• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Brand Quest
• The New Manager
• BL Club
• Smartbuy

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth
• Events 2007

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

Adith Charlie

When cyber forensics expert Kamlesh Mukunde (name changed) and his team were asked to review the entire IT infrastructure of a Mumbai-based pharmaceutical firm, many officials within the company saw it as a waste of time.

That is because only the company CEO and a few others knew what this exercise was all about! The pharma major had enough indications that sensitive drug development-related information was being electronically leaked out of the company.

While analysing the company’s IT systems, Mukunde found that one of the company’s main servers was exceptionally ‘well hardened’ while the others were not. (In computing, hardening is usually the process of securing a system. This work is especially done to protect systems against attackers and would typically include removal of unnecessary usernames or logins and the disabling of unnecessary services.) This convinced Mukunde that the systems engineer could not have done it on his own; if he had done it, a similar degree of sophistication would have shown in his work with the other servers. After several rounds of questioning the systems engineer confessed that one of his Internet chat friends gave him tips to secure that particular server.

Though the engineer’s answer was satisfactory, Mukunde could smell a rat. He ordered a thorough forensic investigation of the ‘hardened’ server. And the findings surprised everybody!

Right in the heart of the server resided an information-stealing Trojan virus, which would capture all the internal mails sent between the company R&D officials and send multiple copies of the same to multiple e-mail IDs through the Internet. And the Trojan made its way into the server through a series of seemingly safe software files exchanged between the systems engineer and his chat friend.

Since the Internet friend did not want the crime to easily come to light, he ensured that his protégé secured the system beyond comprehension!

The investigation of a computer system, mobile phone, iPod, Wi-Fi networks or any other digital device that is believed to be involved in a cyber crime is called cyber forensics, e-forensics or digital forensics. Given the multi-fold rise in cyber crimes, there has been a spurt in demand for cyber forensics experts. A cyber forensic expert is expected to be capable enough to retrieve any kind of information from these devices even if it has been destroyed, deleted or corrupted.

If the hard disk of a computer has crashed, there is 95 per cent chance of it being recovered through various e-forensics tools, says Rakesh Goyal, Managing Director of Sysman Computers and Director, National Centre for Research in Computer Crimes (NCRCC).

And he has a host of hardware and software enablers, some of which are researched on and developed at the Thiruvananthapuram-based Centre for Development of Advanced Computing (C-DAC).

Digital forensics is something that is highly misunderstood by the common man. The general notion is that breaking into a network or an IT system is what e-forensics is all about. Captain Raghu Raman, CEO of Mahindra Special Services Group, says that e-forensics is all about picking up intelligence from the scraps of digital data available.

As a discipline, e-forensics started gaining importance roughly five years ago with the increase in broadband penetration in the country.

Today, technology is increasingly being used for corporate spying, espionage and for spreading terror. If a top official resigns from a large company, it is common practice these days to get that official’s official laptop, PC and official mobile phone analysed by a bunch of cyber experts. This is basically to ascertain whether the official has been passing on sensitive company-specific information to competitors, says a Hyderabad based e-forensics scientist, who spoke to eWorld on the condition of anonymity. Many top companies have their own security solution divisions.

Moreover, the spate of terror attacks within the country has helped the cyber forensics space to become a ‘celebrity overnight’ says Goyal. With terrorists and anti-social elements becoming more tech savvy than ever, the country requires an army of such experts who can crack the code once a cyber crime has been committed. According to some estimates, there is a shortage of about 20,000 cyber forensics officials in the country.

It may be noted that after the recent arrest of Mansur Peerbhoy, the techie from Pune who was allegedly responsible for sending threatening e-mails prior to the serial blasts in Ahmedabad and Delhi, his laptop, the CPU of his personal computer and office work station were seized by the police.

This would have helped the police generate a couple of other interesting leads, says the e-forensics scientist. By implementing something called ‘eMail Tracer’, the police can understand where the terror mail originated from. It can also reveal how many people were a part of this e-mail chain. Moreover, as mentioned earlier, all files that were ever created or received on the person’s hard disk could be retrieved, according to the scientist.

Generally, officers from the various cyber crime cells of the police work on such cases. However, due to the spurt in the number of cyber crimes happening in India, the police do outsource many of the functions to third party companies.

On the other hand, corporates are very sceptical of approaching the police even if they fear a cyber crime has been committed on their systems, says Captain Raghu Raman.

“In many cases, the business critical servers and hardware have to be deposited with the police. No company would want the continuity of its business to be impacted and hence they prefer to first talk to third party cyber forensic experts,” he says. The modus operandi is to understand what has gone wrong and then approach the police, if required.

So what makes a good e-forensics expert? “He should be able to think like a criminal; but yet be better than a criminal,” says Captain Raghu Raman. This profession calls for a high degree of analytics skills as interpreting evidence wrongly could mislead everyone. In the above mentioned case involving Mukunde, any average techie would have been fooled by seeing the security level of the ‘hardened’ server. It was the ‘out of the box’ analytical thinking on Mukunde’s part that helped the pharma company stem the loss of critical information.

A cyber forensics professional could hail from diverse backgrounds such as IT, law or even common business. However, he needs to have some experience of working in an architected system and an enterprise wide system. Knowledge of telecom and know-how of the loop holes in security paradigms are very crucial.

Today, a qualified e-forensics professional could either work with the police, third party agencies or with corporates. “I know of companies such as Infosys, Satyam and Deloitte Consulting who prefer having such people on board rather than going in for outside help,” the Hyderabad based e-forensics expert says.

The starting salary for professionals in this space is double that of an average software programmer. “If somebody has very specific high end skill-set, we would not mind giving him Rs 30,000-Rs 40,000 per month. Unlike the IT or BPO industry, this is an area where there is no slowdown,” says Goyal.

For recovering a hard disk alone, self employed e-forensics professionals are known to charge up to Rs 15,000.

However, experts lament the absence of a proper ecosystem to foster talent in this space. First, there are only a handful of institutions that teach such courses. The University of Madras, C-DAC, Indian Institute of Information Technology (Allahabad) are some of the known names in this space.

Apart from this there are several organisations that provide five-to-10-day crash courses. “Very few of these short-term courses are of a holistic nature. At best, they would teach how to do penetration testing,” says Goyal. (A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious user).

In December last year, Agape Inc had announced that it would set up the National Institute of e-forensics in Mumbai with an investment of Rs 250 crore. Repeated attempts to get in touch with Sachin Pandey, CEO of the organisation, for an update on the project proved futile.

Some IT security experts are of the view that there is not enough legislation in India to enable e-forensics to flourish as a full-fledged science.

Inspite of enacting the Information Technology Act in 2000 the judiciary is yet to create rules that would help quicken the legal process and set norms related to the seizure of electronic evidence, says Vijay Mukhi, Chairman of FICCI- IT cell.

“If courts take up to 20 years to decide on a case, how are you going to keep the digital evidence alive and valid for that period?” he asks.

adith@thehindu.co.in

More Stories on : Security | Insight

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Copyright © 2008, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line