensic investigators.
Chapter Preview

Cyber Forensics

Cyber is a prefix used to describe, a person, a thing or any idea related to computers and the internet. Forensics means using some sort of scientific process for the collection, analysis, and presentation of the evidence which has been collected. Forensics deals primarily with the recovery and examination of latent evidence. Latent evidence can take many forms, from fingerprints left on a window to DNA evidence recovered from blood stains to the files on a hard drive as per An Introduction to Computer Forensics-Infosec Resource. Thus, a formal definition of cyber forensics is:

Cyber Forensics is the science of examining, analysing and reporting electronic evidence collected from computers, networks, wireless communication and storage devices.” or in other words “We define cyber forensics as the discipline that combines elements of law and computer science to collect and analyse data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law by .

Mostly, the data collected during a cyber-forensic investigation is not easily available or seen by a common computer user. This may comprise items like fragments of data that can be found in the space allocated for existing files and deleted files from the computer system, which can only be known by a cyber-forensics expert. Special skill, practice, and tools are essential for obtaining this type of evidence. In a crime scene cyber forensics is mainly concerned with three types of data and they are as follows (as said by (New York Computer Forensics).

  • 1.

    Active Data: Active data is the data available on the computer system. This type of data is easily noticeable and can be obtained without using any restoration process. The data or information readily accessible to users includes word files, spread sheets, images, databases, email-messages, program files, system files or files used by the operating system. This is the easiest type of data.

  • 2.

    Archival Data: Archival data is a collection of data that has been moved to a storage media (Like cloud) for backup and storage. This type of data includes chats, a simple list of files, files organized under directory or catalogue structure, backup tapes, entire hard drives.

  • 3.

    Latent Data: Latent data, also known as ambient data, is not easily seen or accessible upon first glance at the scene of a Cyber-crime by an expert. It takes a much deeper level of investigation by the cyber forensic experts to unearth them. Specialized software is needed to access this type of data. Obtaining latent data is time-consuming and costly compared to the other two types of data. Some example of Latent data includes:

    • a)

      Deleted files or partially overwritten files.

    • b)

      The information which is in computer storage but is not readily referenced in the file allocation tables;

    • c)

      The information which cannot be viewed readily by the operating system or commonly used software applications;

    • d)

      Data which has been purposely deleted and is now located in: Unallocated spaces in the hard drive; Swap files; Print spooler files; Memory dumps;

    • e)

      The slack space between the existing files and the temporary cache.

Key Terms in this Chapter

Forensics Tools: Supporting tools for cyber forensics and digital forensics.

Cyber Forensics: Cybercrime investigation methods.

Cyber Forensics Techniques: To collect and preserve evidence.

Cybercrime: It is also known as digital crime.

Complete Chapter List

Search this Book: