Computer Security and Cyber

Forensics Overview
RANEETA PAL CSCF

Computer Forensics Overview 1

 What is computer
forensics?
• Computer forensics, also known as digital forensics, computer
forensic science or cyber forensics, combines computer
science and legal forensics to gather digital evidence in a way
that is admissible in a court of law.
• In the same way that law enforcement officials combine crime
scenes for clues, computer forensics investigators search
digital devices for evidence that lawyers can use in criminal
investigations, civil cases, cybercrime investigations and other
corporate and national security matters. And like their law
enforcement counterparts, computer forensic investigators
need to be experts not only in hunting for digital evidence, but
in collecting, handling and processing it to ensure its fidelity
and its admissibility in court.
• Computer forensics are closely related to cybersecurity.
Computer forensics findings can help cybersecurity teams
speed cyberthreat detection and resolution, and prevent
future cyberattacks.
How computer forensics has evolved
Computer forensics first gained prominence in the early 1980s with the invention of the personal computer. As
technology became a staple in everyday life, criminals identified an opening and began committing crimes on
electronic devices.

Soon after, the internet connected almost everyone overnight, allowing email and remote access to corporate,
and organizational computer networks and opening doors to more complex malware and cyberattacks. In
response to this new frontier of cybercrime, law enforcement agencies needed a system to investigate and
analyze electronic data, and thus, computer forensics was born.

At first, most digital evidence was found on computer systems and IT devices—personal computers, servers,
mobile phones, tablets and electronic storage devices. But today an increasing number of industrial and
commercial devices and products—from Internet of Things (IoT) and operational technology (OT) devices, to
cars and appliances, to doorbells and dog collars—generate and store data and metadata that can be collected
and mined for digital evidence.
 Significance of Computer Forensics

EVIDENCE HANDLING CHAIN OF CUSTODY LEGAL IMPLICATIONS

Correct collection of digital Establishing a documented chain Knowledge of legal standards
evidence is paramount. of custody for evidence prevents ensures investigators gather
Mishandling jeopardizes its tampering. Proper protocols evidence compliant with
integrity, raising questions about assure judges of the evidence's regulations, preserving its value in
usability in court. authenticity. judicial processes.

Computer Forensics Overview 4

Why computer forensics matters

Like physical crime scene evidence, digital evidence must be collected and handled correctly. Otherwise,
the data and metadata may be lost—or deemed inadmissible in a court of law.

For example, investigators and prosecutors must demonstrate a proper chain of custody for digital
evidence—they must document how it was handled, processed and stored. And they must know how to
collect and store the data without altering it—a challenge given that seemingly harmless actions such as
opening, printing or saving files can change metadata permanently.

For this reason, most organizations hire or contract computer forensics investigators (also known by the
job titles computer forensics expert, computer forensic analyst or forensic computer examiner) to collect
and handle digital evidence associated with criminal or cybercriminal investigations.
Use cases for digital forensics
• Criminal investigations: Law enforcement agencies and computer forensics
specialists can use computer forensics to solve computer-related crimes, like
cyberbullying, hacking or identity theft, as well as crimes in the physical world,
including robbery, kidnapping, murder and more. For example, law
enforcement officials might use computer forensics on a murder suspect's
personal computer to locate potential clues or evidence hidden in their search
histories or deleted files.

• Civil litigation: Investigators can also use computer forensics in civil litigation
cases, like fraud, employment disputes or divorces. For example, in a divorce
case, a spouse's legal team might use computer forensics on a mobile device to
reveal a partner's infidelity and receive a more favorable ruling.
• The protection of intellectual property: Computer forensics can help law
enforcement officials investigate intellectual property theft, like stealing trade
secrets or copyrighted material. Some of the most high-profile computer
forensics cases involve intellectual property protection, notably when departing
employees steal confidential information to sell it to another organization or set
up a competing company. By analyzing digital evidence, investigators can identify
who stole the intellectual property and hold them accountable.

• Corporate security: Corporations often use computer forensics following a

cyberattack, such as a data breach or ransomware attack, to identify what
happened and remediate any security vulnerabilities. A typical example would be
hackers breaking through a vulnerability in a company's firewall to steal sensitive
or essential data.
Cont.
• National security: Computer forensics have become an
important national security tool as cybercrimes continue
escalating among nations. Governments or law enforcement
agencies like the CBI now use computer forensics techniques
following cyberattacks to uncover evidence and shore up
security vulnerabilities.
Computer
Forensics & PRESENTAT
ION TITLE

Cybersecurity
Raneeta Pal

9
Cybersecurity
Overview

Proactive and Reactive Strategies

Cybersecurity encompasses proactive measures such as
threat hunting and vulnerability assessments, alongside
reactive measures including incident response and
recovery. It's crucial in safeguarding assets.

Computer Forensics & Cybersecurity 10

 Computer
Forensics Role
Investigating Cyber Incidents
Computer forensics focuses on analyzing
digital devices post-incident to uncover
evidence of cyber crimes. This reactive
approach helps in understanding attacks,
facilitating future prevention.

Computer Forensics & Cybersecurity 11

Collaboration
Benefits
Enhanced Shared
Security Knowledge and
Measures Tools
Collaboration enables Both domains share
cybersecurity teams to essential tools and
bolster defenses using strategies, enhancing their
forensic insights. By collective capability.
understanding how Forensics provides valuable
breaches occur, they can feedback to improve
reinforce protective layers. cybersecurity policies and
response mechanisms.

Computer Forensics & Cybersecurity 12

DFIR: Computer forensics +incident response

When computer forensics and incident response—the detection and mitigation of

cyberattacks in progress—are conducted independently they can interfere with each other,
with negative results for an organization.

Incident response teams can alter or destroy digital evidence while removing a threat from
the network. Forensic investigators can delay threat resolution while they hunt down and
capture evidence.

Digital forensics and incident response, or DFIR, combines computer forensics and incident
response into an integrated workflow that can help security teams stop cyberthreats faster
while also preserving digital evidence that might be lost in the urgency of threat mitigation.
DFIR INTEGRATION PROCESS

QUICK RESPONSE DATA SECURITY HOLISTIC VIEW LEGAL EVIDENCE

Simultaneous incident Ensures crucial Reconstructing Strengthens the

response ensures swift evidence remains intact incidents from start to admissibility of digital
resolutions to threats. during threat finish informs future evidence in court cases.
management. security measures.

14
DFIR

Post-incident review
Forensic data collection
includes examination of
happens alongside threat
digital evidence. In
mitigation. Incident
addition to preserving DFIR can lead to faster
responders use computer
evidence for legal action, threat mitigation, more
forensic techniques to
DFIR teams use it to robust threat recovery
collect and preserve data
reconstruct cybersecurity and improved evidence
while they’re containing
incidents from start to for investigating criminal
and eradicating the
finish to learn what cases, cybercrimes,
threat, ensuring the
happened, how it insurance claims and
proper chain of custody is
happened, the extent of more.
followed and that
the damage and how
valuable evidence isn’t
similar attacks can be
altered or destroyed.
avoided.
Investigative Process
This table outlines the critical steps in a computer forensic investigation, emphasizing actions taken and their
outcomes.

STEP DESCRIPTION OUTCOME

Identification Gathering initial data Understanding incident scope

Preservation Securing evidence Maintaining chain of custody

Analysis Examining digital evidence Identifying intruders and methods

Reporting Documenting findings Facilitating legal actions

16
Future of Cybersecurity

Investment in Growing Cyber Threat Emerging Technologies Challenges in

Cybersecurity Landscape in Cybersecurity Cybersecurity
Workforce
Organizations are The frequency and Innovations such as AI A shortage of qualified
prioritizing sophistication of and machine learning cybersecurity
cybersecurity cyberattacks are are being integrated professionals is
investment to mitigate increasing, prompting into cybersecurity for hindering capability to
risks and enhance urgent improvements better protection. detect and prevent
resilience. in cybersecurity. threats.
17
 Cyber Threat
Raneeta Pal

Cyber Threat 18
A cyber threat refers to any malicious activity
that targets computer systems, networks, or
digital data with the intent to cause harm,
steal information, disrupt operations, or gain PRESENTAT

unauthorized access. These threats can come

ION TITLE

from hackers, cybercriminals, nation-state

actors, or even insider threats.

19
 Common Types of
Cyber Threats
• Malware – Viruses, worms, Trojans that harm systems.
• Phishing – Fraudulent emails/messages tricking users
into sharing sensitive data.
• Ransomware – Encrypts files and demands payment for
decryption.
• DDoS Attacks – Overloading a system to make it
inaccessible.
• Zero-Day Exploits – Attacks exploiting unknown
software vulnerabilities.

Cyber Threat 20
 Impacts of CT
CONSEQUENCES OF CYBER THREATS
• Financial Losses – Businesses lose millions due to cyberattacks.
• Data Breaches – Personal and corporate data theft.
• Reputation Damage – Loss of customer trust.
• Legal Consequences – Regulatory fines and legal actions.
• National Security Risks – Cyber warfare and espionage threats.

Cyber Threat 21
Cyber Threat Prevention Strategies
•Use Strong Passwords – Implement multi-factor
authentication (MFA).
•Regular Software Updates – Patch vulnerabilities
promptly.
•Employee Awareness Training – Recognize phishing PRESENTAT
ION TITLE

and social engineering attacks.

•Install Firewalls & Antivirus – Secure systems from
malware and intrusions.
•Backup Data Regularly – Prevent loss due to
ransomware attacks.
22
STATISTICS OVERVIEW

RANSOMWARE RISE OF PHISHING DATA BREACH DIVERSE THREAT

GROWTH INCIDENTS LANDSCAPE

Ransomware attacks have Phishing attempts remain Data breaches present A variety of other cyber
surged, posing a major a prevalent tactic used by significant risks, leading to threats continue to evolve
threat to many cybercriminals. loss of consumer trust. and emerge.
organizations.

23
Cyber warfare
Introduction

Definition:
Cyber warfare involves the use of cyberattacks by
nation-states, state-sponsored groups, terrorist
groups, or hackers to disrupt, damage, or control
digital infrastructure.
Purpose: It can be used for espionage, sabotage,
or military advantage.
Examples: Attacks on critical infrastructure,
government networks, and financial systems.
Types of Cyber
Warfare
• Espionage – Hacking into systems to steal
confidential data.
• Sabotage – Disrupting critical services (power
grids, communication networks).
• Denial-of-Service (DoS) Attacks – Overloading
systems to make them inoperable.
• Cyber Propaganda – Spreading
misinformation to influence public opinion.
• Infrastructure Attacks – Targeting power
plants, hospitals, or government agencies
Impact of Cyber
Warfare

• National Security Risks – Compromises

government and military operations.
• Economic Consequences – Disrupts
businesses and financial institutions.
• Social Unrest – Cyber propaganda can
manipulate public perception.
• Privacy Breaches – Leaks sensitive personal
and governmental data.
Famous Cyber Warfare Incidents

WannaCry The 2014

NotPetya
ransomware Yahoo Attack
Raneeta Pal
Cyber
security/forensics
agencies in India
Cyber forensic agencies play a crucial role in investigating,
analyzing, and combating cybercrimes in India. With the rise
of digital threats such as hacking, identity theft, financial
fraud, and cyber terrorism, these agencies specialize in
collecting and examining digital evidence to support law
enforcement and legal proceedings.
Their expertise in digital forensics, malware analysis, and
cyber threat intelligence ensures a safer digital ecosystem,
protecting both individuals and organizations from cyber
threats.
Central Bureau of Investigation (CBI)
– Cyber Crime Unit
is a specialized division within the CBI that focuses on
investigating and combating cybercrimes. As one of India's
premier investigative agencies, the CBI handles high-profile,
complex, and cross-border cybercrime cases that often have
national or international implications.
The unit uses advanced digital forensic tools and techniques
to:
Collect, preserve, and analyze digital evidence (e.g., hard drives, mobile phones, cloud data).
Recover deleted or encrypted files.
Trace digital footprints of cybercriminals (e.g., IP addresses, transaction logs).
Indian Computer Emergency
Response Team (CERT-In)
The Indian Computer Emergency Response Team (CERT-In) serves as the national agency for performing various
functions in the area of cyber security in the country as per the provisions of section 70B of the Information
Technology Act, 2000.
• CERT-In has been operational since January 2004.
• CERT-In comes under the Ministry of Electronics and Information Technology (MeitY).
• It regularly issues advisories to organisations and users to enable them to protect their data/information
and ICT (Information and Communications Technology) infrastructure.
• In order to coordinate response activities as well as emergency measures with respect to cyber security
incidents, CERT-In calls for information from service providers, intermediaries, data centres and body
corporates.
• It acts as a central point for reporting incidents and provides 24 ✕ 7 security service.
• It continuously analyses cyber threats and handles cyber incidents tracked and reported to it. It increases
the Indian Internet domain’s security defences.
Cont.
Key Projects
• Cyber Swachhta Kendra (www.csk.gov.in)
• National Cyber Coordination Centre (NCCC)
• Cyber Threat Intelligence Sharing Platform
• Cyber Abhyas Suvidha (CAS) Advanced Skill
Development Platform

33
National Cyber Crime Reporting
Portal (NCRP)
• All types of Cybercrime incidents can be reported from anywhere.
• Special focus on content reporting of online Child Sex Abuse Material/Rape-Gang Rape incidents.
• National/State/District-Level monitoring dashboards.
• Online status tracking facility for the complainant.
• Cyber Volunteers registered as Cyber Awareness Promoters.
• An automated Chatbot having predefined features created and named Vani- CyberDost Chatbot has been
deployed on NCRP.
• Example Case: Victims of UPI frauds and social media scams have successfully reported cases via this
platform.
• A new Module “Citizen Financial Cyber Fraud Reporting and Management System” has been developed,
connecting 85 Banks/Payment Intermediaries and Wallets etc. with the Cybercrime Backend Portal. This
helps citizens to report cyber financial frauds on National Helpline number 1930.
• 1930 National Helpline number is running in all States/UTs.
National Cyber Crime Threat
Analytics Unit (NCCTAU)
• The National Cyber Crime Threat Analytics Unit (NCCTAU) is an integral part of India's Indian
Cyber Crime Coordination Centre under the Ministry of Home Affairs (MHA). It is responsible for
analyzing and monitoring cyber threats and providing actionable intelligence to law enforcement
agencies.
• NCCTAU (National Cyber Crime Threat Analytics Unit) operates under the Indian Cyber Crime
Coordination Centre (I4C), Ministry of Home Affairs.
• Analyzes cyber threats, monitors dark web activities, and provides real-time intelligence to law
enforcement agencies.Uses big data analytics, AI, and cyber forensics to detect and prevent
cybercrimes.
• Assists in training law enforcement agencies and enhances public cybersecurity awareness.
• Collaborates with CERT-In, NCIIPC, CBI, and state cyber cells to strengthen India’s cybersecurity
framework.
State Cyber Crime Cells & Forensic
Laboratories
• Every Indian state has a dedicated Cyber Crime Police Station & Forensic
Lab. Some advanced forensic labs include:
• Maharashtra Cyber Police – specializes in digital evidence analysis.
• Karnataka Cyber Crime Police – handles cryptocurrency fraud and online
financial crimes.
• Telangana Cyber Lab – works with Interpol for transnational cybercrime
investigations.
• Example Case: Maharashtra’s cyber police cracked the Cosmos Bank
cyberattack (2018), where hackers siphoned off ₹94 crore using malware.
Cyber Swachhta Kendra (Botnet
Cleaning and Malware Analysis Centre)
The " Cyber Swachhta Kendra " (Botnet Cleaning and Malware Analysis Centre) is a part of
the Government of India's Digital India initiative under the Ministry of Electronics and
Information Technology (MeitY) to create a secure cyber space by detecting botnet
infections in India and to notify, enable cleaning and securing systems of end users so as to
prevent further infections.
The " Cyber Swachhta Kendra is set up in accordance with the objectives of the "National
Cyber Security Policy", which envisages creating a secure cyber eco system in the country.
This centre operates in close coordination and collaboration with Internet Service Providers
and Product/Antivirus companies. This website provides information and tools to users to
secure their systems/devices. This centre is being operated by the Indian Computer
Emergency Response Team (CERT-In) under provisions of Section 70B of the Information
Technology Act, 2000.
 • Independent firms providing digital
forensics, cybercrime investigation, and
incident response services.
• Assist corporates, law enforcement, and
Private individuals in handling data breaches, fraud
Cyber detection, and cyber threats.Offer malware
Forensic analysis, email forensics, network forensics,
and mobile device forensics.
Firms • Help in legal cases by providing expert
testimony and digital evidence recovery.
• Examples in India: TechForing, SecurEyes,
eSec Forte, and quickheal technologies.
Advancement
in
cybersecurity
and forensics
 Inauguration of Digital Forensic Laboratory at NFSU Campus,
Gandhinagar on 08/01/2024, set up by the Directorate
Digital General of GST Intelligence( DGGI) in collaboration with
National Forensic Science University (NFSU)
Forensic
Laboratory These forensic labs offer wide application and enhanced
facilities through use of state of art equipment for mobile
(DFL) forensics, computer forensic capabilities, password cracking
capability, etc. among other aspects of technology.

The primary objective is to bolster the agency's capacity for

completing investigations expeditiously, launching effective
prosecutions and securing convictions against those involved
in serious tax offences.
 National Cybercrime Forensic
Laboratory(NCFL)has been created in New
National Delhi by Union Ministry of Home Affairs,
Cyber Government of India, under a scheme
Forensic “Indian Cyber Crime Coordination
Laboratory Centre(I4C)”.
[NCFL] NCFL has been established to facilitate
Investigating Officers of the country in
carrying out forensic analysis of digital
evidence in order to prevent, contain,
mitigate, investigate and prosecute latest
and complex cyber crimes.
• The NCFL includes units likes Memory Forensics Labs, Image Enhancement Lab,
Network Forensics Lab, Malware Forensics Lab, Cryptocurrency Forensics
• Lab, Damaged Hard Disk and Advanced Mobile Forensics Lab. Cyber Crime
Coordination Centre (I4C) consists of seven verticals namely.
• National Cybercrime Threat Analytics Unit (TAU).
• National Cybercrime Reporting.
• National Cybercrime Forensic Laboratory (NCFL) Ecosystem.
• National Cybercrime Training Centre (NCTC).
• Cybercrime Ecosystem Management Unit.
• National Cyber Research and Innovation Centre.
• Both CyPAD and NCFL will assist law enforcers to proactively address cyber
threats in coordination with other law-enforcement agencies, national &
international cyber security organisation and various and online intermediaries.
 s an initiative of the Ministry of Home Affairs, Government of
India to deal with cyber crime in the country in a coordinated
and comprehensive manner.

Indian I4C focuses on tackling all the issues related to Cybercrime for

Cybercrim the citizens, which includes improving coordination between

various Law Enforcement Agencies and the stakeholders, driving

e change in India's overall capability to tackle Cybercrime and to

improve citizen satisfaction levels.

Coordinati Indian Cybercrime Coordination Centre scheme was approved on

on Centre 05th October 2018. Since its roll out, it has worked towards
enhancing the nation’s collective capability to tackle cybercrimes

(I4C) and develop effective coordination among the Law Enforcement

Agencies. The I4C was dedicated to the Nation on 10th January
2020 by Hon’ble Home Minister.