Forensics is the art and science of discovering, collection, preservation and presentation of evidence to meet a legal requirement. We normally use the term “Cyber Forensics” to describe forensic activities related to information technology devices such as computers.
Initially we used to use the term “Computer Forensics” to describe the requirement of evidence of anything connected with Computer Crimes. Slowly the terminology got replaced with “Cyber Forensics”. Additionally terms such as “Mobile Forensics”, “Disk Forensics”, “Network Forensics” etc gathered popular usage. One popular perception of the masses still remains that “Cyber Forensics” deals with Internet and E Mails which is perhaps a very restricted view of the term.
We are today much more matured than ever we were in relation to understanding the forensic requirements connected with Cyber Crimes. In today’s context, some times “Cyber Forensics” as a term needs to be re-defined so that it captures the meaning of what is required in today’s context.
The earlier recognition of Cyber Forensics as computer forensics, or mobile forensics etc is a device oriented approach. Similarly, the terms Network forensics, Internet Forensics and even the Social Media forensics etc are oriented towards the usage platform.
However, the real essence of anything that we deal with today with a “Computing Device” is the “Data” which is platform independent. It is the binary impression which exists in different forms and acquires a meaning when looked at with the right glasses. If there is a picture that has a blue back ground and green letters and I wear a green glass, I may not be able to see the letters. But it does not mean that the letters donot exist.
The real forensics therefore has to be able to look at the existence of evidence without the limitation of the surrounding platform.
This is what I call as the new approach of “Forensics” that we need to adopt and I term it as “Data Forensics”.
The objective of “Data Forensics” is to discover the presence of a meaningful stream of binary expressions that may be hidden in a background of a dependent platform, gather it, preserve it and then be able to present and prove it in a Court of law.
The much discussed Section 65B of Indian Evidence Act takes care of the linking of the platform with the data and hence is able to bring to evidence any data.
This approach to Forensics will sustain the advent of IoT, Big Data and even Quantum Computing.
I therefore urge the industry to start focusing on “Data Forensics” from now on instead of the word “Cyber Forensics”. This should be more palatable to the “Data Protection Professionals” whose focus is the “Data” and not the “Container of the Data”.
We will therefore adopt this term slowly into our discussions including the discussions on PDPSI (Personal Data Protection Standard of India) where “Forensic Investigation and Recording of findings” are part of the requirements.