International Journal of Advanced Research in Basic Engineering Sciences and Technology (IJARBEST) Forensics Computing Technology to Combat Cybercrime E.Saraswathy, T.Latha Maheswari PG Scholar, Dept of Master of Computer Application Sri Krishna College of Engineering and Technology, Coimbatore, India Abstract: The advent of technological revolution requires. However, there is added complexity due in communications and information exchange to the technical nature of computer based has created sophisticated form of crime, cyber technology and has added another dimension with crime. Cybercrimes have more severe economic impacts than many conventional crimes and like digital evidence. As greater emphasis is placed on any other crime, these cyber crimes should be digital evidence, it becomes increasingly critical brought to justice. The process of gathering that the evidence be handled and examined electronic evidence of a cyber crime is known as forensic computing. This paper addresses the properly. technical aspects, while at the same time providing insights which would be helpful for the II. CYBERCRIME LANDSCAPE legal profession to better understand the unique issues related to computer forensic evidence when Cyber crime is typically described as any presented in the court of law. criminal act dealing with computers or computer Keywords— Cyber Crime, Computer Forensics, networks. It is also called by other names (e-crime, Electronic/Digital Evidence, Piracy,. computer crime or Internet crime in different jurisdictions), which have roughly the equivalent meanings. The characteristics of cyber criminals, I. INTRODUCTION cybercrime victims, and law enforcement agencies have created a vicious circle of cybercrime. Figure1 Cyberspace has no specific jurisdiction; shows this circle’s key elements. therefore, criminals can commit crime from any Cybercrimes are structurally unique in three main location through computer in the world leaving no ways: evidence to control [1]. When someone ―steals‖ They’re technologically and skill- data from cyber space or uses information for intensive. unintended purposes, it is called cyber crime. With the increase usage of computer technology, cyber They have a higher degree of globalization crime is on the rise. Like any crime, cyber Crime than conventional crimes. should be investigated and prosecuted where Given the Internet’s global nature, necessary. Computer forensics describes the cybercrimes entail important procedural practice of retrieving evidence in the form of data and jurisdictional issues. from a computer that relates to a crime in a manner Cybercrimes includes but not limited to: that meets the requirements of the given a legal Theft of telecommunications services; Communications in furtherance of System. Computer forensics evidence needs to be criminal conspiracies; handled with the same care that physical evidence ISSN(Online) : 2456-5717 91 Vol. 3, Special Issue 26, March 2017 International Journal of Advanced Research in Basic Engineering Sciences and Technology (IJARBEST) Information piracy, counterfeiting and storage in the future. Data stored on these devices, forgery; while potentially of tremendous value in the Dissemination of offensive material; investigation, prosecution and prevention of crime, Electronic money laundering and tax presents unique challenges to detectives and evasion; prosecutors because of its potentially volatile Electronic vandalism and terrorism; nature. Electronic data is fragile. It can easily be changed or eliminated by cyber criminals. This Sales and investment fraud; means that the data must not be compromised in Illegal interception telecommunications; any way. It must be able to be proven that the data Electronic funds transfer fraud. is a true representation of what happened, that it Regardless of the definitions, the use of cannot have been modified in any way, either by computers and the Internet in the commission of the intruder themselves, or the collection and crimes require investigators applying cyber examination tools. In other words, the chain of forensic techniques to extract data for those custody must be established (Sommer, 1998), Mc investigating these cases, prosecuting these cases Kemmish (2001) identifies three distinct types of and passing the ultimate judgment regarding the forensic computing: disposition of offenders and the redress of victims. A. Digital Evidence Recovery – Involves the examination of electronic devices for information III. FORENSIC COMPUTING relating to a crime, and the processes involved in Computer forensics refers to the legal collecting relevant data. processes, rules of evidence, court procedures, and B. Cyber/Intrusion Forensics – Involves detecting forensic practices used to investigate e-Crimes [2]. computer security breaches, identifying and Specifically, computer forensics is the application preserving digital evidence. of scientific, forensically sound procedures in the C. Forensic Data Analysis – Involves identifying collection, analysis, and presentation of electronic anomalies in large data sets that may indicate data. For computer evidence to be accepted in a illegal or improper acts. court of law, the forensic investigation process must identify, preserve, examine, and document IV. METHODOLOGY AND DIGITAL any computer evidence retrieved [3]. Computer EVIDENCE evidence is entirely different. It cannot be seen, Any criminal investigation follows procedures touched or smelled and it often lasts for only very which vary from one country to another, but the short periods of time. Computers typically store computer forensics investigator should follow these data in three ways, magnetic, semiconductor, and steps: optical. Other less common data storage methods Secure and isolate. include magneto-optical disk storage, optical Record the scene. jukebox storage and ultra-density optical disk Conduct a systematic search for evidence. storage. Potentially significant new developments in technology suggest that techniques like phase- change storage, holographic storage, and use of Phase 1 should be to freeze the scene of crime in molecular memory may become methods for data ISSN(Online) : 2456-5717 92 Vol. 3, Special Issue 26, March 2017 International Journal of Advanced Research in Basic Engineering Sciences and Technology (IJARBEST) order to prevent the ICT context from being kind of information and where it can be found in modified before digital traces are collected, and to the system and network is mandatory knowledge avoid giving the malicious person a chance to for digital investigators? Any computer systems modify or destroy evidence [4]. The goal of phase 1 information and communication device (electronic is to avoid the destruction or the dislocation of components, memory devices, hard discs, USB crucial data. sticks, etc.) or information it contains, are potential The investigator must classify resources to targets or instruments of crime. Each software or determine which system must be removed from the data execution or transaction leaves digital traces. scene. Identifying traces and collecting them Digital traces are volatile and rapidly removed comprises the second phase (phase 2), and this from servers. Digital evidence is even more should be followed by the data safeguarding and difficult to obtain because ICT transcends preservation phase (phase 3). At this stage, data can international boundaries [7]. In such cases, success be analyzed (phase 4) and subsequently presented depends on the effectiveness of international in a comprehensive way for non-experts and legal cooperation between legal authorities and the speed experts (phase 5). The purpose of any investigation with which action is taken. One of the most is to discover and present facts that contribute to important features is the duration during which establishing the truth. It is not enough to be a good Internet Service Providers (ISP) keep information computer specialist, he should be aware of the legal concerning user subscriptions and activities (IP framework and constraints in order to perform a addresses, connection data, etc.). The retention useful computer investigation. If this were not the period, during which data is available in order to case, the results of the investigation could be retrieve someone’s identity from his IP address, compromised and thrown out by the court because varies from one country to another [8]. Legal of an insufficient or incorrect evidence-gathering systems must give law enforcement agencies the process. A common vocabulary between police appropriate authority to access traffic data. force, justice and forensics should exist. Procedures Countries should improve international cooperation should be set up in order to increase computer and be able to share critical information quickly, investigation performance and reliability [5]. The otherwise digital evidence may disappear. For resulting investigation report should be easily Instant Messaging services and Peer-to-Peer or comprehensible and must describe in detail all the Internet Relay Chat facilities, logs and historical operations performed and procedures followed in content of communications are kept for only a few order to gather electronic evidence. Investigators days. An IP address identifies a computer, not a with an understanding of information and person and criminals use false or stolen identities communication technologies should use in [9]. It is always very difficult to establish the conjunction with effective