Let’s decode DF-HO/MO/NW-5-L(E) and find out more about the author. By doing few online courses and gaining some practical experience Digital Forensics, professionals start referring to themselves as experts and it is difficult for a person on the other side especially the recruiters to gauge the expertise of that individual. Many professionals/experts say that they have in-depth knowledge of all disciplines in Digital Forensics which I do not agree at all. After almost two decades I have been able to work and gain expertise only in three to four disciplines. I strongly feel there is a need to categorize digital forensics experts which is the need of the hour. I this writeup I have tried to make an attempt to do so.
The COVID-19 lockdown has opened floodgates to e-learning and many new entrants/professionals from other areas of specialization, especially the IT Sector have crash-landed into the cyber domain. As on date, everyone has predicted that the field which is the least affected due to this pandemic is the cyber domain, and working from home is the new norm. Being in this domain for about two decades now, I welcome everyone with open arms to explore and contribute to make the digital world a much safer place for all of us.
I saw a post on a social media platform of an individual applying for Guinness World Record for the number of courses he did during the pandemic in a duration of a month. I applaud the individual for his time and passion but, I really wonder how much that particular individual must have been in terms of specialization in the area of specialization. Learning is the ongoing process and you learn till your last breath. Even after 20 years in this field I still learn a lot of things from new entrants and students interact with.
As per section 79A of IT Act 2000, Ministry of Electronics &IT (Govt of India) is Notifying Cyber/Digital Forensics Labs as ‘ Examiner of Electronic Evidence’ after thorough scrutiny for the purposes of providing expert opinion on electronic form evidence before any court or other authority. The scope of approval is one or more of disciplines/ areas of activity (Type of Forensic Investigation) carried out by Laboratories:
- Computer (Media) Forensics
- Network Forensics
- Mobile Devices Forensics
- Digital Video / Image & CCTV Forensics
- Digital Audio Forensics
- Digital Equipment / Machines (having embedded firmware)
- Any other
Well, I have always believed in narrowing down the scope, and for me, digital forensics is the narrow down scope in the cyber domain. Within Digital Forensics, there are many disciplines as shown below:
Categorization of Professionals in Cyber Forensics
It will be divided into four segments out of which every professional will have at least the first three while the fourth segment will be in special cases.
- First Segment of two characters: Main Field ( In our case it will be DF – Digital Forensics).
- Second Segment of min two characters (dynamic): It will denote the discipline or area of specialization. If the professional /expert is specialized in more than 2 disciplines than the second segment will vary and have a set of two characters separated by a forward slash.
- Third Segment of one Number: Total Experience in a number of years
- Fourth Segment: Only in the special case where the person is from Law Enforcement Agency (L) and if he has deposed as an Expert Witness in Court of Law(E)
Example : DF-XX–X or DF-XX/XX–X or DF-XX-X–L(E)
Example 1: Digital Forensics professional/expert is specialized in Host Forensics, with below 5 years of experience will be denoted as DF-HO-1
Example 2: Digital Forensics professional/expert is specialized in Host Forensics and Mobile Forensics, with below years of experience will be denoted as DF-HO/MO-1
Example 3: Digital Forensics professional/expert specialized in Host Forensics, Mobile Forensics and Network Forensics, with more than 20 years of experience, works/worked with Notified Forensic Lab of any Law Enforcement Agency and also has deposed as an Expert Witness in the Court will be denoted as DF-HO/MO/NW-5-L(E)
For the purpose of understanding let discuss second segment
- HO-Host Forensics – ( to include Memory Forensics, OS Forensics, Social Media Forensics, Storage Media Forensics)
- MO- Mobile Forensics ( to include all Mobile devices)
- AV – Audio/Video Forensics to include CCTV
- NW – Network Forensics
- CL– Cloud Forensics
- DR – Drone Forensics
- IO – IOT Forensics
- AU- Automotive Forensics
- DE – Digital Equipment / Machines (having embedded firmware) Forensics
Third segment is the number of years of experience
- 1:0- 5 years
- 2:5-10 years
- 4: 15-20 years
- 5: Above 20 Years
I am just putting across a thought that struck my mind and I think this is the way ahead. There are few issues to be addressed as who will do the grouping. I feel a Digital Forensics Working Group(DFWG) should be formed by a government at a national level which can have this as one of its mandates.
Please share your constructive ideas on this topic so that we can build upon this important aspect.