International Indexed &Referred Research Journal, May, 2012. ISSN- 0975-3486, RNI-RAJBIL 2009/30097;VoL.

III *ISSUE-32

Research PaperLaw

Cyber Forensics An Electronic Evidentiary Recovery

May, 2012 * Dr. Sunita Arya** Kusum Joshi * Assistant. Professor, Shri Vaishnav Institute of Law, Indore M.P. ** Assistant Professor, Indore Institute of Law, Indore M.P. A B S T R A C T
The mishandling of techniques in technological era is obvious and today computer is essential equipment which target of the hackers and wrong doers. The investigation and examination of such kind of crimes are quite difficult so the new branch of forensic i.e. Computer Forensic plays vital role in this connection. This process often involves the investigation and examination computer systems, including, but not limited to the data acquisition that resides on the media within the computer. The forensic examiner renders an opinion, based upon the examination of the material that has been recovered. Mostly, computer forensics experts investigate data storage devices; these include but are not limited to hard drives, portable data devices. (USB Drives, External drives, Micro Drives and many more)

Keywords: Electronic Evidentiary Recovery, e-discovery, techno-legal evidence, digital evidence, computer forensics and physical forensics. 3. Present the finding. Introduction: Computer forensics is done in a manner that adheres Computer Forensics is a technological, systematic to the standards of evidence that are admissible in a inspection of the computer system and its contents court of law. Thus, computer forensics must be technofor evidence or supportive evidence of a civil wrong legal in nature rather than purely technical or purely or a criminal act. Computer forensics have need of legal. specialized expertise and tools that goes above and Electronic evidence considerations: beyond the normal data collection and preservation Electronic evidence can be collected from a techniques available to end-users or system support variety of sources. Within a company's network, evipersonnel. dence will be found in any form of technology that Definition: can be used to transmit or store data. Evidence should Computer forensics is the art and science of be collected through three parts of an offender's netapplying computer science to aid the legal process1. work: at the workstation of the offender, on the server "Computer Forensics is basically the application of accessed by the offender, and on the network that concomputer investigation and analysis techniques in the nects the two. Investigators can therefore use three interests of determining potential legal evidence." different sources to confirm of the data's origin. Computer Forensics can be defined as the use of techComparison to Physical Forensics: nology and science for investigation and fact recovThere are many core differences between ery when dealing with criminal matters. Computer computer forensics and "physical forensics." At the forensics is the technological aspect of retrieving evihighest level, the physical forensic sciences focus on dence to use within criminal or civil courts of law. identification and individualization. Computer forenOne definition is analogous to "Electronic Evidensics on the other hand focuses on finding the evidence tiary Recovery, known also as e-discovery, requires and analyzing it. Therefore, it is more analogous to a the proper tools and knowledge to meet the Court's physical crime scene investigation than the physical criteria, whereas Computer Forensics is simply the forensic processes. application of computer investigation and analysis Cyber Forensics Services in India: techniques in the interests of determining potential Perry4Law is the "First and Exclusive" legal evidence." Techno-Legal and Cyber Forensics Firm of India and Identify sources of digital evidence. one of the Best in the World. Its "Professional Ser1. Preserve the evidence. vices" are not only unique but also matchless. It pro2. Analyze the evidence. vides a wide variety of Techno-Legal Service includ-

RESEARCH ANALYSIS AND EVALUATION

47

International Indexed &Referred Research Journal, May, 2012. ISSN- 0975-3486, RNI-RAJBIL 2009/30097;VoL.III *ISSUE-32

ing Cyber Forensics Services. Being the only Cyber Forensics Firm of India, it has developed "Domain Specific" Cyber Forensics Capabilities and Expertise. Perry4Law provides Domain Specific Techno-Legal Litigation and Consultancy Services in various fields like Cyber Laws in India, Cyber Security in India, Computer Security in India, Cyber Forensics in India, Cyber War in India, Computer Forensics in India, Cyber Terrorism in India, Critical Infrastructure Protection in India, Critical ICT Infrastructure in India, Legal Enablement of ICT System in India, Legal Frame work for Enablement of ICT System in India, Cyber Law Compliances in India, due Diligence Compliances in India, Techno-Legal ADR and ODR in India etc2. Finding: It is important to note that when performing a live analysis that the order of volatility be followed. The data that is most likely to be modified or damaged first should be captured first. The order of volatility is. 1. Network connections Network connections can close quickly and often leave no evidence of where they were connected to or the data being transferred. 2. Running Processes It is important to note which programs are running on a computer before further analysis is conducted. 3. RAM The systems Random Accessing Memory contains information on all running programs as well as recently run programs. The information that can

be gained from the system ram includes Passwords, encryption keys, and personal information and system and program settings. 4. System settings The Operating system settings can now be extracted. This includes User lists, currently logged in users, system date and time, currently accessed files and current security policies. 5. Hard Disk The hard disk can then be imaged. It is important to note that it is not forensically sound to image a hard drive while it is running live unless there are extenuating circumstances. Conclusion: From the above cram it is to be concluded that as essential technological equipment like computer needed more protection than the others. Computer forensic is today's demand and Perry4Laws playing an important role in the field of protection of computer system in India. Computer forensics able to recover damaged and deleted files. Some cases in particular used the art of computer forensics as their lead of evidence to indict a criminal offender or find the location of a missing person. Suggestion: 1. There should be more Techno-Legal firm like Perry4Law planned in India to protect cyber crimes worldwide. 2. Indian Evidence Act needs to be amending with requirement of the changing time for technical crimes.

R E F E R E N C E
1. Brown Chris L.T., Computer Evidence Collection and Preservation, 2006 2. Techno Legal Cyber Forensics Services in India Source: http://computerforensicsinindia.blogspot.in

48

RESEARCH ANALYSIS AND EVALUATION