by August 1, 2009 0 comments

IT has engulfed our lives so much that most of our daily activities are
dependent on it. And with so many people using it as part of their lives, it has
also emerged as a means for criminal activities. It is not just an individual
who is threatened by illegal activities in cyber space, but even an entire
country’s security could be at risk. For instance in 2008, there was news that
the email system of the Indian Prime Minister’s Office was affected by a
computer virus for three months, and upon investigating it was revealed that its
computers were being remotely controlled. One might also recall the 2006 train
bombings in Mumbai, where terrorists used advanced techniques such as IP address
masking for funds transfer and other communications.

Most terrorists groups now communicate through masked IP addresses and use
proxy services so that their activities become hard to trace. To make matters
worse, there are always cases where sensitive data has been stolen through a
network attack or identity theft. It is in such cases that a cyber forensic
expert dons his gloves to follow the digital trail left by criminals and helps
bring perpetrators of such criminal activities to justice.

Why society needs Cyber Forensics pros
Cyber Forensics is a new and developing field, which can be described as the
study of digital evidence resulting from an incidence of crime. The science
involves the investigation and a computer to determine the potential of legal
evidence. It helps create preventive intelligence and threat monitoring besides
post incident investigations. The growing spectre e-commerce and web-based
business transactions has changed the way white- collar crime is committed.
Enterprises have become increasingly concerned about the use of computer
networks for corporate spying and other similar threats. In addition,
extraordinary risk factors such as terrorism in India are also witnessing a
strategic change from an operational perspective. India, like elsewhere, is also
witnessing an exponential rise in the number of frauds done through computers
and IT systems.

From the government’s perspective, cyber security has become as important a
parameter for national security as physically safeguarding the nation’s borders.
In fact, there exists a critical dependence of various industries and business
sectors on the government-controlled IT infrastructure and networks. And if any
vulnerability is attacked by terrorists, it can be disastrous for the country’s
corporates and businesses. For instance, the banking sector’s inter-bank
financial settlement process is based on a centralized IT infrastructure that’s
managed by RBI, and any disruption in the system can cause tremendous loss to
the sector. Such high IT dependence is also present in national assets like oil
and gas networks, national stock exchanges, railways, air traffic controls, etc.
Such systems are prime targets for hackers as well as terror organizations to
cause severe business and economic losses to the country. This has further
escalated the need to have Cyber Forensics experts in India to preserve
country’s IT assets against operational and reputation risks. Thus, Cyber
Forensics professionals are not just required by enterprises for their
information security, but also by government agencies to keep track of nation’s
cyber security and preserve it from malicious attacks.

Forensic — as per the dictionary definition relates to the use of science
and technology for establishment of facts or evidence in a court of law.
Similarly Cyber Forensic helps extract information from computer storage and
other media to establish facts in a manner that can be presented in the
court of law. Before anybody can even start doing any Cyber Forensics — one
should be well trained in a vast array of IT aspects — like hardware,
networking, Internet security and operating systems. After a few years of
hands-on experience in the above mentioned aspects, the person can start
learning Forensic Acquisition (Imaging) with various commercial and Open
source tools, Analysis/Correlation of the information and finally
E-Discovery. Cyber Forensic experts are typically needed by Law Enforcement
Agencies — as the agencies themselves might not have the tooling/expertise
to conduct very high end data analysis. The demand/supply ratio for cyber
forensic professional is 1:10 — that says how hard it is to find a decent CF
professional in India.

Murali Talasila, Director-Forensic, KPMG

Opportunities in Cyber Forensics
A Cyber Forensics professional is required to gather electronic evidence of
misuse of computer networks and provide evidence in a court of law to bring the
culprits to justice. A Cyber Forensics pro is sought by both public as well as
private sector. In the public sector, people are mostly absorbed in law
enforcement agencies like cyber crime cells, state forensics departments and
central agencies like the CBI. In the private sector, it’s the information that
is of paramount importance for the enterprises, and so they require
professionals to safeguard their data from being stolen and misused and also
preserve them from hackers. Additionally, there are specialist companies that
work on ethical hacking, Cyber Forensics and IT security. A budding Cyber
Forensics expert can start his career as a cyber analyst or engineer for an
enterprise after gaining experience and domain knowledge can proceed to niche
areas in Cyber Forensics. Also, professionals can divert to freelancing and
become independent security consultants.

The Two Roles of Cyber Forensics

Contributed by: Orkash Services (

investigative agencies are concerned, cyber forensics is usually seen as an
investigative tool — more to do with once the event has taken place.
However, this is set to change, keeping in view the sophisticated and the
advanced use of cyber space for targeting the nation’s critical IT
infrastructure (like, what happens when the control systems of the national
power grid is hacked into?). Not only this, the cyber space has evolved to
be a conducive means for orchestrating terror attacks where terrorists use
Internet for recruitment, fund collection and intelligence

The pre-event strategy is driven by intelligence gathering and is
predictive in nature. This includes evidence collection through ‘packet’
level forensics for pattern generation in almost real time for further
intelligence. Notably, ‘Trackback Analysis’ is widely used for monitoring
and tracking online threats and their patterns such as, in the case of
identifying the true IP addresses of Internet pharmacies selling counterfeit
drugs. These would then collectively be able to reveal the source and nature
of the threat. As a case in point, with the increasing dependence of
terrorists on the cyber space, rigorous and consistent network monitoring
and forensics can isolate patterns and pick up indicators or triggers. This
also applies to organized crime syndicates involved in identity and data
thefts, money frauds, ponzi schemes and counterfeit sales through Internet
pharmacies. In today’s world, preemptive intelligence plays an even more
crucial role since many countries have developed advanced capabilities to
launch cyber wars/attacks. Recent reports have indicated that more and more
countries are creating the capability for high level cyber attacks directed
toward hampering the operations of critical national infrastructure.

On the other hand, the post event analysis driven by an investigative
approach deals with the forensics of all the evidence that is part of the
crime or associated with a cyber incident. Here, the Cyber Evidence Chain
Management plays a pivotal role followed by ‘construction’ of events for
legal prosecution. Also, the investigative processes and collection of
evidence may involve individual computers or large networks in both the LAN
and WAN environments. In this, the cyber forensic tools have an added
advantage since they can provide access to the hardware and storage media,
and gather information in a forensically sound manner through interaction at
the low level of the OS or system.

It is estimated by NASSCOM that demand for professionals in Cyber Forensics
would be around 90,000 by 2010 in India, whereas world-wide this figure is
estimated to touch about 2,00,000, but the industry estimates much higher demand
in the local as well as overseas market. With such demands, it is estimated that
there would be a shortfall of 35,000 to 45,000 of such professionals in India

Keeping the increasing data thefts and information breach in enterprises in
mind, there is an increasing realization worldwide for establishing internal
controls and policy compliance as part of corporate governance for
organizations. There is already a lot of regulation internationally, such as the
Sarbanes Oxley Act, Basel II, Patriot Act and Data Protection Act. All these
require organizations to take responsibility to manage their operational risks,
ensure data protection, prevent corporate fraud, and enable their storage and
archive systems for e-discovery requirements, for litigation purposes. Even the
recent fraud in Satyam is a prime example of why such regulations have become
the need of the hour. Demand for Cyber Forensics pros is already high in
developed countries like the US and Europe and there is also a large
demand-supply mismatch in the availability of experienced professionals.

The Indian market is also rapidly evolving in the same manner requiring
information security norms and governance policies be followed by corporates in
accordance with the Indian IT Act. And the demand/ supply ratio for Cyber
Forensics professionals is 10:1 in India, thus, creating vast opportunities for
professionals to enter this domain.

Skills required
The field requires professionals who have specialized in gathering evidence
over IT networks. This requires in-depth understanding of networking
technologies, operating systems, storage and memory devices, and how various
applications interact with hardware and operating systems. Specialized forensic
skills can be only built upon the above pre-requisites. The other requirement is
expertise in cyber threat investigation, evidence management, legal knowledge,
encryption and cryptography, and search technologies. Specialized training and
experience is required to acquire these skills.

Forensics is generally seen as one sided, that is, a means for post event
investigation. However, there is a need to take the two-pronged consolidated
approach —intelligence driven, that is predictive in nature and the other is
protective and investigative in nature. Law enforcement agencies are well
versed with the protective and investigative side of it, but the predictive
approach is not a well developed capability in general in both government
investigative agencies as well as corporates. It encompasses collection of
evidences through ‘packet’ level forensics through constant monitoring of
the trends and patterns of online threats as well as transactions and
communications. It is this, when integrated with the network security
systems that enable the capability to preempt as well as implement an
effective cyber crime incident response plan. Those who want to enter the
predictive side of the forensics need to have excellent analysis skills
which would require deep knowledge of networking, packet analysis,
cryptography, data mining, legal understanding and ethical hacking.

Ashish Sonal,
CEO, Orkash Services

The field welcomes professionals from the networking domain and those who
specialize in security can also venture in this field to give their careers a
new dimension. Since technologies for cyber security are fast evolving, hackers
are also getting smarter and continuously developing new techniques to disrupt
computer networks. A Cyber Forensics expert should have the capability to think
like hackers and look for vulnerabilities in an enterprise’s security. Thus, a
cyber forensic person should also have the knowledge about hacking, viruses,
tracking user activity, password breaking, and experience on tools used for
forensic imaging, data recovery and analysis, etc. Results or opinions obtained
from cyber forensics tools like Encase and Forensic Tool Kit (FTK) are
acceptable in court of law, and a cyber forensic expert never works on original
media of evidence. He creates Image file of that and then follows up on the
investigation on duplicate media using FTK tools.

The security landscape is changing continuously and unlike
traditional crime busting, something happening thousands of miles away can
have immediate impact on IT security parameters at your company. Only
someone who has an active and alert mind with an attitude to constantly
learn new things can succeed in this field. The career path for a cyber
forensics pro is usually from engineer to principal or lead security
consultant. In terms of salaries, freshers get about Rs 30,000 to Rs 50,000
more per annum than other entry-level positions.

Aditya K Sinha,
Team Coordinator, C-DAC

The other facet of Cyber Forensics is the criminal litigation process, which
requires the knowledge of the cyber laws and security compliance. An expert in
these areas can advise companies on how to proceed with a cyber crime
investigation. Also, since most Indian companies do business in the US and
European countries, it’s mandatory for them to comply with laws of respective
countries while doing business there. Hence, the knowledge of such laws can be
an advantage for a Cyber Forensics expert.

Key Certificate Courses in Cyber
Institute Certification What you stand to gain Requirements
C-DAC, Pune PG Diploma in Information System
& Cyber Security
6-months full-time program meant
for cyber and network Security. Understanding of security threats &
vulnerabilities, principles & practices of cryptographic techniques
Course incorporates one complete
module on Cyber Forensics. C-DAC, Thiruvananthapuram and C-DAC, Hyderabad
can also be contacted for specialized CF courses.
EnCase (Guidance Software) EnCase Certified Examiner (EnCE) Certifies both public and
private sector pros in Guidance Software’s EnCase computer forensic
software. Recognized by law enforcement and corporate communities as a
symbol of in-depth Computer Forensics knowledge.
Minimum 80% is required to pass
the exam. Prometric testing centers contduct exams.
Global Information Assurance
Certified Forensics Analyst (GFCA) Gain knowledge, skills, and
abilities to handle advanced incident handling scenarios, conduct formal
incident investigations, and carry out forensic investigation of networks
and hosts.
Ideal for forensic
investigation/analysis, advanced incident handling, or formal incident
investigation. One has to get renewal every 4 years.
International Society of
Forensic Computer Examiners
Certified Computer Examiner An advanced certification which
deals with the technical aspects of the domain, such as data handling and
recovery. And will also help you to be able to demonstrate proper judgment
in the process of investigation.
Candidate should possess a
minimum of 18 months of verifiable professional experience conducting
digital forensic examinations. Exam fees is $395.
International Council of
e-Commerce Consultants
Certified Ethical Hacker Certifies an individual who can
be trusted to undertake an attempt to penetrate networks and/or computer
systems using the same methods as a hacker.
One must have documented 2 years
of information security work experience. The exam costs $250 and can given
through Prometric Centers.

Currently, the demand curve for cyber forensics professionals is very sharp
in our country while the number of experts in the field is still meager. The
importance and scope of the field is visible from the fact that universities
have started courses on cyber forensics, and training institutes are being set
up to provide training to individuals and corporates to fight the cyber crime.
A certified Cyber Forensics expert can play a dual role, firstly as a Cyber
Forensics expert in Cyber Crime Investigation (CCI) and secondly, as a Data
Recovery (DR) expert in corporate sectors. It can be said that Cyber Forensics
is a part of CCI. The certifications give a professional a grounding in computer
ethics, evidence gathering, corporate and cyber laws, besides enhancing his IT
knowledge. Thus, the professionals choosing cyber forensics as a career will be
highly sought after by the enterprises, government agencies for law enforcement
and criminal justice, and also by the armed forces.

Rahul Sah with inputs from Isha Gakhar

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.