Santosh Khadsare, Cyber Forensics Expert, New Delhi, India

Mr Khadsare, you’ve worked in the cybersecurity and digital forensics field for about 20 years. How did you get into this line of work, and how have you seen the field in India evolve in that time?

Well, I graduated as an electronics and telecommunication engineer from Pune University in 1999 and in my initial years was responsible for communications and networking. My interest was towards investigations, so I decided to do a Cyber Crime Investigation Course from Asian School of Cyber Laws, Pune. This course was my starting point, after which I never looked at any other field. Over the years I have done around 15+ courses in digital forensics and had an opportunity to work on live cases, which is very important for a digital forensics professional.

Yes, I have seen the digital forensics field evolve from both a technology and device point of view.  Initially, analysis was examining floppy disks, computers and laptops; now it is conducted on devices such as smart TVs, drones, etc. From a technology point of view, [we are] moving from normal storage media to solid state devices and much more. In India the progress curve has been slow but there has been an exponential rise in the last five years. I see India as a global leader in providing digital forensic professionals in the next five years.

What areas of interest are you currently focusing your career on, and why?

Presently I am heading a National Cyber Forensics laboratory in New Delhi and am responsible for all activities, which includes upgrading of the laboratory, capacity building, analysis of real-time cases and also deposing as an expert witness in the court of law. But being in this position and with the the experience behind me, I am also planning future works in the digital/cyber forensics field. 

Currently my focus is to bring state of the art technologies such as JTAG, ISP, chip off, Micro Read, etc. [to the lab]. Every laboratory has a scope of carrying out digital forensics analysis that is limited to computer forensics and mobile forensics, while a few have the additional capability of cloud forensics and network forensics. Work on enhancement of capabilities such as IoT/IIoT forensics, SCADA forensics, drone forensics, automotive forensics, blockchain forensics, etc. is in progress.

I think the most important areas are capacity building, as there is a shortage of skilled manpower in digital/cyber forensics; and increasing the number of digital forensics laboratories to reduce the backlog of cases at various laboratories and speed up analysis.

What do you see as the primary investigative challenges for digital forensics examiners in India heading into the next decade, and what career opportunities do these challenges create?

Challenges in digital forensics are global and not only for India. I would like to divide them into the following areas.

Classical Problems:  Analysts face two classical problems: the problem of plenty and the problem of capacity. With time, the number of digital devices per case has increased manifold, leading to the problem of plenty. The capacity (storage) of each device has also increased exponentially, leading to the problem of capacity. This increases the processing and reviewing time of the case. There is much less time and plenty of data to be analysed.

Skilled Manpower: Digital forensics is a very niche field and there are very few professionals with the required skillset. Every sub branch of digital forensics requires a different skillset. For example, an analyst working on storage media and mobile forensics may not have a skillset related to drone or SCADA forensics and vice versa. Also even in a lab, there are different job profiles such as lab assistant, analyst, quality manager, technical manager, etc. which require varied skillsets. There is a shortage of skilled manpower in digital forensics labs, within various law enforcement agencies, judiciary, etc.

Digital Forensic Tools: Most of the digital forensic tools used in laboratories are proprietary and very costly, thus academic institutions and individuals cannot afford them, although free and open source tools are also available and not barred from use in cases. Training on commercial tools is also a costly affair, hence new entrants are hesitant in taking up this field as a career.

Cyber Laws: The cyber domain is boundary-less and there are no globally accepted cyber laws, leading to jurisdiction issues. The same is true when dealing with digital forensics cases, hence cases involving different countries pose a hurdle in investigations.

Evolving Technologies: With evolving technologies such as solid state devices, IoT/IIoT, SCADA, drones, etc. the tools and techniques of digital forensic investigation also change. Artificial intelligence will surely be used in solutions for digital forensics, but can never replace a digital forensics analyst. 

Other Issues: One major challenge in digital forensics is anti-forensics techniques used by accused parties. These techniques include wiping, encryption, steganography, overwriting, etc. Another challenge is that the backlog at various digital forensics laboratories is approximately three months. This needs to be reduced. 

Where does capacity building in India stand, not just in terms of digital forensics expertise, but also in terms of supporting roles: investigators, attorneys, judges, and so on?

Well, India has just shifted gear in the digital domain with various initiatives under the Digital India program. It has understood that the future of the world is not without cyber and it’s the right time to put the best foot forward. Many Indian universities have started including digital forensics at the graduate and postgraduate levels. We have a National Forensics Science University (NFSU) at Gandhinagar, Gujarat which imparts digital forensics training. Apart from that, there are several Central Forensic Science Laboratories (CFSLs) which assist in digital forensic investigations. The Ministry of Electronics and Information Technology, Government of India has a scheme under 79A of the Information Technology Act 2000 (Amdt 2008) which notifies digital forensics laboratories as Examiners of Electronic Evidence (EEE), thus laying out a standard that all labs should meet and giving legal backing to the analysis carried out by the digital forensics laboratories. As of now, eight labs have been notified and many are in the pipeline. Awareness programmes on digital forensics are being carried out for various law enforcement agencies, attorneys, judges, etc.

Forensic Focus readers were introduced to your work through our series on your LinkedIn posts, #25Days25Questions. What do you see as most important about engaging with the digital forensics community on social media?

As I said before, digital forensics is a niche field and professionals are hesitant to take it up as a career option due to the challenges mentioned in one of the previous questions. It is thus in the interest of the digital forensic community that people like us should come forward through any medium — especially social media, which is a powerful platform — and answer any queries that the new entrants have about this field. Many are not even aware that this field can be taken as a career option and are also unaware of the various job profiles that exist in this field, which requires varied experience starting from a diploma to post graduation.

How can digital forensics professionals build relationships with one another apart from social media — either as mentors and proteges, or as peers?

Other than social media, there are many other ways digital forensics professionals can build relationships. To mention a few, by writing for technical magazines, writing blogs, speaking at / attending various conferences, one-to-one mentoring, providing mentorship to digital forensics enthusiasts, etc.

I feel mentoring is one of the most important aspects, as it helps in motivating new entrants and also people who want to switch careers midway. Amongst peers it is always good to have healthy professional discussions on various challenges faced, as every case being investigated is different.

What advice do you have for other professionals who wish to mentor new or less experienced professionals? Likewise, your advice to those who wish to find mentors?

This is a very important question. Mentoring is an art and not all professionals can master it. You need to give time to the students you mentor, hear them out and guide them. It is not what you want the student to do but you should assist the student in achieving the goal he has dreamt. If you give a task, do not tell how to do it, just tell the final result required and let the student find his way.

For those looking for mentors, let me tell you are on the right track in the first place, as you are looking for a mentor. In digital forensics you will always need a mentor who can guide you through. He will not only assist you in choosing the right courses for digital forensics and giving you direction whenever you face a problem, but also will spread the word about the professional skills you have acquired, which is a very important aspect in the digital forensic community.

I always say “Mentorship and Internship” are very important in digital forensics.

Aside from work, what do you enjoy doing in your spare time?

Well I love speaking so whenever time permits, I conduct talks on various technical topics related to cybercrime, cyber security and digital forensics. Most of the time I spend other than work is mentoring digital forensic enthusiasts on their work. I make sure that everyone who gets in touch with me is answered either by email or on social media. In addition, I write articles on information security and digital forensics in national and international publications.

Leave a Comment