Cyber forensics, in general context, stands for “evidence collection” to produce in the court of law. The need to assure the integrity of evidence becomes the responsibility of forensic investigators and remains a chain of custody throughout the process. In a military context, the severity of actionable intelligence makes the context of digital forensics less important. But contemporary warfare shows us a large number of legal cases. In the case of digital terrorism, the evidence should be in the digital form to perceive the inevitable counterattack.
|“Digital forensics is the process of uncovering and interpreting electronic data. The goal of the process is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying, and validating the digital information to reconstruct past events.” – Technopedia|
Davin Teo, Director at Alvarez & Marsal, talks about digital forensics on TEDx Talks:
Digital forensics for digital terrorism
The principles of digital forensics are being incorporated in the network system ever since their initiation, due to the risk of a digital warfare attack. As military systems are more prone to cyberwarfare than civilian assets, their network infrastructure is always at risk. Digital forensics is essential for military infrastructures to gather evidence of attacks or attempted attacks to restore functionality. The evidence collected is used for internal attribution, or in an international court of law or supranational bodies like the U.N. Security Council.
Here are a few forensic techniques that are often applied to combat digital terrorism or cyber warfare:
Attackers may use volatile memory and storage media present in individual computers. A part of the footprint of the software vector will still be residing to feed the attack further. Computer forensics can help create a timeline of the when and how the computer was compromised tracing used software and vulnerabilities exploited.
It is an important forensic field in cyber warfare as networks of different vectors are commonly used in attacks. The forensics analyses the traffic on the network to determine the data aftermath of an attack. Network forensics also identifies the trend for attacks and malware persistent during the attack. Protocol dissector in network forensics is quite a useful tool to analyze protocol piles, beginning from an application layer to various encapsulation implications.
In the case of mobile forensics, evidence sources include mobile devices and its internal memory, SIM cards, cell towers, and network servers. The strong security of SIM cards and proprietary operating systems may act as an obstruct during the evidence acquisition of a phone. The data on mobile phones are personal to the person using it and therefore, the information is very crucial for cyber forensic investigators. To obtain evidence without alteration, the physical acquisition of the phone is essential.
Embedded systems forensics
Embedded systems are widely used in industrial automation and in the IT infrastructure prone to cyberattacks. Digital forensics analyzes the software to replicate the proprietary environment that it belongs to.
The resource for malware analysis can be from any of the above-mentioned forensic types. It can be in the form of one or more executable files. The digital forensic investigator performs reverse engineering to reconstruct the behavior and modus operandi to collect the pieces of the attribution.
Digital forensics gives much input to the states engaged in cyber warfare and tries to establish defensive techniques. To overcome digital terrorism, the integration of forensics at the base level should be pursued and recommended.
Are you looking to become a Certified Cyber Forensic Investigator?
Computer Hacking and Forensic Investigator (C|HFI) is a certification program by EC-Council that focuses on various forensic verticals. The C|HFI program prepares individuals to conduct investigations using groundbreaking digital forensics technologies. More details can be obtained from our program page.