Five years ago, Rohas Nagpal helped the Indian Army to nab a couple of Pakistani spies in Jodhpur by tracking a trail of emails from a particular Internet parlour. In 2009, Ashish Sonal helped the ministry of external affairs to pin down spyware (malicious software that can hijack and cripple computer systems) that had affected nearly 600 computers. And last year, Abir Atarthy helped a multinational company track down a disgruntled former employee who was passing trade secrets masqueraded as songs in an MP3 player to a rival firm.
Nagpal, Sonal and Atarthy are experts in computer forensics. Also known as digital or cyber forensics, its a relatively new field that combines elements of computer science and law to collect and analyse data from computer systems, networks, wireless communications and the like in a manner that is admissible as evidence in a court of law.
Theres very little crime these days that may not involve some digital forensics work, says Dave Hull who heads Trusted Signal, a US-based information security consulting firm. Even many traditional crimes today involve computers. Evidence of premeditation in murder cases is often found on computers. Mobile phone records are also examined to prove the whereabouts of an individual charged with an offence, he explains.
Nagpal, who heads the Asian School of Cyber Laws, a Pune-based training and consultancy firm on computer forensics, agrees. Digital evidence can be sourced from electronic devices ranging from flash drives and compact disks to micro-cameras for a plethora of crimes including banking frauds, email hacking, child pornography and extortion, he says.
According to Atarthy, all this makes computer forensics one of the fastest growing professions of the century. Atarthy runs Netsoft Technologies, an institute in Kharagpur that trains computer forensic experts.
With growing access to the Internet, smart phones, Netbooks and so on, there has been a surge in cyber attacks in India, says Shantanu Ghosh, vice-president, Symantec India, a computer security multinational company. Consequently, this is creating the need for experts who have the technical knowledge and expertise to analyse, investigate and address them. As cyber criminals continue to innovate, computer security experts are required to stay a step ahead to detect these threats, he adds.
Computer forensics has gained much importance in recent times. Most terrorist groups nowadays use the Internet and mobile networks for communicating and money transactions, says Sonal, head of Orkash, a business intelligence firm in New Delhi. Cyber forensics can also be used in pre-emptive intelligence, such as predicting a terrorist attack.
Expectedly, a large number of computer forensics experts are required by law enforcement agencies, the armed forces and central investigating agencies, says Aditya K Sinha, team co-ordinator, Centre for Development of Advanced Computing (C-DAC), Pune.
Its a growing area and the majority of jobs comes from government agencies, agrees Samir Datt, director, Forensics Guru, a digital investigations company. Although there is a desperate need for trained people in the country, the jobs offered are mostly contractual in nature. Government agencies hire private firms for particular assignments.
Internationally, however, the demand is sky-high some experts charge as much as $600 (Rs 27,000) an hour. Hull of Trusted Signal points out, Most companies in the Fortune 500 list need cyber forensics experts. Specialty security companies also hire these professionals.
Rising espionage in the corporate world, fortunately or unfortunately, is creating a huge demand for such experts. The leaking of trade secrets and other information to competitor firms by employees is rampant in big companies, observes Atarthy of Netsoft Technologies.
Agrees Nagpal, The future of computer forensic experts seems bright. The annual loss for US organisations owing to computer crimes is estimated to be $67.2 billion. And according to our ministry of human resource development, the country needs at least 2.5 lakh professionals to tackle cyber crimes, he says.
So how can you be part of this sunrise industry? Hull lists some of the requirements: Excellent problem solving skills, curiosity, tenacity and a love for the scientific method. A thorough understanding and diverse background in information technology too are important.
Adds Sonal, You need to have a strong understanding of how computers and information systems work. According to Datt of Forensics Guru, candidates with a hackers mindset that is, those who get a kick out of cracking critical problems in digital devices would thrive in the field.
Hull believes that a degree or formal training is not essential; a demonstrated passion and an ability for the job is the criterion. Atarthy, Nagpal and Datta, however, think otherwise. Without specific training, its difficult to stay a step ahead in the rapidly-evolving world of cyber crime, they maintain. There are a few good security certifications that are widely accepted as entrance criteria. Those with a strong inclination for reverse engineering technology have a very good chance of succeeding in the industry, says Ghosh of Symantec India. Sinha of C-DAC adds, One needs a full-fledged course in cyber forensics built on a thorough understanding of advanced IT infrastructure and information system.
A final word of advice from Hull: working in digital forensics is an art and a science. Youve got to figure out what happened and create a story explaining it to non-technical people in non-technical terms. Its a fascinating field. Every case springs new challenges. And if youre right for this kind of work, youll love it.
Where you learn
■ Centre for Development of Advanced Computing (C-DAC) Resource Centre for Cyber Forensics, Thiruvananthapuram
PG diploma in information system and cyber security
Contact: www.cyber forensics.in
■ University of Madras, Chennai
MSc in cyber forensics and information security
■ Asian School of Cyber Laws, Pune
Certificate in digital evidence analysis
■ Netsoft Technologies, Kharagpur
Certificates for computer forensic investigation and tool-based forensic training
■ Gujarat Forensic Sciences University, Gandhinagar
PG diploma in cyber crime investigation and computer forensics
■ ForensicsGuru, New Delhi
Computer forensics, investigations and incidence response training
Certified Information Systems Security Professional or CISSP (www.isc2.org/cissp/
It’s an independent information security certification governed by the not-for-profit International Information Systems Security Certification Consortium, commonly known as ISC
Global Information Assurance Certified Forensic Analyst or GCFA (www.giac.org/
This is for professionals working in information security, computer forensics and incident response fields. It focuses on core skills needed to collect and analyse data from Windows and Linux computer systems
Global Information Assurance Certified Intrusion Analyst or GCIA (www.giac.org/
For knowledge, skills and abilities to configure and monitor intrusion detection systems, and to read, interpret and analyse network traffic and related log files
Global Information Assurance Certified Reverse Engineering Malware or GREM (www.giac.org/certifications/security/grem.php)
Designed for technologists who protect an organisation from malicious code.
The tests are available in India.