/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsIT has engulfed our lives so much that most of our daily activities are
dependent on it. And with so many people using it as part of their lives, it has
also emerged as a means for criminal activities. It is not just an individual
who is threatened by illegal activities in cyber space, but even an entire
country's security could be at risk. For instance in 2008, there was news that
the email system of the Indian Prime Minister's Office was affected by a
computer virus for three months, and upon investigating it was revealed that its
computers were being remotely controlled. One might also recall the 2006 train
bombings in Mumbai, where terrorists used advanced techniques such as IP address
masking for funds transfer and other communications.
/pcq/media/post_attachments/c0909fd21878f1c5779096e37287f32e0b3507744d46db21de04457a42618439.jpg)
Most terrorists groups now communicate through masked IP addresses and use
proxy services so that their activities become hard to trace. To make matters
worse, there are always cases where sensitive data has been stolen through a
network attack or identity theft. It is in such cases that a cyber forensic
expert dons his gloves to follow the digital trail left by criminals and helps
bring perpetrators of such criminal activities to justice.
Why society needs Cyber Forensics pros
Cyber Forensics is a new and developing field, which can be described as the
study of digital evidence resulting from an incidence of crime. The science
involves the investigation and a computer to determine the potential of legal
evidence. It helps create preventive intelligence and threat monitoring besides
post incident investigations. The growing spectre e-commerce and web-based
business transactions has changed the way white- collar crime is committed.
Enterprises have become increasingly concerned about the use of computer
networks for corporate spying and other similar threats. In addition,
extraordinary risk factors such as terrorism in India are also witnessing a
strategic change from an operational perspective. India, like elsewhere, is also
witnessing an exponential rise in the number of frauds done through computers
and IT systems.
From the government's perspective, cyber security has become as important a
parameter for national security as physically safeguarding the nation's borders.
In fact, there exists a critical dependence of various industries and business
sectors on the government-controlled IT infrastructure and networks. And if any
vulnerability is attacked by terrorists, it can be disastrous for the country's
corporates and businesses. For instance, the banking sector's inter-bank
financial settlement process is based on a centralized IT infrastructure that's
managed by RBI, and any disruption in the system can cause tremendous loss to
the sector. Such high IT dependence is also present in national assets like oil
and gas networks, national stock exchanges, railways, air traffic controls, etc.
Such systems are prime targets for hackers as well as terror organizations to
cause severe business and economic losses to the country. This has further
escalated the need to have Cyber Forensics experts in India to preserve
country's IT assets against operational and reputation risks. Thus, Cyber
Forensics professionals are not just required by enterprises for their
information security, but also by government agencies to keep track of nation's
cyber security and preserve it from malicious attacks.
/pcq/media/post_attachments/1a126f2354021ce033328b00998e93ba020a13ce7d1fb4e84059960ee901d2ce.jpg) Forensic — as per the dictionary definition relates to the use of science and technology for establishment of facts or evidence in a court of law. Similarly Cyber Forensic helps extract information from computer storage and other media to establish facts in a manner that can be presented in the court of law. Before anybody can even start doing any Cyber Forensics — one should be well trained in a vast array of IT aspects — like hardware, networking, Internet security and operating systems. After a few years of hands-on experience in the above mentioned aspects, the person can start learning Forensic Acquisition (Imaging) with various commercial and Open source tools, Analysis/Correlation of the information and finally E-Discovery. Cyber Forensic experts are typically needed by Law Enforcement Agencies — as the agencies themselves might not have the tooling/expertise to conduct very high end data analysis. The demand/supply ratio for cyber forensic professional is 1:10 — that says how hard it is to find a decent CF professional in India. Murali Talasila, Director-Forensic, KPMG |
Opportunities in Cyber Forensics
A Cyber Forensics professional is required to gather electronic evidence of
misuse of computer networks and provide evidence in a court of law to bring the
culprits to justice. A Cyber Forensics pro is sought by both public as well as
private sector. In the public sector, people are mostly absorbed in law
enforcement agencies like cyber crime cells, state forensics departments and
central agencies like the CBI. In the private sector, it's the information that
is of paramount importance for the enterprises, and so they require
professionals to safeguard their data from being stolen and misused and also
preserve them from hackers. Additionally, there are specialist companies that
work on ethical hacking, Cyber Forensics and IT security. A budding Cyber
Forensics expert can start his career as a cyber analyst or engineer for an
enterprise after gaining experience and domain knowledge can proceed to niche
areas in Cyber Forensics. Also, professionals can divert to freelancing and
become independent security consultants.
|
The Two Roles of Cyber Forensics |
| Contributed by: Orkash Services (www.orkash.com)
Where The pre-event strategy is driven by intelligence gathering and is On the other hand, the post event analysis driven by an investigative |
It is estimated by NASSCOM that demand for professionals in Cyber Forensics
would be around 90,000 by 2010 in India, whereas world-wide this figure is
estimated to touch about 2,00,000, but the industry estimates much higher demand
in the local as well as overseas market. With such demands, it is estimated that
there would be a shortfall of 35,000 to 45,000 of such professionals in India
alone.
Keeping the increasing data thefts and information breach in enterprises in
mind, there is an increasing realization worldwide for establishing internal
controls and policy compliance as part of corporate governance for
organizations. There is already a lot of regulation internationally, such as the
Sarbanes Oxley Act, Basel II, Patriot Act and Data Protection Act. All these
require organizations to take responsibility to manage their operational risks,
ensure data protection, prevent corporate fraud, and enable their storage and
archive systems for e-discovery requirements, for litigation purposes. Even the
recent fraud in Satyam is a prime example of why such regulations have become
the need of the hour. Demand for Cyber Forensics pros is already high in
developed countries like the US and Europe and there is also a large
demand-supply mismatch in the availability of experienced professionals.
The Indian market is also rapidly evolving in the same manner requiring
information security norms and governance policies be followed by corporates in
accordance with the Indian IT Act. And the demand/ supply ratio for Cyber
Forensics professionals is 10:1 in India, thus, creating vast opportunities for
professionals to enter this domain.
Skills required
The field requires professionals who have specialized in gathering evidence
over IT networks. This requires in-depth understanding of networking
technologies, operating systems, storage and memory devices, and how various
applications interact with hardware and operating systems. Specialized forensic
skills can be only built upon the above pre-requisites. The other requirement is
expertise in cyber threat investigation, evidence management, legal knowledge,
encryption and cryptography, and search technologies. Specialized training and
experience is required to acquire these skills.
/pcq/media/post_attachments/441310a3967450993125915dceb14e430813f59e009fa4925d2fdf732ead94f1.jpg) CyberForensics is generally seen as one sided, that is, a means for post event investigation. However, there is a need to take the two-pronged consolidated approach —intelligence driven, that is predictive in nature and the other is protective and investigative in nature. Law enforcement agencies are well versed with the protective and investigative side of it, but the predictive approach is not a well developed capability in general in both government investigative agencies as well as corporates. It encompasses collection of evidences through 'packet' level forensics through constant monitoring of the trends and patterns of online threats as well as transactions and communications. It is this, when integrated with the network security systems that enable the capability to preempt as well as implement an effective cyber crime incident response plan. Those who want to enter the predictive side of the forensics need to have excellent analysis skills which would require deep knowledge of networking, packet analysis, cryptography, data mining, legal understanding and ethical hacking.
|
The field welcomes professionals from the networking domain and those who
specialize in security can also venture in this field to give their careers a
new dimension. Since technologies for cyber security are fast evolving, hackers
are also getting smarter and continuously developing new techniques to disrupt
computer networks. A Cyber Forensics expert should have the capability to think
like hackers and look for vulnerabilities in an enterprise's security. Thus, a
cyber forensic person should also have the knowledge about hacking, viruses,
tracking user activity, password breaking, and experience on tools used for
forensic imaging, data recovery and analysis, etc. Results or opinions obtained
from cyber forensics tools like Encase and Forensic Tool Kit (FTK) are
acceptable in court of law, and a cyber forensic expert never works on original
media of evidence. He creates Image file of that and then follows up on the
investigation on duplicate media using FTK tools.
|
|
| The security landscape is changing continuously and unlike traditional crime busting, something happening thousands of miles away can have immediate impact on IT security parameters at your company. Only someone who has an active and alert mind with an attitude to constantly learn new things can succeed in this field. The career path for a cyber forensics pro is usually from engineer to principal or lead security consultant. In terms of salaries, freshers get about Rs 30,000 to Rs 50,000 more per annum than other entry-level positions. Aditya K Sinha, |
/pcq/media/post_attachments/1825565c8f1444a1f3219997faeab411714f3725583994e95475632537ed4e60.jpg)
The other facet of Cyber Forensics is the criminal litigation process, which
requires the knowledge of the cyber laws and security compliance. An expert in
these areas can advise companies on how to proceed with a cyber crime
investigation. Also, since most Indian companies do business in the US and
European countries, it's mandatory for them to comply with laws of respective
countries while doing business there. Hence, the knowledge of such laws can be
an advantage for a Cyber Forensics expert.
Key Certificate Courses in Cyber Forensics |
|||
| Institute | Certification | What you stand to gain | Requirements |
| C-DAC, Pune | PG Diploma in Information System & Cyber Security |
6-months full-time program meant for cyber and network Security. Understanding of security threats & vulnerabilities, principles & practices of cryptographic techniques |
Course incorporates one complete module on Cyber Forensics. C-DAC, Thiruvananthapuram and C-DAC, Hyderabad can also be contacted for specialized CF courses. |
| EnCase (Guidance Software) | EnCase Certified Examiner (EnCE) | Certifies both public and private sector pros in Guidance Software's EnCase computer forensic software. Recognized by law enforcement and corporate communities as a symbol of in-depth Computer Forensics knowledge. |
Minimum 80% is required to pass the exam. Prometric testing centers contduct exams. |
| Global Information Assurance Certification |
Certified Forensics Analyst (GFCA) | Gain knowledge, skills, and abilities to handle advanced incident handling scenarios, conduct formal incident investigations, and carry out forensic investigation of networks and hosts. |
Ideal for forensic investigation/analysis, advanced incident handling, or formal incident investigation. One has to get renewal every 4 years. |
| International Society of Forensic Computer Examiners |
Certified Computer Examiner | An advanced certification which deals with the technical aspects of the domain, such as data handling and recovery. And will also help you to be able to demonstrate proper judgment in the process of investigation. |
Candidate should possess a minimum of 18 months of verifiable professional experience conducting digital forensic examinations. Exam fees is $395. |
| International Council of e-Commerce Consultants |
Certified Ethical Hacker | Certifies an individual who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods as a hacker. |
One must have documented 2 years of information security work experience. The exam costs $250 and can given through Prometric Centers. |
Certifications
Currently, the demand curve for cyber forensics professionals is very sharp
in our country while the number of experts in the field is still meager. The
importance and scope of the field is visible from the fact that universities
have started courses on cyber forensics, and training institutes are being set
up to provide training to individuals and corporates to fight the cyber crime.
A certified Cyber Forensics expert can play a dual role, firstly as a Cyber
Forensics expert in Cyber Crime Investigation (CCI) and secondly, as a Data
Recovery (DR) expert in corporate sectors. It can be said that Cyber Forensics
is a part of CCI. The certifications give a professional a grounding in computer
ethics, evidence gathering, corporate and cyber laws, besides enhancing his IT
knowledge. Thus, the professionals choosing cyber forensics as a career will be
highly sought after by the enterprises, government agencies for law enforcement
and criminal justice, and also by the armed forces.
Rahul Sah with inputs from Isha Gakhar