Indiginisation and self-reliance have been preferred strategies to cut costs
and avoid reliance on imported technology. An ongoing project of the Union
ministry of communication and information technology will enable the country to
have the first pair of ‘desi-made’ computer forensics analysis tools by
June.
C-DAC, Thiruvananthapuram (erstwhile Electronics Research and Development
Center) and National Police Academy, Hyderabad are jointly developing the two
basic tools for offline disk forensic analysis–TrueBack and CyberCheck.
TrueBack would enable investigators to extract an exact copy of the suspected
hard disk or floppy involved in the crime. This is called ‘bit stream copying’.
In computer crimes what is important is the sanctity of the original hard disk,
which should not be tampered with while analyzing the files and data, according
to N Krishnan, Additional Director of C-DAC, Thiruvananthapuram. The second part
involves ‘hashing’ of the hard disk and its copy (similar to creation of the
digital signature) to ensure authenticity of both. This would be followed by
analysis of the hard disk copy to see the Operating System, deleted and
recoverable files, study the file structure, data and so on as required for the
presentation of the case in the court.
C-DAC Center would first release a Cyber Check version that would enable
analysis of disks loaded with Windows 95 or 98 versions running on FAT 16 and
FAT 32 systems. Subsequent version would be able to analyze the Windows 2000,
XP, Linux and other operating systems.
The Rs 1.21-crore project is expected to cut costs incurred in importing
proprietary computer forensic tools. For example, Encase, a proprietary tool
costs Rs 1.5 lakh for a single user while TrueBack and CyberCheck would be much
cheaper when deployed across the country. Technical experts can better explain a
‘desi-tool’ to the court as they have little idea of the source code or
functionalities of foreign ones. Thirdly, the tools when successfully deployed
across the country can be marketed to developing nations where cyber forensics
is not yet developed. C-DAC, Thiruvananthapuram, which claims to have competency
in electronic hardware and instrumentation, hopes to also stake a claim to
develop imaging devices for computer forensics in the future.
Simultaneously, the National Police Academy is evolving a procedure code for
computer forensics as the Indian IT Act 2000 does not specify the procedure to
be followed while investigating a cyber crime. The Police Academy manual would
finally be incorporated into the IT Act. Online or network forensics is a more
technically challenging aspect of cyber forensics. It gathers digital evidence
that is distributed across large-scale, complex networks. Cyber forensics
focuses on real-time, on-line evidence gathering rather than the traditional
off-line computer disk forensic technology. This is what a new project
christened Computer Emergency Response Team (CERT) funded by MCIT and involving
leading research institutions such as Indian Institute of Science would be
addressing. The objective here is to continuously monitor the computer networks
for any unauthorized activity–hacking, spoofing, intrusion detection, alerting
on viruses, etc–and preventing such attacks.
Standard intrusion analysis includes examination of many sources of data
evidence (e.g., intrusion detection system logs, firewall logs, audit trails,
and network management information).
In Cyber forensics, inspection of transient and other frequently overlooked
elements such as contents of memory, registers, basic input/output system,
input/output buffers, serial receive buffers, L2 cache, front side and back side
system caches, and various system buffers (e.g., drive and video buffers) are
also undertaken. Despite having investigators proficient in understanding the
complexities of cyber crime, the cyber forensics infrastructure is still
under-developed in the country. With the recent establishment of state-of
-the-art Computer Forensic Laboratory at National Police Academy, Hyderabad and
the development of indigenous forensic tools, India seems poised to tackle the
increasing number of cyber crimes more efficiently than ever before.
R Sreekumar
Cyber News Service