In this article we will look at challenges in computer forensics. We will look at various challenges in network forensics, technical forensics and legal forensics.
Although there are well-developed forensic techniques, cybercrime investigation is not easy. Huge amount of data is available and searching for evidence in that enormous data is not easy. Most of the existing tools allow anyone to change the attribute associated with digital data.
Watch this video to understand the challenges in computer forensics:
Encryption is a commonly used antiforensics technique and keyword search can be defeated by renaming file names. Cybercrime investigators often face a problem of collecting evidence from very large groups of files. They need to use techniques like link analysis and visualization. To find leads they need to use machine learning techniques (patterns).
Challenges in network forensics
- Networks span multiple time zones and multiple jurisdictions
- Network data will be available offline and online (real-time)
- Real-time data requires ability to capture and analyze data on the fly
- The data may involve different protocols
- The data may be huge due to increasing bandwidth
- A protocol might also involve multiple layers of signal (VoIP, HTTP tunneling)
- Current forensic tools will not be able to handle real-time data and huge amount of data
There need to be a paradigm shift for network forensics techniques to analyze the real-time data and huge amounts of data. Duration of forensics investigation may vary, some simple cases might take a few hours and complex cases may take some years to solve.
Certain digital information other than the data itself may help in solving the case. Such information might include, data and timestamps of files, folder structure and message transmission tags. Real-time data collection is more complex as it needs to address legalities and privileges involved in surveillance.
Technical Challenges
The two challenges faced in a digital forensic investigation are complexity and quantity. The complexity problem refers to the data collected being at the lowest level or in raw format. Non-technical people will find it difficult to understand such data.
Tools can be used to transform the data from low level format to readable format. The quantity problem refers to the amount of data that needs to be analyzed. Data reduction techniques can be used to group data or remove known data. Data reduction techniques include:
- Identifying known network packets using IDS signatures
- Identifying unknown entries during log processing
- Identifying known files using hash databases
- Sorting files by their types
Legal challenges
Digital evidence can be tampered easily, sometimes, even without any traces. It is common for modern computers to have multiple gigabyte sized disks. Seizing and freezing of digital evidence can no longer be accomplished just by burning a CD-ROM. Failure to freeze the evidence prior to opening files has invalidated critical evidence.
There is also the problem of finding relevant evidence within massive amounts of data which is a daunting task. The real legal challenges involve the artificial limitations imposed by constitutional, statutory and procedural issues. There are many types of personnel involved in digital/computer forensics like technicians, policy makers, and professionals.
Technicians have sound knowledge and skills to gather information from digital devices, understand software and hardware as well as networks. Policy makes establish forensics policies that reflect broad considerations. Professionals are the link between policy and execution who have extensive technical skills as well as good understanding of the legal procedures.
Suryateja Pericherla, at present is a Research Scholar (full-time Ph.D.) in the Dept. of Computer Science & Systems Engineering at Andhra University, Visakhapatnam. Previously worked as an Associate Professor in the Dept. of CSE at Vishnu Institute of Technology, India.
He has 11+ years of teaching experience and is an individual researcher whose research interests are Cloud Computing, Internet of Things, Computer Security, Network Security and Blockchain.
He is a member of professional societies like IEEE, ACM, CSI and ISCA. He published several research papers which are indexed by SCIE, WoS, Scopus, Springer and others.
This was very helpful for me to prepare notes of Cyber law and ethics subject for osmania university, Thank you so much.
Do you have notes for these two tipics
1. Forensics Analysis of Email
2.Special Techniques for Forensics Auditing