Advertisment

Careers in Cyber Forensics

author-image
PANKAJ
New Update

IT has engulfed our lives so much that most of our daily activities are

dependent on it. And with so many people using it as part of their lives, it has

also emerged as a means for criminal activities. It is not just an individual

who is threatened by illegal activities in cyber space, but even an entire

country's security could be at risk. For instance in 2008, there was news that

the email system of the Indian Prime Minister's Office was affected by a

computer virus for three months, and upon investigating it was revealed that its

computers were being remotely controlled. One might also recall the 2006 train

bombings in Mumbai, where terrorists used advanced techniques such as IP address

masking for funds transfer and other communications.

Advertisment

Most terrorists groups now communicate through masked IP addresses and use

proxy services so that their activities become hard to trace. To make matters

worse, there are always cases where sensitive data has been stolen through a

network attack or identity theft. It is in such cases that a cyber forensic

expert dons his gloves to follow the digital trail left by criminals and helps

bring perpetrators of such criminal activities to justice.

Why society needs Cyber Forensics pros



Cyber Forensics is a new and developing field, which can be described as the

study of digital evidence resulting from an incidence of crime. The science

involves the investigation and a computer to determine the potential of legal

evidence. It helps create preventive intelligence and threat monitoring besides

post incident investigations. The growing spectre e-commerce and web-based

business transactions has changed the way white- collar crime is committed.

Enterprises have become increasingly concerned about the use of computer

networks for corporate spying and other similar threats. In addition,

extraordinary risk factors such as terrorism in India are also witnessing a

strategic change from an operational perspective. India, like elsewhere, is also

witnessing an exponential rise in the number of frauds done through computers

and IT systems.

Advertisment

From the government's perspective, cyber security has become as important a

parameter for national security as physically safeguarding the nation's borders.

In fact, there exists a critical dependence of various industries and business

sectors on the government-controlled IT infrastructure and networks. And if any

vulnerability is attacked by terrorists, it can be disastrous for the country's

corporates and businesses. For instance, the banking sector's inter-bank

financial settlement process is based on a centralized IT infrastructure that's

managed by RBI, and any disruption in the system can cause tremendous loss to

the sector. Such high IT dependence is also present in national assets like oil

and gas networks, national stock exchanges, railways, air traffic controls, etc.

Such systems are prime targets for hackers as well as terror organizations to

cause severe business and economic losses to the country. This has further

escalated the need to have Cyber Forensics experts in India to preserve

country's IT assets against operational and reputation risks. Thus, Cyber

Forensics professionals are not just required by enterprises for their

information security, but also by government agencies to keep track of nation's

cyber security and preserve it from malicious attacks.





Forensic — as per the dictionary definition relates to the use of science
and technology for establishment of facts or evidence in a court of law.

Similarly Cyber Forensic helps extract information from computer storage and

other media to establish facts in a manner that can be presented in the

court of law. Before anybody can even start doing any Cyber Forensics — one

should be well trained in a vast array of IT aspects — like hardware,

networking, Internet security and operating systems. After a few years of

hands-on experience in the above mentioned aspects, the person can start

learning Forensic Acquisition (Imaging) with various commercial and Open

source tools, Analysis/Correlation of the information and finally

E-Discovery. Cyber Forensic experts are typically needed by Law Enforcement

Agencies — as the agencies themselves might not have the tooling/expertise

to conduct very high end data analysis. The demand/supply ratio for cyber

forensic professional is 1:10 — that says how hard it is to find a decent CF

professional in India.

Murali Talasila, Director-Forensic, KPMG


Opportunities in Cyber Forensics



A Cyber Forensics professional is required to gather electronic evidence of

misuse of computer networks and provide evidence in a court of law to bring the

culprits to justice. A Cyber Forensics pro is sought by both public as well as

private sector. In the public sector, people are mostly absorbed in law

enforcement agencies like cyber crime cells, state forensics departments and

central agencies like the CBI. In the private sector, it's the information that

is of paramount importance for the enterprises, and so they require

professionals to safeguard their data from being stolen and misused and also

preserve them from hackers. Additionally, there are specialist companies that

work on ethical hacking, Cyber Forensics and IT security. A budding Cyber

Forensics expert can start his career as a cyber analyst or engineer for an

enterprise after gaining experience and domain knowledge can proceed to niche

areas in Cyber Forensics. Also, professionals can divert to freelancing and

become independent security consultants.

Advertisment

The Two Roles of Cyber Forensics

Contributed by: Orkash Services (www.orkash.com)

Where

investigative agencies are concerned, cyber forensics is usually seen as an

investigative tool — more to do with once the event has taken place.

However, this is set to change, keeping in view the sophisticated and the

advanced use of cyber space for targeting the nation's critical IT

infrastructure (like, what happens when the control systems of the national

power grid is hacked into?). Not only this, the cyber space has evolved to

be a conducive means for orchestrating terror attacks where terrorists use

Internet for recruitment, fund collection and intelligence



gathering.

The pre-event strategy is driven by intelligence gathering and is

predictive in nature. This includes evidence collection through 'packet'

level forensics for pattern generation in almost real time for further

intelligence. Notably, 'Trackback Analysis' is widely used for monitoring

and tracking online threats and their patterns such as, in the case of

identifying the true IP addresses of Internet pharmacies selling counterfeit

drugs. These would then collectively be able to reveal the source and nature

of the threat. As a case in point, with the increasing dependence of

terrorists on the cyber space, rigorous and consistent network monitoring

and forensics can isolate patterns and pick up indicators or triggers. This

also applies to organized crime syndicates involved in identity and data

thefts, money frauds, ponzi schemes and counterfeit sales through Internet

pharmacies. In today's world, preemptive intelligence plays an even more

crucial role since many countries have developed advanced capabilities to

launch cyber wars/attacks. Recent reports have indicated that more and more

countries are creating the capability for high level cyber attacks directed

toward hampering the operations of critical national infrastructure.

On the other hand, the post event analysis driven by an investigative

approach deals with the forensics of all the evidence that is part of the

crime or associated with a cyber incident. Here, the Cyber Evidence Chain

Management plays a pivotal role followed by 'construction' of events for

legal prosecution. Also, the investigative processes and collection of

evidence may involve individual computers or large networks in both the LAN

and WAN environments. In this, the cyber forensic tools have an added

advantage since they can provide access to the hardware and storage media,

and gather information in a forensically sound manner through interaction at

the low level of the OS or system.

It is estimated by NASSCOM that demand for professionals in Cyber Forensics

would be around 90,000 by 2010 in India, whereas world-wide this figure is

estimated to touch about 2,00,000, but the industry estimates much higher demand

in the local as well as overseas market. With such demands, it is estimated that

there would be a shortfall of 35,000 to 45,000 of such professionals in India

alone.

Keeping the increasing data thefts and information breach in enterprises in

mind, there is an increasing realization worldwide for establishing internal

controls and policy compliance as part of corporate governance for

organizations. There is already a lot of regulation internationally, such as the

Sarbanes Oxley Act, Basel II, Patriot Act and Data Protection Act. All these

require organizations to take responsibility to manage their operational risks,

ensure data protection, prevent corporate fraud, and enable their storage and

archive systems for e-discovery requirements, for litigation purposes. Even the

recent fraud in Satyam is a prime example of why such regulations have become

the need of the hour. Demand for Cyber Forensics pros is already high in

developed countries like the US and Europe and there is also a large

demand-supply mismatch in the availability of experienced professionals.

Advertisment

The Indian market is also rapidly evolving in the same manner requiring

information security norms and governance policies be followed by corporates in

accordance with the Indian IT Act. And the demand/ supply ratio for Cyber

Forensics professionals is 10:1 in India, thus, creating vast opportunities for

professionals to enter this domain.

Skills required



The field requires professionals who have specialized in gathering evidence

over IT networks. This requires in-depth understanding of networking

technologies, operating systems, storage and memory devices, and how various

applications interact with hardware and operating systems. Specialized forensic

skills can be only built upon the above pre-requisites. The other requirement is

expertise in cyber threat investigation, evidence management, legal knowledge,

encryption and cryptography, and search technologies. Specialized training and

experience is required to acquire these skills.

Advertisment
Cyber

Forensics is generally seen as one sided, that is, a means for post event

investigation. However, there is a need to take the two-pronged consolidated

approach —intelligence driven, that is predictive in nature and the other is

protective and investigative in nature. Law enforcement agencies are well

versed with the protective and investigative side of it, but the predictive

approach is not a well developed capability in general in both government

investigative agencies as well as corporates. It encompasses collection of

evidences through 'packet' level forensics through constant monitoring of

the trends and patterns of online threats as well as transactions and

communications. It is this, when integrated with the network security

systems that enable the capability to preempt as well as implement an

effective cyber crime incident response plan. Those who want to enter the

predictive side of the forensics need to have excellent analysis skills

which would require deep knowledge of networking, packet analysis,

cryptography, data mining, legal understanding and ethical hacking.



Ashish Sonal,
CEO, Orkash Services

The field welcomes professionals from the networking domain and those who

specialize in security can also venture in this field to give their careers a

new dimension. Since technologies for cyber security are fast evolving, hackers

are also getting smarter and continuously developing new techniques to disrupt

computer networks. A Cyber Forensics expert should have the capability to think

like hackers and look for vulnerabilities in an enterprise's security. Thus, a

cyber forensic person should also have the knowledge about hacking, viruses,

tracking user activity, password breaking, and experience on tools used for

forensic imaging, data recovery and analysis, etc. Results or opinions obtained

from cyber forensics tools like Encase and Forensic Tool Kit (FTK) are

acceptable in court of law, and a cyber forensic expert never works on original

media of evidence. He creates Image file of that and then follows up on the

investigation on duplicate media using FTK tools.

The security landscape is changing continuously and unlike

traditional crime busting, something happening thousands of miles away can

have immediate impact on IT security parameters at your company. Only

someone who has an active and alert mind with an attitude to constantly

learn new things can succeed in this field. The career path for a cyber

forensics pro is usually from engineer to principal or lead security

consultant. In terms of salaries, freshers get about Rs 30,000 to Rs 50,000

more per annum than other entry-level positions.

Aditya K Sinha,

Team Coordinator, C-DAC

Advertisment

The other facet of Cyber Forensics is the criminal litigation process, which

requires the knowledge of the cyber laws and security compliance. An expert in

these areas can advise companies on how to proceed with a cyber crime

investigation. Also, since most Indian companies do business in the US and

European countries, it's mandatory for them to comply with laws of respective

countries while doing business there. Hence, the knowledge of such laws can be

an advantage for a Cyber Forensics expert.



Key Certificate Courses in Cyber

Forensics
Institute Certification What you stand to gain Requirements
C-DAC, Pune PG Diploma in Information System

& Cyber Security
6-months full-time program meant

for cyber and network Security. Understanding of security threats &

vulnerabilities, principles & practices of cryptographic techniques
Course incorporates one complete

module on Cyber Forensics. C-DAC, Thiruvananthapuram and C-DAC, Hyderabad

can also be contacted for specialized CF courses.
EnCase (Guidance Software) EnCase Certified Examiner (EnCE) Certifies both public and

private sector pros in Guidance Software's EnCase computer forensic

software. Recognized by law enforcement and corporate communities as a

symbol of in-depth Computer Forensics knowledge.
Minimum 80% is required to pass

the exam. Prometric testing centers contduct exams.
Global Information Assurance

Certification
Certified Forensics Analyst (GFCA) Gain knowledge, skills, and

abilities to handle advanced incident handling scenarios, conduct formal

incident investigations, and carry out forensic investigation of networks

and hosts.
Ideal for forensic

investigation/analysis, advanced incident handling, or formal incident

investigation. One has to get renewal every 4 years.
International Society of

Forensic Computer Examiners
Certified Computer Examiner An advanced certification which

deals with the technical aspects of the domain, such as data handling and

recovery. And will also help you to be able to demonstrate proper judgment

in the process of investigation.
Candidate should possess a

minimum of 18 months of verifiable professional experience conducting

digital forensic examinations. Exam fees is $395.
International Council of

e-Commerce Consultants
Certified Ethical Hacker Certifies an individual who can

be trusted to undertake an attempt to penetrate networks and/or computer

systems using the same methods as a hacker.
One must have documented 2 years

of information security work experience. The exam costs $250 and can given

through Prometric Centers.

Certifications



Currently, the demand curve for cyber forensics professionals is very sharp

in our country while the number of experts in the field is still meager. The

importance and scope of the field is visible from the fact that universities

have started courses on cyber forensics, and training institutes are being set

up to provide training to individuals and corporates to fight the cyber crime.



A certified Cyber Forensics expert can play a dual role, firstly as a Cyber
Forensics expert in Cyber Crime Investigation (CCI) and secondly, as a Data

Recovery (DR) expert in corporate sectors. It can be said that Cyber Forensics

is a part of CCI. The certifications give a professional a grounding in computer

ethics, evidence gathering, corporate and cyber laws, besides enhancing his IT

knowledge. Thus, the professionals choosing cyber forensics as a career will be

highly sought after by the enterprises, government agencies for law enforcement

and criminal justice, and also by the armed forces.

Rahul Sah with inputs from Isha Gakhar

Advertisment