Computer Forensics

COMPUTER FORENSICS (1) Computer forensics deals with identification, documentation, extraction and preservation of computer evidence. Typically, computer forensic tools exist in form of computer software and hardware, procedures and communication protocols. To ensure accuracy and reliability of computer evidence, it is imperative to go for cross validation of the results through use of multiple tools and techniques and standard procedures. Vigilance Manual 2017 Chapter - XI Some Relevant Issues 308 In terms of Section 2 (1) (h) of the Information Technology Act, 2000, a computer is any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic and memory functions by manipulation of electronic, magnetic or optical impulses, and includes all inputs, outputs, processing, storage, computer software or communication facilities which are related or connected to the computer in a computer system or computer network. A computer system is a device or collection of devices, having interface with input and output support device, which are programmable; and can be used for performing logic, arithmetic, data storage and retrieval, communication control and other functions making use of computer programmes, electronic instructions and input / output data. Computer network refers to interconnection of one or more computers through communications media. (2) With growing and widespread use of computer technology, a computing machine / computer system / communication network can be used for committing irregularities / crimes; at the same time, these objects can also be victims of nefarious activities. The first step in the direction of committing such activities is to have access to a computer / computer system / computer network; the access may be physical or from a remote location through a communication network. Though unauthorised and remote access to a computer / computer system makes investigation in to an act of omission or Commission difficult, we need to realise that such acts, like any other conventional irregularity / crime, leave behind evidence at the scene of crime. Electronic evidence normally consists of an electronic record which, in turn, may be in form of data, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche. Computer data means a representation of information, knowledge, facts, concepts or instructions, prepared in a formalized manner and intended to be processed in a computer system or computer network. Significant digital sources of evidence include computers, mobile devices, removable media and external data storage devices, online banking software, e-mail/ Vigilance Manual 2017 309 Chapter - XI Some Relevant Issues notes / letters, telephone records, financial or asset records, electronic money transfers, accounting or record keeping software, etc. (3) A computer forensic examination may reveal when a document first appeared on a computer, when it was last edited, when it was last saved or printed, and which user carried out these actions. It can detect sophisticated money trails / movement of proceeds of corruption. As much of the day-to-day communication and financial transactions are conducted over the Internet, real time monitoring of bank accounts, e-mail traffic and the interception and processing of other forms of on-line data become important for conducting a proper investigation, complementing traditional investigative and surveillance techniques. However, all these activities require the assistance of a digital forensic expert. The Cyber Forensic Laboratory and Digital Imaging Centre, functioning under CFSL / CBI, assist investigating / enforcement agencies in the collection and forensic analysis of electronic evidence. Services of other such forensic laboratories of Central / State Government or NABL accredited laboratories may also be used for this purpose. 11.6.2 TRAINING IN FORENSIC SCIENCE Commission expects that Departments / Organisations should take steps to build capacity of their personnel, engaged in vigilance inquiries & investigations and disciplinary matters, etc., in Forensic Sciences. Commission has organised several training courses for CVOs and vigilance functionariesin several premier institutes. Some of the organisations have also got tailor-made courses organised.