Cyber forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices , often in relation to computer crime. the term ‘cyber forensics’ was originally used as a synonym of computer forensics but has expanded to cover investigation of all devices capable of storing digital data. Cyber forensics have a variety of application. The most common is to support or refute a hypothesis before civil or criminal courts. Forensics may also feature in private sector, such as during internal corporate  investigations or intrusion investigation . As well as identifying direct evidence of crime, digital forensics can be used to attribute a evidence to specific suspects, confirm alibis or statements, determine intent, identify sources or authenticate documents. Investigations  are much broader in scope than other areas of forensic analysis often involving complex timeline hypothesis. The concept of forensics dates back to roman era and possibly to ancient China. In those days when people were accused of crimes the the perpetrator or accuser used to present the evidence in front of public form as audiences. Today forensics means the application of scientific processes to recover evidence which is related to crime or some other legal actions taken by the authorities.



Donn Parker’s 1976 book, ‘crime by computer’ is perhaps the first description of the use of digital information to investigate and prosecute crimes committed with assistance of computers. These computer trained investigators would assist other case investigators would assist other case investigators in obtaining information from the main-frame computers-stored data and access logs.


The advent of IBM (International Business Machines) PC in early 1980s resulted in explosion of computer hobbyists. These early computers enabled hobbyists to write a program code and to access the internals of operating systems and hardware. Many of them became a charters of members of first organization dedicated to digital forensics. International Organization of Computer Investigative Specialists(IACIS). Another noteworthy product of this period was Safeback , which was created by Chuck Guzis  in 1991 to acquire to forensic images of evidence. Forensic training was developed by some organization during this epoch, such as FACT(Forensic association of computer technologists), High tech crime investigation association was also found.


There were 3 most important development took place during this stage. The first one was explosion of technology. Computers became ubiquitous , cellphones became essential and the internet became world’s central nervous system. The American society of Crime Laboratory, Directors Laboratory Accreditation Board (ASCLD-LAB). in co-operation with SWGDE recognized digital evidence as laboratory evidence . The FBI’s North Texas Regional Computer Forensic Laboratory became first ASCLD-LAB accredited cyber forensic laboratory.


In the year 2006, the US courts adopted new rules for civil procedure , that defined digital information as a new form of evidence and implemented a mandatory system, called e-discovery for dealing with digital evidence. The law enforcement military and intelligence communities have designed organizational structures and processes to support their mission view.

2010 and above

Forensics will no longer be a linear  process focused on recovering data, but an evidence based knowledge management process that will be integrated into investigations , intelligence analysis,  information security and electronic discovery. International cyber crime his become so extensive.



it is analysis of a information contained within and created within a computer systems and devices. Digital devices on board memory rudimentary computing power and static memory and USB device all are covered under computer forensic examination.


This is analysis of physical data from a mobile device . Mobile device usually has an electronic communication system which is in built that is GSM system in built in cell phones. EX. e-mails and SMS.


This is related to analysis and monitoring of a traffic on a computer network. This traffic either could be a LAN WAN internet traffic. In this forensic examination there is a interception of computer network traffic at packet level .


This analysis investigates the structured computer data with the objective of  analysis of the patterns of activities which are fraudulent in nature such as cyber crimes of financial nature.


This is a forensic investigation of computer data bases and meta data . Data base forensic examinations use the contents of the computer data bases and log files and RAM data .


IN 2012 , ISO/IEC 27037 published a standard for cyber forensic guidelines for handling digital evidence:


this phase includes the search and recognition of relevant evidence , as well as its documentation. in this phase the priorities for evidence collection are identified based on value and volatility of evidence.


this phase involves collection of all digital evidences that could contain data of evidentiary value. These devices are then transported back to forensic laboratory or other facility for acquisition and analysis of digital evidence.


Digital evidence is obtained  integrity of data . this was highlighted by UK Association of Chief Police officers, as an important principle of cyber forensics practice. This obtainment of data without altering it is accomplished by creating duplicate copy of a content of a digital device (imaging) i.e., while using the device ( write blocker) i.e., designed to prevent a alteration of data during a copying process.


The integrity of digital devices and digital evidence can be established with the chain of a custody which is defined as the process by which investigators preserve a crime seen and evidence throughout the life cycle of a case.


This phase requires the use of an appropriate cyber forensic tools and methods to cover a digital data , there are numerous cyber forensic tools in market in varying qualities , The purpose of analysis phase is to determine the significance and probative value of evidence .


This phase includes the detailed description of the steps taken throughout cyber forensic process, the digital evidence uncovered and conclusion reached based on cyber forensic processes and evidences revealed.


By thus research it is clear that there is need of cyber forensic laws in India. The rules, regulations and practices which are to be prescribed by the law. There is increase in a cyber crimes in India because of lack of cyber forensics investigating technology, labs and other techniques.


  1. Wayne Jekot, ” Computer forensics search strategy and particularity requirement”, vol 7, Journal of technology law and policy, 2007.
  2. Nishesh Sharma, Cyber forensics in India, ( Lexisnexis, Haryana, 2017).


1 thought on “CYBER FORENSICS”

Leave a Comment