A few decades ago, technology in law enforcement agencies revolved around one thing – the police radio. That and knowledge of pay phones nearby was all they would use to keep the thugs off the street. With officers having an in-car video camera, the state of the art body cameras, an internet access enabled computer data terminals, the equation of law enforcement and technology has changed today. (And that radio, today it scans about 30 channels!)
While these advancements in technology give the police investigation a winning chance of cracking the case wide open, there is no getting away from the fact that these advancements are at the center of every “hard to crack” case. An app which tracks the location of police officers in real time can be used by those trying to avoid or find and harm police officers.
Though this may complicate things for the law enforcement agencies around the United States, they have in no way backed down. An adaptation of the expanding technology has given the law enforcement agencies the much needed technical muscle they need.
Is this technical muscle strong enough to tackle cybercrime?
How do the law enforcement agencies plan to face the trends in digital forensics?
Though only time would answer these questions, let’s find the answers to these-
What are the trends in digital forensics?
How does the digital forensics influence other types of crime investigations?
Digital Forensics: Key Trends
There are 7 key trends in digital forensics:
- Increase in incidents: With the increase in the incidents of data breaches, the need of forensics has also increased.
- Technology has been relied on rather than professionals with skills: The results in the lack of planning and preparations for when things go wrong.
- The dearth of forensic experts: Highly paying and lucrative jobs have got all the forensic experts under one umbrella where they also work for service providers and vendors.
- Increased sophistication in civil cases: As they add more to their knowledge base, lawyers tend to make cases more complex.
- The data presented by log data experts like Log Logic, Nitro, LogRhythm, Q1 Labs and ArcSight are too much to evaluate.
- Mobile device forensics: The understanding of data and communication on Androids, iPhones is also needed rather than focusing only on Windows PCs.
- Analysis of volatile data: This deals with the data that resides in memory and is crucial in making or breaking a case.
Digital Forensics: The Process
In a digital forensic examination, the objective is to retrieve all the data possible from the seized device which serve as evidence in the investigation. The early stage of the investigation is where forensic experts’ involvement is needed so as to collect the technical evidence in a proper way. This ensures the restoration of the content without any damage.
The following steps constitute the process of a digital investigation:
- Collection: finding and seizing the digital evidence
- Examination: implementation of methods to extract data
- Analysis: put the resources and the extracted data to good use – prove a case
- Reporting: bringing forth the written case report.
The forensic experts follow this process in a systematic approach which involves considering the three A’s – Acquire, Authenticate, and Analyze.
These cases which need forensic intervention may vary over time. Some cases involve hackers hacking a website, other cases may deal with identity theft where a hacker gains unauthorized access to someone’s medical or bank accounts. The growing advancements of technology in every field have seen a rapid growth in cybercrimes. The number of area technology reaches, more distinct cybercrimes arise.
How does a forensic investigator approach these varied cases?
No matter what the reason is, the investigation proceeds to analyze the data which usually follows the 5 Ws.
The 5 Ws of forensic investigation:
When investigating a digital forensic case, the investigator joins the dots answering the 5 Ws – What, Who, Where, When, Why and How the crime occurred.
Challenges in tackling cybercrime
The U.S. Government Accountability Office in its cybercrime report has recognized the following as major challenges in tackling cybercrime menace:
- To ensure cybercrime is reported;
- To ensure that the law enforcement has adequate technical and analytical capabilities;
- A borderless work environment which involves practicing the laws of multiple jurisdictions;
- To raise awareness about information security practices and implementation of the same;
The most important of all challenges which need to be addressed urgently is to ensure that the law enforcement has adequate technical and analytical capabilities. Without the technical muscle for the law enforcement, other points on the list hardly matter.
Challenges in digital forensics: The ever-changing face
In this age of information, one thing that is increasing continuously is data. Cisco systems have predicted an 18 fold increase in mobile data traffic in the next five years, which would approach 11 Exabytes per month.
These shifts in data, resource usage and consumption have made the forensic investigations more complex. Current forensic tools are not efficient to keep up with the pace of the growing technology. Forensic analysts are required to develop an understanding of the mobile technology and features behind different mobile models and types of devices should they stumble upon any mobile device at the crime scene.
Today’s advanced mobile devices have made it far challenging to extract information from them even after you bypass the security features protecting them. Unlike stand-alone computers where an analyst would know where he could find data (RAM, Hard Disks, etc.), Mobile devices do not provide such relevant and clear solutions for finding and extracting data. It could be anywhere from the RAM of a SIM card to NOR flash memory.
Cloud computing is another technology that with its advancements has become a challenge for the law enforcement. If we keep technical challenges aside for a moment, there are still other challenges posed by cloud computing. One of them is jurisdiction. Cloud computing allows data to be stored and accessed from anywhere which in turn creates problems for investigators to gain access to data residing in different countries.
The ever increasing number of cybercrimes and the rise in the data generated by mobile devices used by the public has made it crucial to analyze the digital evidence at crime scenes.