While instances of crime in the cyber space shoot up, demand for forensic experts also increase. We explore the options
Bhaskar Sarma
Mention crime, and we think of robberies, murders and detectives examining the scene, interrogating witnesses and finally nailing the guilty.
There is, however, another kind of crime, where traditional methods of criminal investigation fall flat on its face. Instances like hack attacks, cyber fraud, phishing, identity and data theft, all account as cyber crime. Even though it may appear that the effects of digital crime are not life threatening, they have the potential to disrupt life, as well as tamper with property. Just imagine, a situation if Indian Railway’s ticket reservation system goes down for even a day? In fact, a survey in UK concluded that people were more scared of their bank accounts being hacked or credit card details stolen over the Internet, than they were of muggings and robberies.
We could go on and on about different scenarios, but the point is, digital crime occurs. While better information security would certainly act as a deterrent, crime can never be totally eradicated. So, the next best thing to do, is to find out the culprit. When the crime committed is related to the Internet and computers, then cyber forensic expert enter the scene, and try to sniff out the clues, and trace the byte-trail that can help in catching the perpetrators.
On The Job
Digital forensics, of which cyber forensics is one facet, is a vast discipline, which encompasses several other fields. A digital forensic expert is supposed to be adept in network security, because most cyber crimes take place over networks. He / she needs to be good at encryption and data recovery too, because passwords and data are always inevitably involved in theft of information. Awareness of cyber laws are also important, as most of these cases can go to court where the forensic expert would be called either as a witness for prosecution or defence. Again, cyber forensics does not necessarily mean that its practitioners would have to deal with computers and servers all the time. Depending on cases, mobile phones, pen drives and in some cases, even personal media players have come under the scanner of the e-sleuths.
Cyber Crime And Legal Aspects
Before we proceed deeper into the subject, there is an urgent need to know what cyber crime actually is. The United Nations defines cyber crime as illegal electronic operations that target the security of computer systems and data processed by them, or illegal behaviour that uses computers and networks.
In India, the primary statute is the IT Act 2000, although some sections of other laws like the Indian Penal Code can be applied to digital crime. We are not going to list out the provisions of the IT Act that are concerned with cyber crime. However, acts like hacking, identity theft, phishing and spamming all become cognizable offences, punishable by fine and prison terms.
Understandably concerned, the government and the private sector have done their bit in trying to educate police and judiciary in new paradigms and technologies. NASSCOM has four cyber labs across the country, and is involved in a government project to train state police departments in state-of-the-art digital investigation techniques. However, with crime rates soaring, these efforts may not be sufficient. The Indian IT and ITeS sectors urgently need solutions to these problems, as the industry deals with highly sensitive, and often, personal data.
Skills And Tools
When it comes to corporate houses, they don’t really tend to trust cops a lot. They guard their data fiercely and don’t like others messing up on their turf. Also, the process of recording evidence after a digital crime has been committed is a lot like walking on eggshells without making a sound—a single data packet missing out of millions, one electron with a magnetic pole askew, and the data would not stand up to legal scrutiny. To recover data from the crime scene, to analyse and map the course of events to non-technical persons, including your bosses and maybe a judge, is the daily job description of a digital forensic expert.
Every job has its tools and the job of a digital detective is no exception. Cyber forensic tools are software packages that can be used to preserve the state of hard disks and storage devices, extract data from mobile phones and sniff out network packets. As with other kinds of software, there is both open source as well as proprietary software. Many companies also use tools that are tailor-made to their specific needs. Some types of tools are En-Case, X-Ways Forensics and Cyber Examiner. In India, the Resource Centre for Cyber Forensics (RCCF), a part of C-DAC (Centre for Development of Advanced Computing) is in charge of developing tools used by police departments and cyber crime cells. Professionals in this field are expected to be proficient in usage of more than one of these tools.
Degrees And Colleges
As mentioned earlier, the field of cyber forensics is still evolving. Hence, there is a lot of confusion on the part of students who are interested in pursuing this particular career option. To be good, students in digital investigation need to master various disciplines. Not only should they be comfortable with running a hash analysis of files, they would also need to know the legal procedures of presenting evidence in court. It’s a mixture of being a cop and a geek, which is challenging and fun to interested and committed professionals. Jaya Narayanan, from the security consulting firm NJY hits the bull’s eye, “What we would like to suggest to those individuals who have done, and are currently doing, a course in Cyber Forensics is to also do other various IT courses to support their career and to give their career a strong foundation”.
For instance, a cyber forensic individual would always invariably have to work on computer networks, as well as network security. This means that network security certifications are essential for the candidate to be considered for this post. As a representative of Valiant Technologies, a Chennai-based information security-consulting firm affirms, certifications like CCNA (Cisco Certified Network Associate) Security and CCSP (Cisco Certified Security Professional) are good starting points.
Knowledge of networking is also stressed a lot by Dr R. Thilagaraj, head of department of Criminology at University of Madras. This department runs two popular courses related to cyber forensics. One is MSc in Cyber Forensics and Information Security (two years) and the other is Diploma in Cyber Crime and Information Security (one year). Started in 2004, with financial aid from the University Grants Commission, the Masters courses are open to candidates having BSc degrees in maths, physics, statistics, computer science or BE / BTech degrees. Apart from this, it is mandatory to clear a qualifying test. Further information about the course can be obtained from the University of Madras homepage (http://www. unom.ac.in/). It might be tough to get admission in the course, as the number of seats is only 20.
Another reputed institute that has been at the forefront of training newbies in cyber forensics is C-DAC. However, most of its teaching efforts are focussed on the government sector, as it is one of the agencies entrusted with bringing the law enforcement authorities up to speed with the latest in cyber crime. However, C Balan, deputy director, RCCF says, “We have plans to start cyber forensic courses for students in the near future. Initially they will start out of Trivandrum, but later will be rolled out across the country.”
In the private sector, there are institutions that offer courses in cyber forensics along with information security. Some others also specialise in giving short terms courses in cyber law with emphasis on information security. Asian School of Cyber Laws at Pune is one, Cyber Law College Chennai is another. As of today, there is hardly any industry standard certification or standards in the field of digital forensics. Before they decide to spend their money and time, they should do a thorough research on the background. In particular, they should check the employability status of the alumni and decide whether the training provided is good enough for the industry. Look at the box on the previous page for a list of institutions that offer courses related to cyber forensics.
Career Paths
A career in cyber forensics can be sought both in public, as well as in the private sector. In the public sector, people are mostly absorbed into law enforcement agencies like the cyber crime cells, state forensic departments and central agencies like the CBI. However, regular and mass recruitment of freshers may not be possible, because government departments focus more on training existing employees rather than hiring new people.
However, the scope for employment in private sector is immense. According to a NASSCOM report, 20,000 cyber security professionals would be needed to detect and solve cyber crimes. A bulk of these people would be needed by banks, financial institutions, consulting companies—basically any entity that has valuable data. “In India most banks have their own Fraud Management Cells, which is where people with these skills are the most needed,” says Dr Sachin Pandey, CEO of Agape Inc—the company that runs NIeF.
Besides, all the big IT companies have their own computer emergency response teams (CERT) who are responsible for internal IT security and usually the first line of defence against any external attack. Additionally, there are specialist companies that work on ethical hacking, cyber forensics and IT security. The career path is usually from engineer to principal or lead security consultant. In terms of salaries, freshers get about Rs 30,000 to Rs 50,000 more per annum than other entry-level positions. As with other positions in the IT industry, there are plenty of overseas opportunities. After sufficient experience, professionals can branch out into freelancing and become independent security consultants.
A cyber forensic professional’s job is very important. It’s also very challenging, and provides enormous scope for learning new technologies. The security landscape is changing continuously and unlike traditional crime busting, something happening thousands of miles away can have immediate impact on IT security parameters at your office or company. Only someone who has an active and alert mind with an attitude to constantly learn new things can succeed in this field.
bhaskar.sarma@thinkdigit.com