Cyber Forensic Science

” Absence of evidence is not evidence of absence. “

Computers, mobile phones, PDA’s, and other digital devices play an integral part in our lives to such an extent that we have become dependent on these devices for almost everything. For example, while online payments, mobile phones, computers, and the internet are needed, for traveling, there is the usage of different traveling applications like OLA, UBER, etc. As the entire world depends on the internet and computer for carrying out day-to-day activities, so do the criminals.

Perpetrators have upgraded themselves to commit the crime on the internet by using computers or other digital devices. Since perpetrators are using the latest technologies to commit the crime, Cyber professionals must be ready to deal with the cases. Cybercrime is considered the unlawful act where a computer is used either as a tool or as a target. Different types of cybercrimes are working on a day-to-day basis, which are-

  • Malware Attacks
  • Phishing Attack
  • Credit Card Fraud
  • Identity Theft
  • Web Jacking And Juice Jacking
  • Intellectual Property Theft
  • Software Piracy
  • Cyberstalking Cyber Bullying
Cyber Forensics is a forensic science branch that involves identifying, collecting, preserving, analysing, and presenting digital evidence in the court of law. Digital Evidences can be any physical device used to store the media such as computer systems, Mobile phones, flash drives, memory cards, routers, switches, modems, etc. There is a dire search for hidden folders, slack space, unallocated disk space for deleted, damaged, encrypted, and running suspicious processes, suspicious web activities, extraction and analysis of the mobile data as suspicious network activities.


In the 1980s, when IBM PCs were out for public use .Since, the use of computer system increased, so is the crime, so to tackle this, the FBI created Magnetic Media in 1984, which later on came to be known as Computer Analysis and Response Team (CART). The teams which came forward to tackle cybercrime by acting, i.e., Seized Computer Evidence Recovery Specialists (SCERS), Electronics Crimes Special Agent Program (ECSAP), and Defense Computer Forensic Laboratory (DCFL).The major frontier in Cyber Forensics- Access Data was formed in 1987. Later on, a body that is a collection of law enforcement personnel, forensic laboratory scientists and commercial company employees who worked together to develop the digital evidence guidelines were formed known as the Scientific Working Group on Digital Evidence.Crimes committed by using computer systems and networks such as child pornography, infringement, etc., were recognized as crimes in 2004 by Budapest Convention on Cybercrime. Since then, Cyber forensics tools came to be widely used for investigation, such as EnCase, FTK by Access Data, and many open-source tools such as Sleuth Kit Autopsy.

Branches of Digital Forensics

There are different branches of Digital Forensics that deals with an investigation of data in other digital devices, and these are-
  1. Disk Forensics
  2. Memory Forensics
  3. Mobile Forensics
  4. Network Forensics
  5. Cloud Forensics
  6. Malware Forensics

Forensics Investigation Process

The various phases involved in the investigation are- Incident Identification, Seizure, Imaging, Hashing, Analysis, Reporting, and Preservation.


Forensic Protocols for Evidence Acquisition


Digital Forensics Standard and Guidelines

The Digital Forensics domain follows specific international standards and regulations, which are-
  1. National Institute of Standards and Technology (NIST).
  2. National Institute of Justice (NIJ).
  3. ISO SC 27 CSI
  4. Scientific Working group on Digital Evidence
  5. Association of Chief Police Officers



Case Study

Aadhar Data Breach
In 2018, Aadhaar records (12-digit identification number of every Indian citizen). Of 1.1 billion Indian citizens were compromised.

Sim Swapping Fraud
In India, a businessman was conned for USD 2,60,000 through sim swapping fraud. The criminal registers a new sim card with the victim’s existing number, and all the OTPs are received on the perpetrators’ mobile number and can conduct transactions.