Advertisment

Forensics is Going Desi

author-image
DQI Bureau
New Update

Indiginisation and self-reliance have been preferred strategies to cut costs

and avoid reliance on imported technology. An ongoing project of the Union

ministry of communication and information technology will enable the country to

have the first pair of ‘desi-made’ computer forensics analysis tools by

June.

Advertisment

C-DAC, Thiruvananthapuram (erstwhile Electronics Research and Development

Center) and National Police Academy, Hyderabad are jointly developing the two

basic tools for offline disk forensic analysis–TrueBack and CyberCheck.

TrueBack would enable investigators to extract an exact copy of the suspected

hard disk or floppy involved in the crime. This is called ‘bit stream copying’.

In computer crimes what is important is the sanctity of the original hard disk,

which should not be tampered with while analyzing the files and data, according

to N Krishnan, Additional Director of C-DAC, Thiruvananthapuram. The second part

involves ‘hashing’ of the hard disk and its copy (similar to creation of the

digital signature) to ensure authenticity of both. This would be followed by

analysis of the hard disk copy to see the Operating System, deleted and

recoverable files, study the file structure, data and so on as required for the

presentation of the case in the court.

C-DAC Center would first release a Cyber Check version that would enable

analysis of disks loaded with Windows 95 or 98 versions running on FAT 16 and

FAT 32 systems. Subsequent version would be able to analyze the Windows 2000,

XP, Linux and other operating systems.

Advertisment

The Rs 1.21-crore project is expected to cut costs incurred in importing

proprietary computer forensic tools. For example, Encase, a proprietary tool

costs Rs 1.5 lakh for a single user while TrueBack and CyberCheck would be much

cheaper when deployed across the country. Technical experts can better explain a

‘desi-tool’ to the court as they have little idea of the source code or

functionalities of foreign ones. Thirdly, the tools when successfully deployed

across the country can be marketed to developing nations where cyber forensics

is not yet developed. C-DAC, Thiruvananthapuram, which claims to have competency

in electronic hardware and instrumentation, hopes to also stake a claim to

develop imaging devices for computer forensics in the future.

Simultaneously, the National Police Academy is evolving a procedure code for

computer forensics as the Indian IT Act 2000 does not specify the procedure to

be followed while investigating a cyber crime. The Police Academy manual would

finally be incorporated into the IT Act. Online or network forensics is a more

technically challenging aspect of cyber forensics. It gathers digital evidence

that is distributed across large-scale, complex networks. Cyber forensics

focuses on real-time, on-line evidence gathering rather than the traditional

off-line computer disk forensic technology. This is what a new project

christened Computer Emergency Response Team (CERT) funded by MCIT and involving

leading research institutions such as Indian Institute of Science would be

addressing. The objective here is to continuously monitor the computer networks

for any unauthorized activity–hacking, spoofing, intrusion detection, alerting

on viruses, etc–and preventing such attacks.

Standard intrusion analysis includes examination of many sources of data

evidence (e.g., intrusion detection system logs, firewall logs, audit trails,

and network management information).

In Cyber forensics, inspection of transient and other frequently overlooked

elements such as contents of memory, registers, basic input/output system,

input/output buffers, serial receive buffers, L2 cache, front side and back side

system caches, and various system buffers (e.g., drive and video buffers) are

also undertaken. Despite having investigators proficient in understanding the

complexities of cyber crime, the cyber forensics infrastructure is still

under-developed in the country. With the recent establishment of state-of

-the-art Computer Forensic Laboratory at National Police Academy, Hyderabad and

the development of indigenous forensic tools, India seems poised to tackle the

increasing number of cyber crimes more efficiently than ever before.

R Sreekumar



Cyber News Service

Advertisment