In the ever-expanding cyber world, human activities increasingly depend on digitalised universe of the Internet, computers, handheld devices such as PDA, video, camera, BlackBerries, i-phones, i-pods and newer devices operating with 2G and emerging 3G spectrums. Along with e-business, e-governance and e-transactions, innovative technology-backed cyber crimes are also growing exponentially.

In the wake of increasing threat from cyber crimes that go beyond borders, it has become important for the forensic accountant to be trained as a cyber sleuth too. What is challenging is that the audit trails in the cyber world are like footprints on the sand, easy to be overwritten, making it beyond retrieval. It needs meticulous care and exceptional expertise to track down the criminals in the digital world.

Digital sleuthing

Digital sleuthing typically involves data extraction from a device involved in the crime; be it text messages, even deleted ones, address book entries, to-do lists, pictures, MMS, SMS, audio, video files; ensuring that evidence is admissible in the court of law; testifying as an expert witness; and testing the software packages that are used to recover the contents from the handheld device. There are precautions to be followed in handling electronic devices at crime scenes to avert evidences from getting corrupted.

While providing testimony, it is required to present the methodology and software used for evidence to computer scientists and law-enforcement agencies. Therefore, a solid grounding in computer science, andknowledge of programming and network intricacies are a must for a competent forensic accountant. Cyber forensics caters to the legal requirements to provide digital evidence before the court of law, meeting the legal requirements regarding evidence and procedural laws

Three stages

A digital forensic investigation generally comprises three distinct stages: the first stage is acquisition and creating an exact “forensic duplicate” of the media, often using a write-blocking device to prevent modification. The second phase usually recovers evidence material using different methodologies and tools used to analyse and reconstruct sequences of actions leading to conclusions. After the investigation, the investigator prepares a written report.

Digital forensics can be grouped into computer forensics, mobile forensics, network forensics, database forensics depending on the nature and devices used for extraction of data and information for providing to the court of law.

Computer forensics covers current state of digital artefacts such as a computer system, storage medium or electronic document and static memory such as USB pen drives. Computer forensics can deal with a broad range of information from logs such as Internet history to the actual files on the drive.

Mobile forensics relates to recovery of evidence from a mobile device. It has an in-built communication system, proprietary storage mechanisms and is useful for location tracking. Cell phone sleuthing involves extraction of data from a device used in a crime, be it text message, deleted ones, address book entries, to-do lists, pictures, audio and even the phone's location when in use, examining that evidence, ensuring that it is admissible in the court of law, testifying as an expert witness; testing the tools –the software packages that are used to recover contents from handheld device. Network forensics monitors and analyses both local network and WAN/Internet traffic for information gathering, legal evidence or intrusion detection. Database forensics focuses study of databases and their metadata.

Penal provisions

Exponential expansion of use of Internet and electronic equipment for e-commerce and e-governance has also given rise to innovative crimes such as video voyeurism, breach of confidentiality, leakage of data, e-commerce frauds like impersonation, identity theft, Phishing and so on. While the Information Technology Act 2000, amended in 2008, provides legal recognition to electronic transactions carried out for e-commerce, and e-governance, it also aims to prevent criminal activities based on computer and digital devices and ensure security and protection of personal data. Commensurate penal provisions are required to be incorporated in the Information Technology Act, the Indian Penal Code, the Indian Evidence Act and the Code of Criminal Procedure to prevent such crimes.

There is acute shortage of good cyber forensic experts in India. This is more so when projects such as national intelligence grid (Natgrid) and the crime and criminal tracking network and systems (CCTNS) are expected to be launched by May 2011 or so.

(The author is a Director General, Office of the Comptroller and Auditor General.)

Related Topics
comment COMMENT NOW