What is Cyber Forensics?

What is Cyber Forensics?

The technique of acquiring, collecting, processing, analysing, and reporting digital data in a legally authorised manner is known as cyber forensics. Cyber forensics is also known as computer forensics.

Digital forensic analysis is systematical investigation of device, system, network communication or memory image. It’s a technical procedure that includes analysing Electronically Stored Information (ESI) on electronic devices like desktop computers, laptops, and external hard drives. it’s focuses on detecting and preventing cybercrime as well as any difficulties or occurrences when evidence is maintained digitally. When forensic investigators locate and present evidence in a court of law, they employ specialised procedures. The investigation is carried out using a methodical technique to verify factual facts in civil and criminal cases.

In the context of solving cybersecurity incidents its purpose is to answer questions depending on type of analysis.

Also Read: Quiz on Cyber Forensics

The application of Cyber Forensics

Cyber forensics may be used in a wide range of commercial, civil, and criminal investigations, including:
• Intellectual Property theft
• Indecent imagery investigations
• Employment disputes
• Fraud investigations
• Bankruptcy investigations
• Regulatory compliance
• Litigation & dispute resolution

Digital forensic analysis consists of multiple phases:

✔ Obtaining digital evidence
✔ Analysis of digital evidence
✔ Creating report/briefing or expert’s report for judicial proceedings

When capturing digital evidence, it is important to ensure:

⚫ Precision – acquired evidence is identical with data from original media

⚫ Integrity – acquired evidence must not be changed in time (their change must be discoverable)

⚫ Authenticity – acquired evidence come from analyzed device/system/source in set time period

⚫ Confidentiality and accessibility

Why Cyber forensics is required?

• Crime detection and pretension
• They examine a crime scene that is linked to any digital evidence.
• It can facilitate the recovery of files that have been encrypted, erased, or corrupted.
• Search for and detect cybercrime-related data in any digital asset.
• If digital evidence is not handled properly, it can be easily deleted.

Primary Objectives of Cyber Security Forensics Investigators

► For retrieving, analysing, reporting, and presenting computer-oriented documents so that they may be easily demonstrated and submitted as evidence in a court of law.

► To discover evidence in a timely manner, quantify the total threat and impact of malicious cyber activity on the affected user or business, and provide remedies.

What evidence can be retrieved?

• Email correspondence, including deleted emails
• Internet activity, history, account information and downloads
• Stolen electronic data / intellectual property
• Deleted files, folders, images and videos
• Operating data, including creation times, dates and system logs


आपराधिक जांच में साइबर फोरेंसिक की भूमिका लगातार बढ़ रही है । जैसे-जैसे डिजिटल अपराध तेजी से बढ़ता जा रहा है, कंप्यूटर फोरेंसिक विशेषज्ञता की आवश्यकता भी बढ़ती जा रही है।

साइबर अपराधियों, जिन्हें हैकर्स के रूप में भी जाना जाता है, कंप्यूटर सिस्टम का उपयोग अक्सर दुर्भावनापूर्ण और शोषणकारी उद्देश्यों के लिए तथा व्यक्तिगत जानकारी तक पहुंच प्राप्त करने के लिए करते हैं। कई तरीके तथा विभिन्न सुरक्षा उपायों के कारण हैकर्स की पहचान करना बेहद मुश्किल होता है। साइबर सुरक्षा विशेषज्ञ इस बात पर जोर देते हैं कि साइबर अपराधी अपने उद्देश्यों को प्राप्त करने के लिए जिन आधुनिक तरीको का उपयोग करते हैं वे उन्हें उनसे भी अधिक दक्षता के साथ पकड़ने की तकनीक विकसित करे तथा लगातार नई तकनीकें भी विकसित करते हैं।

विधि विज्ञान प्रयोगशाला में निम्निलिखित विभाग के अन्तर्गत विभिन्न प्रकार के डिजिटल सबूतों का परीक्षण किया जाता है:

साइबर विभाग-

• मोबाइल फोन, मेमोरी कार्ड, पेन ड्राइव, हार्ड डिस्क, सीडी, डीवीडी और अन्य मेमोरी डिवाइस, लैपटॉप और डेस्क टॉप कंप्यूटर का विश्लेषण।