Saturday, 2 January 2010

Forensic Cop Journal 3(3): Digital Forensic Principles


Following the fast development of IT, computer crime becomes a complex crime with the use of high technology, so that it is not easy for forensic investigators to analyse this crime, even to trace back the perpetrators. The criminals can utilise the internet or intranet in order to commit this crime by exploiting vulnerabilities which might exist in the network, or even in the target’s machine. By doing this, they can intrude the network and then hijack the target computers. They make these computers become botnet (i.e. robot network), so that they can get fully control on these machines, moreover they can order it to attack a server in order to make it down by applying DDos (Distributed Denial of Service) attack.  When a target computer can be compromised, the criminals can get fully access on it. They can obtain much information stored on this computer either confidential or normal. If the information is confidential, so they can use it for their illegal benefits such as selling it to the victim’s competitors or making identity fraud. If the information stolen is bank account or credit/debit card, so they can use it to purchase any stuff from the internet (i.e. it is called carding) or make money transfer. If the information obtained by the criminals is email account, so they can hijack it by changing the password and then send many fully wrong emails on behalf of the victim to anybody or any institutes. The receivers assume that the emails come from the victim. As long as the receivers have not known the actual condition yet, the criminals can persuade them to do something which is able to give bad impact to the target. There are many disadvantages occurred when a computer crime is committed.

From the description above, computer crime is a serious crime which requires more attention of law enforcement agencies. If it cannot be handled properly, so the perpetrators cannot be arrested by police, or even they can be released by the court when the evidence is not sufficient to support the case. Based on this reason, the digital forensic analyst is expected to be able to handle this crime properly. It means that the analyst should be able to provide strong evidence which can be used to prove the relationship between the case and the perpetrators. If this can be performed correctly, so it can be guaranteed that the case can be solved successfully. To provide strong evidence, the analyst should have good background on computer science and practical IT; and then they should be well understood on how a computer crime can occur. With this knowledge, they can investigate the case comprehensively, so that they will be able to obtain the fact of the case properly. The evidence supporting the involvement of the perpetrators can be provided perfectly by the analyst/investigators in order to bring them to the jail.

To reach this goal, the analyst should perform comprehensive digital forensic investigation by applying reliable investigative techniques as well as digital forensic procedures and applications. In dealing with this, the analyst should understand well about digital forensic principles. On this journal, it will explain the basic principles of Association of Chief Police Officers (ACPO) which must be applied by digital forensic analyst. These principles are also adopted by Digital Forensic Analyst Team (DFAT) of Forensic Laboratory Centre of Indonesian National Police (INP).

ACPO Basic Principles on Digital Forensic

To understand how to do seizure correctly, firstly the analyst should be able to understand digital forensic principles. According to ACPO in the UK, there are four principles which must be implemented in digital forensic investigation. Below are such principles (ACPO, p8, 2008).

To obtain further explanations about digital forensic princples particularly from ACPO including its impelementations, please access On this link, the pdf version of this journal can be downloaded.

Good Luck...!

1 comment:

  1. mas, saya mahasiswa tingkat akhir yang sedang mengadakan penelitian tentang digital forensik untuk skripsi nanya mengenai digital forensik di indonesia pengaturannya di mana ya?apa jg diatur dalam UU ITE (UU no.11 tahun 2008)? dn kekuatan pembuktian saksi ahli elektronik dalam persidangan pidana itu seperti apa?karena keterbatasan litratur, saya menta rekomendasi literatur donk mas?di bales ya mas..ini email terimakasih