‘Proliferation of internet-based devices poses a challenge to cyber forensics’

Keeping pace with the fast-evolving technology and proliferation of devices connected to the internet poses the biggest challenge in cyber forensics, said Hiron Bose, Joint Director, Centre for Development of Advanced Computing (C-DAC), Thiruvananthapuram.

He was talking to The Hindu after making a presentation on cyber forensics at the valedictory function of the Vigilance Awareness Week held here on Saturday.

Mr. Bose drew attention to the increasingly new electronic devices connectable to the Internet that are emerging by the day leading to the emergence of new wings in cyber forensics. “Internet of Things forensics, cloud forensics, drone forensics are some of the new advanced wings of cyber forensics. For instance, a drone has an internal memory while access to a smart watch connected to a mobile phone can be as useful as getting hold of the phone for digital evidence,” he said.

A cyber crime committed with a new device poses the challenges of breaking into the encrypted security mechanism devised by the makers.

Mr. Bose said that application of cyber forensics variants like cloud forensics can be challenging on account of access to data stored by the cloud service providers who may not be cooperative beyond a point. But that is changing with the government tightening rules such as insisting on the maintenance of physical servers locally.

He said that Kerala Police are in the forefront of cyber forensics in the country. They have access to latest tools, which are constantly updated, while cyber forensics remain a module in training during induction.

Cyber forensics calls for following a set of procedures for amassing digital evidence that is critical on four counts – how the incident occurred, where the attack originated, the files and folders affected and assessing potential damage. “According to statistics, 70% of cyber attacks originate from within the organisation,” said Mr. Bose.

He said that collection of devices from the crime scene and their preservation remain crucial in cyber forensics. “Missing a digital device in the crime scene can adversely affect the investigation. Preservation means creating a unique digital fingerprint, which is technically called hash value. Different tools have been developed for live forensics for analysing a network or system that is up and running, and death forensics for analysing a network or system that remains shut,” said Mr. Bose.