A Brief Introduction to Cyber Forensics

I was reading a book on Android Security From Dr. Pragati Ogal Rai mam and I came across this line it changed the way I think about cybersecurity, it's not the code but just the fact that there can be an awesome looking well-written code that can make you look back at the security of the Android system.

Today it's very easy to tear down an APK or a mobile app and do an analysis of it.

This was the code :

// mUserInput is the user input

String mSelectionClause = "var = " + mUserInput;?

This way of "code" is not a best practice, you can be proud of it only if you want your application to be vulnerable to SQL injections.

The above code is directly taken from the book??

So now if you think back at the way any Cyberforsensics Expert Perform Forensics is by creating a Copy of the system and now investigating the replica. The above is an example of a vulnerability that is being diagnosed at the level of code.

Introduction

Cyber forensics is the process of obtaining data as evidence for a crime (using electronic equipment) while adhering to correct investigative procedures to apprehend the offender by presenting the evidence to the court. Computer forensics is another name for cyber forensics. Maintaining the chain of evidence and documentation to identify the digital criminal is the primary goal of cyber forensics.

It is crucial to make a digital copy of the system's unique storage cell during the examination. To identify who is responsible for a security breach, a thorough cyber forensics investigation is conducted. While assuring that the system is not impacted, a full investigation is conducted on the software copy.

Cyber forensics is an unavoidable and crucial element in the modern era, thus cyber forensics plays a huge role in incident response.

So CyberForensics don't only talk about just the technology, they also talk about the human in the loop read this case study on Sony Hack and also do refer to the slides given below where I talk about the different practices in DevSecOps that you can use for understanding the challenges in SDLC, this is even before we have a compromised system. The Challenges, strategies, and the decision of using the right tool in the SDLC.Do See the slides here.

What makes cyber forensics crucial?

The field of cyber forensics is growing as more and more things are digitalized. Locating the underlying offenders aids us in battling aggressive activities. Cybersecurity experts can identify hackers and crackers with the help of the data obtained via investigations.

Due to the rise in cybercrime, the work of cyber forensic specialists is becoming increasingly important. The NCRB reports thats from 2016 to 2018, cybercrime doubled and that it might rise to four times more than it is now. This demonstrates the significance of law enforcement in combating cybercrime and the difficulties cyber professionals face when dealing with cyber forensics.

Specialists may remotely evaluate any crime scene using cyber forensics by looking at the surfing history, email correspondence, or digital traces.

Cyber forensics is extremely important in today's technologically advanced age. Forensic forensics and technology work together to speed up investigations and produce reliable findings. The following examples illustrate the significance of cyber forensics:

• Cyber forensics aids in gathering crucial digital evidence to track down the offender.
• Electronic devices store enormous volumes of data that are invisible to the naked eye. As an illustration, every time we talk in a smart home, activities taken by smart gadgets generate enormous amounts of data that are essential to cyber forensics.
• The evidence gathered online may also be used by innocent persons to demonstrate their innocence.

The Methodology Used in Cyber Forensics

• acquiring a digital replica of the system that is being or must be examined.
• confirming and authenticating the copy.
• Getting back erased files (using Autopsy Tool).
• To discover the information you need, use keywords.
• the creation of a technical report.

How do Computer/Cyber Forensics Experts work?

During an investigation, computer forensic professionals gather and analyze potential evidence, including deleted, encrypted, or corrupted data. To avoid the evidence from being changed, tainted, or destroyed, all actions conducted during this procedure are documented and adhered to protocols.

A cyber forensic specialist investigates each event using cutting-edge methods. Their thorough inquiry focuses on building a solid chain of evidence. They can settle legal disputes and convict cybercriminals thanks to the admissible proof they create.

To gather data and draw conclusions after thorough research, the area of cyber forensics adheres to a set of rules. The steps that cyber forensic specialists take are:

• Identification:?Cyber forensics professionals identify the evidence that is present, where it is stored, and in what format it is stored as their first step.
• Preservation:?The next step after locating the data is to carefully preserve it and prevent anyone from using the device so that the data cannot be altered.
• Analysis:?The next step after obtaining the data is to examine the data or system. Here, the expert identifies the evidence that the criminal attempted to erase by erasing hidden files, recovers the erased files, checks the recovered data, and restores the data. The ultimate result may need numerous cycles of this method.
• Documentation:?After data analysis, a record is now produced. This file contains all of the retrieved and readily accessible (not deleted) data that is useful for evaluating and reconstructing the crime scene.
• Presentation:?The studied data is finally provided to the court at this phase to help resolve cases.

So at the end of the day What cyber forensics can accomplish is

• It can retrieve deleted data, chat histories, emails, and more.
• Calls and SMS can also be erased.
• Phone calls can be recorded and played back afterward.
• It can track who utilized which system when and for how long.
• Which user executed which application can be determined.

Types of Computer/Cyber forensics

Depending on the industry that requires digital inquiry, there are many forms of computer forensics. Here are the fields:

• Network forensics:?This entails keeping an eye on and examining network traffic going to and coming from the criminal's network. Network intrusion detection systems and other automated techniques are the technologies in use here.
• Email forensics: In this kind of forensics, the specialists examine the criminal's email and recover deleted email threads to extract important case-relevant data.
• Malware forensics:?This area of forensics focuses on crimes connected to hacking. To determine who is responsible for this breach, the forensics specialist looks at the malware and trojans in this case.
• Memory forensics:?This area of forensics works with extracting information from raw memory data (such as cache, RAM, etc.) after it has been collected.
• Mobile Phone forensics:?Generally speaking, this area of forensics focuses on cell phones. They look over and evaluate the cell phone's data.
• Database forensics: This area of forensics looks at and evaluates database data as well as any associated information.
• Disk forensics:?This area of forensics searches updated, active, or deleted files to retrieve data from storage media.

Techniques that Computer/Cyber forensic investigators use

A comprehensive range of technical, professional, and functional skills, as well as the particular cybersecurity abilities and crucial soft skills in demand by employers that will set you apart from the competition, are required of those pursuing a career in this industry. To help you understand what it takes to be a professional in the cybersecurity area.

The Top Skills Required for Cybersecurity Jobs

• Problem-Solving Skills
• Fundamental Computer Forensics Skills
• A Desire to Learn
• An Understanding of Hacking
• Technical Aptitude
• Knowledge of Security Across Various Platforms
• Attention to Detail
• Communication Skills

To investigate the data, cyber forensic investigators employ various methods and technologies, some of which include:

• Reverse steganography:?Steganography is a technique for concealing crucial data within a digital file, picture, etc. Therefore, reverse steganography is used by cyber forensic specialists to examine the data and discover a connection to the case.
• Stochastic forensics:?Without employing digital artifacts, stochastic forensics professionals examine and recreate digital activities. In this context, artifacts refer to unintentional data changes that result from digital operations.
• Cross-drive analysis:?In this procedure, data from several computer discs are correlated and cross-referenced to preserve and evaluate data that is pertinent to the inquiry.
• Live analysis:?In this method, the operating system of the culprits' computer is examined from within. To obtain certain important data, it targets the volatile RAM data.
• Deleted file recovery:?This involves looking through memory for remnants of a file that was partially destroyed to recover it for use as evidence.

Advantages

• Cyber forensics ensures the computer's integrity.
• Many people, businesses, and other entities learn about these crimes thanks to cyber forensics, and they then take the necessary precautions to prevent them.
• Cyber forensics collect evidence from digital devices and offer it to the court so that the offender may be punished.
• They locate the offender quickly and effectively anywhere in the world.
• They support those who want to save their resources, such as time and money.
• The audience can be made aware of the pertinent facts by making it a trend.

What qualifications are necessary to become a cyber forensic expert?

I am not going to talk about any degree but I am going to talk about the new approach which we can adopt in approaching right in this field of study.

A cyber forensic specialist has to possess the following abilities:

• Cyber forensics is, as we all know, technologically based. It is, therefore, necessary to have an understanding of numerous technologies, including computers, mobile phones, network hacks, security breaches, etc.
• The expert should pay close attention as they go through a lot of information looking for proof or evidence.
• The specialist needs to be knowledgeable in criminal legislation, criminal investigation, etc.
• As we all know, technology evolves with time, thus specialists need to stay current on new developments.
• Experts in cyber forensics need to be able to analyze the evidence, draw inferences from it, and give accurate interpretations.

Conclusion

A career in computer forensics is quite fulfilling because there are options to work for commercial companies as well as join governmental organizations. Agencies from all over the world are investing a sizable sum of money in the top Cyber Forensics experts due to the rise in cyberattacks each year.

As long as CyberThreats occur there will be a requirement for the Cyber Forensics Expert.