SlideShare uma empresa Scribd logo

Cybercrime investigation

Prof. (Dr.) Tabrez Ahmad
Prof. (Dr.) Tabrez Ahmad

Presentation made by Dr Tabrez Ahmad in Biju Pattanaik State Police Academy Bhubaneswar. To train DSP,s on Cyber Crime Investigation and Cyber Forensics.

EducaçãoTecnologia
1 de 88
Investigation of Cyber Crimes & Forensics Biju Pattnaik State Police Academy Bhubaneswar By Dr. Tabrez Ahmad Professor of Law www.technolexindia.com 1 Dr. Tabrez Ahmad http://technolexindia.blogspot.com
Agenda 1. The possible reliefs to a cybercrime victim and strategy adoption 2. The preparation for prosecution 3. Admissibility of digital evidence in courts 4. Defending an accused in a computer related crime 5. The techniques of cyber investigation and forensic tools 6. Future course of action  2 Dr. Tabrez Ahmad
Possible reliefs to a cybercrime victim- strategy adoption  A victim of cybercrime needs to immediately report the matter to his local police station and to the nearest cybercrime cell  Depending on the nature of crime there may be civil and criminal remedies.  In civil remedies , injunction and restraint orders may be sought, together with damages, delivery up of infringing matter and/or account for profits.  In criminal remedies, a cybercrime case will be registered by police if the offence is cognisable and if the same is non cognisable, a complaint should be filed with metropolitan magistrate  For certain offences, both civil and criminal remedies may be available to the victim 3 Dr. Tabrez Ahmad
Before lodging a cybercrime case  Important parameters-  Gather ample evidence admissible in a court of law  Fulfill the criteria of the pecuniary ,territorial and subject matter jurisdiction of a court.  Determine jurisdiction – case may be filed where the offence is committed or where effect of the offence is felt ( S. 177 to 179, CrPc) 4 Dr. Tabrez Ahmad
The criminal prosecution pyramid Conviction /acquittal Trial Contents of charge Issue of process –summons, warrant Examine the witnesses Examine the complainant on oath Initiation of criminal proceedings-cognizance of offences by magistrates 5 Dr. Tabrez Ahmad
Preparation for prosecution  Collect all evidence available & saving snapshots of evidence  Seek a cyberlaw expert‟s immediate assistance for advice on preparing for prosecution  Prepare a background history of facts chronologically as per facts  Pen down names and addresses of suspected accused.  Form a draft of complaint and remedies a victim seeks  Cyberlaw expert & police could assist in gathering further evidence e.g tracing the IP in case of e-mails, search & seizure or arrest as appropriate to the situation  A cyber forensic study of the hardware/equipment/ network server related to the cybercrime is generally essential 6 Dr. Tabrez Ahmad
Government Initiative • The Cyber Crime Investigation cell (CCIC) of the CBI, notified in September 1999, started functioning from 3 March 2000. • It is located in New Delhi, Mumbai, Chennai and Bangalore. • Jurisdiction of the cell is all over India. • Any incident of the cyber crime can be reported to a police station, irrespective of whether it maintains a separate cell or not. 7 Dr. Tabrez Ahmad
The Indian Computer Emergency Response Team (CERT-In)  IT Amendment ACT 2008. “70A. (1) The Indian Computer Emergency Response Team (CERT-In) shall serve as the national nodal agency in respect of Critical Information Infrastructure for coordinating all actions relating to information security practices, procedures, guidelines, incident prevention, response and report. (2) For the purposes of sub-section (1), the Director of the Indian Computer Emergency Response Team may call for information pertaining to cyber security from the service providers, intermediaries or any other person. 8 Dr. Tabrez Ahmad
Cognizability and Bailability As per IT Amendment Act 2008 Offences which have not less than 3 years punishment are cognizable and bailable 9 Dr. Tabrez Ahmad 9
Power of Police to Investigate Section 156 Cr.P.C. : Power to investigate cognizable offences. Section 155 Cr.P.C. : Power to investigate non cognizable offences. Section 91 Cr.P.C. : Summon to produce documents. Section 160 Cr.P.C. : Summon to require attendance of witnesses. 10 Dr. Tabrez Ahmad
Power of Police to investigate (contd.) Section 165 Cr.P.C. : Search by police officer. Section 93 Cr.P.C : General provision as to search warrants. Section 47 Cr.P.C. : Search to arrest the accused. Section 78 of IT Act, 2000 : Power to investigate offences-not below rank of Inspector. Section 80 of IT Act, 2000 : Power of police officer to enter any public place and search & arrest. 11 Dr. Tabrez Ahmad
Amendments- Indian Evidence Act 1872  Section 3 of the Evidence Act amended to take care of admissibility of ER as evidence along with the paper based records as part of the documents which can be produced before the court for inspection.  Section 4 of IT Act confers legal recognition to electronic records Dr. Tabrez Ahmad 12
Societe Des products Nestle SA case 2006 (33 ) PTC 469  By virtue of provision of Section 65A, the contents of electronic records may be proved in evidence by parties in accordance with provision of 65B.  Held- Sub section (1) of section 65B makes admissible as a document, paper print out of electronic records stored in optical or magnetic media produced by a computer subject to fulfillment of conditions specified in subsection 2 of Section 65B . a) The computer from which the record is generated was regularly used to store or process information in respect of activity regularly carried on by person having lawful control over the period, and relates to the period over which the computer was regularly used. b) Information was fed in the computer in the ordinary course of the activities of the person having lawful control over the computer. c) The computer was operating properly, and if not, was not such as to affect the electronic record or its accuracy. d) Information reproduced is such as is fed into computer in the ordinary course of activity.  State v Mohd Afzal, 2003 (7) AD (Delhi)1 13 Dr. Tabrez Ahmad
State v Navjot Sandhu (2005)11 SCC 600  Held, while examining Section 65 B Evidence Act, it may be that certificate containing details of subsection 4 of Section 65 is not filed, but that does not mean that secondary evidence cannot be given.  Section 63 & 65 of the Indian Evidence Act enables secondary evidence of contents of a document to be adduced if original is of such a nature as not to be easily movable. 14 Dr. Tabrez Ahmad
Presumptions in law- Section 85 B Indian Evidence Act  The law also presumes that in any proceedings, involving secure digital signature, the court shall presume, unless the contrary is proved, that the secure digital signature is affixed by the subscriber with the intention of signing or approving the electronic record  In any proceedings involving a secure electronic record, the court shall presume, unless contrary is proved, that the secure electronic record has not been altered since the specific point of time, to which the secure status relates 15 Dr. Tabrez Ahmad
Presumption as to electronic messages- Section 88A of Evidence Act  The court may treat electronic messages received as if they were sent by the originator, with the exception that a presumption is not to be made as to the person by whom such message was sent.  It must be proved that the message has been forwarded from the electronic mail server to the person ( addressee ) to whom such message purports to have been addressed  An electronic message is primary evidence of the fact that the same was delivered to the addressee on date and time indicated. 16 Dr. Tabrez Ahmad
IT Amendment Act 2008-Section 79A  Section 79A empowers the Central govt to appoint any department, body or agency as examiner of electronic evidence for proving expert opinion on electronic form evidence before any court or authority.  Till now, government forensic lab of hyderabad was considered of evidentiary value in courts- CFSIL  Statutory status to an agency as per Section 79A will be of vital importance in criminal prosecution of cybercrime cases in India 17 Dr. Tabrez Ahmad
Probable activities for defense by an accused in a cybercrime case  Preparation of chain of events table  Probing where evidence could be traced? E-mail inbox/files/folders/ web history  Has the accused used any erase evidence software/tools  Forensically screening the hardware/data/files /print outs / camera/mobile/pendrives of evidentiary value  Formatting may not be a solution  Apply for anticipatory bail  Challenge evidence produced by opposite party and look for loopholes  Filing of a cross complaint if appropriate 18 Dr. Tabrez Ahmad
Sec 69: Decryption of information  Ingredients  Controller issues order to Government agency to intercept any information transmitted through any computer resource.  Order is issued in the interest of the  sovereignty or integrity of India,  the security of the State,  friendly relations with foreign States,  public order or  preventing incitement for commission of a cognizable offence  Person in charge of the computer resource fails to extend all facilities and technical assistance to decrypt the information-punishment upto 7 years. 19 Dr. Tabrez Ahmad
Sec 70 Protected System  Ingredients  Securing unauthorised access or attempting to secure unauthorised access  to „protected system‟  Acts covered by this section:  Switching computer on / off  Using installed software / hardware  Installing software / hardware  Port scanning  Punishment  Imprisonment up to 10 years and fine  Cognizable, Non-Bailable, Court of Sessions 20 Dr. Tabrez Ahmad
Computer Forensics and Cyberforensics Computer forensics is considered to be the use of analytical and investigative techniques to identify, collect, examine, preserve and present evidence or information which is magnetically stored or encoded A better definition for law enforcement would be the scientific method of examining and analyzing data from computer storage media so that the data can be used as evidence in court. Media = computers, mobile phones, PDA, digital camera, etc. 21 Dr. Tabrez Ahmad
Handling of Evidences by Cyber Analysts Collect, Obs Analyze and Identify erve & Verify Organize Preserve Four major tasks for working with digital evidence Identify: Any digital information or artifacts that can be used as evidence. Collect, observe and preserve the evidence Analyze, identify and organize the evidence. Rebuild the evidence or repeat a situation to verify the same results every time. Checking the hash value. 22 Dr. Tabrez Ahmad
Incident Response – a precursor to Techniques of Cyber investigation & forensic tools  „Incident response‟ could be defined as a precise set of actions to handle any security incident in a responsible ,meaningful and timely manner.  Goals of incident response-  To confirm whether an incident has occurred  To promote accumulation of accurate information  Educate senior management  Help in detection/prevention of such incidents in the future,  To provide rapid detection and containment  Minimize disruption to business and network operations  To facilitate for criminal action against perpetrators 23 Dr. Tabrez Ahmad
Six steps of Incident response Detection of incidents Pre incident preparation Resolution Initial response Investigate the incident Reporting 24 Dr. Tabrez Ahmad
Techniques of cyber investigation- Cyber forensics  Computer forensics, also called cyber forensics, is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law.  The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it. 25 Dr. Tabrez Ahmad
6 A‟s of digital forensics Assessment Acquisition Authentication Analysis Articulation 26 Dr. Tabrez Ahmad
Rules of evidence  Computer forensic components-  Identifying  Preserving  Analysing  Presenting evidence in a legally admissible manner Dr. Tabrez Ahmad 27
FBI handbook of forensic investigation- techniques for computer forensics Examine type of content in Comparison of data files computer Transactions-to know time Data files can be extracted and sequence when data files from computer were created Deleted data files can be Data files can be converted recovered from the computer from one format to the other Key word searching passwords Limited source code can be Storage media with analysed and compared standalone word processors can be examined Dr. Tabrez Ahmad 28
Sources of Evidence  Existing Files  Deleted Files  Logs  Special system files (registry etc.)  Email archives, printer spools  Administrative settings  Internet History  Chat archives  Misnamed Files  Encrypted Files / Password Protected files etc. 29 Dr. Tabrez Ahmad
Cyberforensics in accounting frauds  Use of CAAT –computer assisted audit techniques- spreadsheets, excel, MS access  Generalized audit software-PC based file interrogation software- IDEA,ACL  Help detect fictitious suppliers, duplicate payments, theft of inventory  Tender manipulation, secret commissions  False financial reporting  Expense account misuse  Insider trading 30 Dr. Tabrez Ahmad
Establishment and maintenance of „Chain of Custody  Tools required:  - Evidence notebook  - Tamper evident labels  - Permanent ink pen  - Camera  Document the following:  - Who reported the incident along with critical date and times  - Details leading up to formal investigation  - Names of all people conducting investigation  - Establish and maintain detailed „activity log‟ 31 Dr. Tabrez Ahmad
Maintaining Chain Of Custody  Take pictures of the evidence  - Document „crime scene‟ details  Document identifiable markings on evidence  Catalog the system contents  Document serial numbers, model numbers, asset tags  “Bag” it!  Maintain Chain Of Custody on tamperproof  evidence bag  Take a picture! Dr. Tabrez Ahmad 32
E-mail forensics  E-mail composed of two parts- header and body  Examine headers  Request information from ISP  Trace the IP  Tools-Encase,FTK,Final email  Sawmill groupwise  Audimation for logging  Cracking the password- brute force attack, smart search, dictionary search, date search, customised search, guaranteed decryption, plaintext attack  Passware, ultimate zip cracker,office recovery enterprise,etc 33 Dr. Tabrez Ahmad
Computer forensic analysis within the forensic tradition.  Alphonse Bertillon- [freezing the scene]: in 1879 introduce a methodical way of documenting the scene by photographing, for example, bodies, items, footprints, bloodstains in situ with relative measurements of location, position, and size Bertillon is thus the first known forensic photographer.  Bertillonage : system of identifying individuals over 200 separate body measurements, was in use till 1910 and was only rendered obsolete by the discovery that fingerprints were unique. 34 Dr. Tabrez Ahmad
Key Principal of Forensics  Edmond Locard articulated one of the forensic science‟s key rules, known as Locard’s Exchange Principle.  “The principle states that when two items or persons come into contact, there will be an exchange of physical traces. Something is brought, and something is taken away, so that suspects can be tied to a crime scene by detecting these traces”. 35 Dr. Tabrez Ahmad
Stakeholders:  National security  Custom & Excise  Law enforcement agents  Businesses (embezzlement, industrial espionage, stealing confidential information, and racial or sexual harassment).  Corporate crime [according to report the accountants and auditors for Enron not only used e-mail to communicate but also subsequently deleted these e-mails] 36 Dr. Tabrez Ahmad
Problems In Indian Context.  No Standard for Computer Forensic is yet developed.  No Guidelines for Companies dealing with electronic data, during disputes.  No recognition to any of the forensics tool.  Issues related to anti-forensics are not talked about. ……………… 37 Dr. Tabrez Ahmad
Over All Scenario  To date, computer forensics has been primarily driven by vendors and applied technologies with very little consideration being given to establishing a sound theoretical foundation  The national and international judiciary has already begun to question the ‘‘scientific’’ validity of many of the ad hoc procedures and methodologies and is demanding proof of some sort of theoretical foundation and scientific rigor. 38 Dr. Tabrez Ahmad
CONTD..  Commercial software tools are also a problem because software developers need to protect their code to prevent competitors from stealing their product. However, since most of the code is not made public, it is very difficult for the developers to verify error rates of the software, and so reliability of performance is still questionable . 39 Dr. Tabrez Ahmad
CONTD.. The specialized tools used by a computer forensic expert are viewed as intolerably expensive by many corporations, and as a result many corporations simply choose not to invest any meaningful money into computer forensics. This trend amplifies cyber crime rates Open source software‟s were also not been tested or verified for the effectiveness to serve the above purposes (Open for research) 40 Dr. Tabrez Ahmad
Legal Aspects  The growing demand for security and certainty in cyber space leads to more stringent laws.  The violation and maintaining of these laws (cyber laws) must be distinguished from classical criminal activities and criminal law enforcement.  The dynamics between these different forms of law violation and law enforcement is important and shall be addressed. 41 Dr. Tabrez Ahmad
Computer Forensic Tools Forensic Tool Kit: FTK is developed by Access Data Corporation (USA); it enables law enforcement and corporate security professionals to perform complete and in-depth computer forensic analysis. 42 Dr. Tabrez Ahmad Main Window of FTK
TYPICAL TOOLS  EMAIL TRACER  TRUEBACK  CYBERCHECK  MANUAL 43 Dr. Tabrez Ahmad
Current and Emerging Cyber Forensic Tools of Law Enforcement 44 Dr. Tabrez Ahmad
ENCASE FORENSIC: Encase Forensic developed by Guidance Software USA is the industry standard in computer forensic investigation technology. With an intuitive Graphical User Interface (GUI), superior analytics, enhanced email/Internet support and a powerful scripting engine, EnCase provides investigators with a single robust tool, capable of conducting large-scale and very complex investigations from beginning to end. 45 Dr. Tabrez Ahmad Main Window of Encase
 Encase Forensic is very useful forensic solution but it lacks following important feature:  In Encase forensic there is no password cracking/recovery facility. So if during investigation process the examiner detected any password protected files then he had to rely on third party tools. 46 Dr. Tabrez Ahmad
EMAIL TRACER FORENSIC TOOL 47 Dr. Tabrez Ahmad
FEATURES OF EMAIL TRACER •Display of Actual Mail Content for Outlook Express, Eudora, MS Outlook and mail clients with MBOX mailbox. •Display the Mail Content (HTML / Text) •Display the Mail Attributes for Outlook Express. •Display of extracted E-mail header information •Save Mail Content as .EML file. •Display of all Email attachments and Extraction. •Display of E-mail route. •IP trace to the sender’s system. •Domain name look up. •Display of geographical location of the sender’s gateway on a world map. •Mail server log analysis for evidence collection. •Access to Database of Country code list along with IP address information. 48 Dr. Tabrez Ahmad
EMAIL TRACING OVER WEB AS A PRE-EMPTIVE TOOL 49 Dr. Tabrez Ahmad
EMAIL TRACING SERVICE  Users can submit their tracing task to Email Tracer through web.  Tracing IP Address upto city level (non-spoofed)  Detection of spoofed mail  Detailed report 50 Dr. Tabrez Ahmad
51 Dr. Tabrez Ahmad
52 Dr. Tabrez Ahmad
53 Dr. Tabrez Ahmad
SEIZURE & ACQUISITION TOOL TRUEBACK 54 Dr. Tabrez Ahmad
FEATURES OF TRUE BACK  DOS application with event based Windowing System.  Self-integrity check.  Minimum system configuration check.  Extraction of system information  Three modes of operation: - Seize - Acquire - Seize and Acquire 55 Dr. Tabrez Ahmad
Disk imaging through Parallel port. Disk imaging using Network Interface Card.  Block by Block acquisition with data integrity check on each block.  IDE/SCSI, USB, CD and Floppy acquisition.  Acquisition of floppies and CDs in Batch mode.  Write protection on all storage media except destination media.  Checking for sterile destination media.  Progress Bar display on all modes of operation.  Report generation on all modes of operation. BIOS and ATA mode acquisition 56 Dr. Tabrez Ahmad
ANALYSIS TOOL CYBER CHECK 57 Dr. Tabrez Ahmad
Cyber Check Suites: The IT Act 2000 is India's first attempt to combat cyber crime. To assist in the enforcement of the IT Act, the Department of Information Technology, Ministry of Communications and Information Technology, has setup a Technical Resource Centre for Cyber Forensics at C- DAC, Thiruvananthapuram. Cyber Check is a forensic analysis tool developed by C-DAC Thiruvanathapuram, 58 Dr. Tabrez Ahmad Probe Window of Cyber Check Suite
CyberCheck - Features Standard Windows application. Self-integrity check. Minimum system configuration check. Analyses evidence file containing FAT12, FAT16, FAT32, NTFS and EXT2FS file system. Analyses evidence files created by the following disk imaging tools: TrueBack LinkMasster Encase User login facilities. 59 Dr. Tabrez Ahmad
CyberCheck– Features (Contd …) Creates log of each analysis session and Analyzing officer‟s details. Block by block data integrity verification while loading evidence file. Explorer type view of contents of the whole evidence file. Display of folders and files with all attributes. Show/Hide system files. Sorting of files based on file attributes. Text/Hex view of the content of a file. Picture view of an image file. GalleryTabrez Ahmadimages. 60 Dr. view of
CyberCheck– Features (Contd …) Graphical representation of the following views of an evidence file: Disk View. Cluster View. Block view. Timeline view of: All files Deleted files. Time anomaly files. Signature mismatched files. Files created within a time frame. 61 Dr. Tabrez Ahmad
CyberCheck– Features (Contd …) Display of cluster chain of a file. Single and Multiple Keyword search. Extraction of Disk, Partition, File and MBR slacks. Exclusive search in slack space. Extraction of unused unallocated clusters and exclusion from search space. Exclusive search in used unallocated clusters . Extraction of lost clusters. Exclusive search in data extracted from lost clusters. Extraction of Swap files. Exclusive search in data extracted from Swap files. 62 Dr. Tabrez Ahmad
CyberCheck– Features (Contd …) File search based on file extension. File search based on hash value. Exclusion of system files from search space. Data recovery from deleted files, slack space, used unallocated clusters and lost clusters. Recovery of formatted partitions. Recovery of deleted partitions. Exporting files, folders and slack content. Exporting folder structure including file names into a file. Exporting files on to external viewer. 63 Dr. Tabrez Ahmad
CyberCheck– Features (Contd …) Local preview of storage media. Network preview of storage media using cross-over cable. Book marking of folders, files and data. Adding book marked items into report. Restoration of storage media. Creating raw image. Raw image analysis. Facility for viewing Mailbox files of Microsoft Outlook Express, Microsoft Outlook, Eudora and Linux Mail clients. 64 Dr. Tabrez Ahmad
CyberCheck– Features (Contd …) Registry viewer. Hash set of system files. Identification of encrypted & password protected files. Identification of steganographed image files. Generation of analysis report with the following features. Complete information of the evidence file system. Complete information of the partitions and drive geometry. Hash verification details. User login and logout information. 65 Dr. Tabrez Ahmad
CyberCheck– Features (Contd …) Exported content of text file and slack information. Includes picture file as image. Saving report, search hits and book marked items for later use. Password protection of report. Print report. 66 Dr. Tabrez Ahmad
PASSWORD CRACKING GRID Enabled Password Cracker 67 Dr. Tabrez Ahmad
PASSWORD CRACKING OF ZIP FILES USING GRID CYBER FORENSICS LAB INTERNET GRID GRID SERVER FSL CBI POLICE CRIME CELL 68 Dr. Tabrez Ahmad
PASSWORD CRACKING OF ZIP FILES USING GRID 4. GRID SERVER SENDS 3. CLIENTS COMPUTES AND RESULTS OVER INTERNET SEND RESULTS TO SERVER INTERNET GRID GRID SERVER 1.ZIPPED FILE SUBMISSION FSL CBI 2. SERVER RECEIVES AND DISTRIBUTES TO POLICE CRIME CELL GRID CLIENTS 69 Dr. Tabrez Ahmad
WHO’S AT THE KEYBOARD?  BIOMETRICS  A software driver associated with the keyboard records the user’s rhythm in typing.  These rhythms are then used to generate a profile of the authentic user. 70 Dr. Tabrez Ahmad
WHO’S AT THE KEYBOARD?  FORENSIC STYLISTICS  A qualitative approach to authorship assesses errors and “idiosyncrasies” based on the examiner’s experience.  This approach could be quantified through Databasing. 71 Dr. Tabrez Ahmad
WHO’S AT THE KEYBOARD?  STYLOMETRY  It is quantitative and computational method, focusing on readily computable and countable language features, e.g. word length, phrase length, sentence length, vocabulary frequency, distribution of words of different lengths. 72 Dr. Tabrez Ahmad
Comparison between Encase Version 6.0, FTK, and Cyber Check Suite. 73 Dr. Tabrez Ahmad
MULTI DIMENSIONAL CHALLENGES 74 Dr. Tabrez Ahmad
TECHNICAL  Ubiquity Of Computers  Crimes Occur In All Jurisdictions  Training Law Enforcement Agencies Becomes a Challenge  Technology Revolution Leads To Newer Systems, Devices Etc.. 75 Dr. Tabrez Ahmad
OPERATIONAL  ALL DATA MUST BE GATHERED AND EXAMINED FOR EVIDENCE  GIGABYTES OF DATA  PROBLEMS OF o STORAGE o ANALYSIS o PRESENTATION..  NO STANDARD SOLUTION AS YET 76 Dr. Tabrez Ahmad
SOCIAL  IT RESULTS IN  UNCERTAINITIES ABOUT EFFECTIVENESS OF CURRENT INVESTIGATION TECHNIQUES  SUB OPTIMAL USE OF RESOURCES  PRIVACY CONCERNS 77 Dr. Tabrez Ahmad
LEGAL  USES & BOUNDARIES OF DIGITAL EVIDENCE IN LEGAL PROCEDURES STILL UNCLEAR  CURRENT TOOLS & TECHNIQUES NOT RIGOROUSLY USED / CONTESTED IN COURT 78 Dr. Tabrez Ahmad
Challenges faced by Law Enforcement Awareness: Technology is changing very rapidly. So does the increase in Cyber crimes, No proper awareness shared with regard to crime and latest tools. People are so ignorant that makes it effortless for cyber criminals to attack. People fear to report crimes and some crimes are not properly recorded. The reason behind this is that the victim is either scared of police harassment or wrong media publicity. For minority and marginalised groups who already bear the brunt of media bias, reporting online harassment to the police may simply draw further unwanted attention. The public is not aware of the resources and services that law enforcement could provide them if being a victim of crime or witness. 79 Dr. Tabrez Ahmad
 Technical Issues: Large amount of storage space required for storing the imaged evidences and also for storing retrieved evidence after analysis. Retrieved evidence might contain documents, pictures, videos and audio files which takes up a lot of space. Technical issues can further be categorised into software and hardware issues. 80 Dr. Tabrez Ahmad
Software and Hardware Issues: The growth of Cyber crime as given rise to numerous Forensic software vendors. The challenge being to choose among them and no single forensic tool solves the entire case, there are loads of third party tools available. So is the case with Hardware tools, Most common and liable h/w tool is the FRED. But when it comes to Mobile forensics it is a challenge to decide the compatibility of different phones and which h/w to rely on.. 81 Dr. Tabrez Ahmad
Recently China has been manufacturing mobile phones that have cloned IME numbers which is a current challenge faced in Mobile forensics.  Information sharing: Information sharing is a best practice and can be accomplished by a variety of means such as interacting with industry groups, attending briefings, meetings, seminars and conferences, and working actively with forensic bodies like CDAC.. 82 Dr. Tabrez Ahmad
Inadequate Training and Funds: Due to the growing of cyber forensic tools law enforcement does not get adequate training and awareness on innovative tools. Training bodies are limited and are pricey. Insufficient funding in order to send officers for training and investing on future enhancements. Transfers and recruiting officers adds to the loss of experienced staff and spending for training the newcomers. Cases become pending in such circumstances. 83 Dr. Tabrez Ahmad
 Global Issues: Most of the IP addresses retrieved during investigation leads to servers or computers located abroad which have no identity, hence further investigations are blocked and closed. Correspondence with bodies such as Google, Yahoo, Hotmail is quite time consuming and prolong the investigations.  Wireless or Wi-Fi, Bluetooth, Infrared Issues: Latest wireless technologies which provide internet connections causes exploitation especially when it is not secured. This is the present technology terrorists and radical activists exploit. This is another vulnerability that law enforcement faces. 84 Dr. Tabrez Ahmad
References  Computer forensics by Michael Sheetz published by John Wiley and Sons  Cyber crime Impact in the new millennium by R.C Mishra.  Roadmap for digital forensic Research [Report From the First Digital Forensic Research Workshop]  Forensic Corpora: A Challenge for Forensic Research Simson L. Garfinkel April 10, 2007  Computer and Intrusion Forensics by Mohay,Anderson Collie,Devel Published by Artech House. 85 Dr. Tabrez Ahmad
Future Course of Action  Mumbai Cyber lab is a joint initiative of Mumbai police and NASSCOM –more exchange and coordination of this kind  More Public awareness campaigns  Training of police officers to effectively combat cyber crimes  More Cyber crime police cells set up across the country  Effective E-surveillance  Websites aid in creating awareness and encouraging reporting of cyber crime cases.  Specialised Training of forensic investigators and experts  Active coordination between police and other law enforcement agencies and authorities is required. 86 Dr. Tabrez Ahmad
Do you have any question? 87 Dr. Tabrez Ahmad
88 Dr. Tabrez Ahmad

Recomendados

Investigation of a cyber crime
Investigation of a cyber crimeInvestigation of a cyber crime
Investigation of a cyber crimeatuljaybhaye
 
Cyber law
Cyber lawCyber law
Cyber lawArnab Roy Chowdhury
 
Legal aspects of digital forensics
Legal aspects of digital forensics Legal aspects of digital forensics
Legal aspects of digital forensics KakshaPatel3
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics sunanditaAnand
 
Introduction to Cyber Crimes
Introduction to Cyber CrimesIntroduction to Cyber Crimes
Introduction to Cyber Crimesatuljaybhaye
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensicSANTANU KUMAR DAS
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Introduction to Cyber law (IT Act 2000)
Introduction to Cyber law (IT Act 2000)Introduction to Cyber law (IT Act 2000)
Introduction to Cyber law (IT Act 2000)Ambar Deo
 

Recomendados

Investigation of a cyber crime
Investigation of a cyber crimeInvestigation of a cyber crime
Investigation of a cyber crimeatuljaybhaye
 
Cyber law
Cyber lawCyber law
Cyber lawArnab Roy Chowdhury
 
Legal aspects of digital forensics
Legal aspects of digital forensics Legal aspects of digital forensics
Legal aspects of digital forensics KakshaPatel3
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics sunanditaAnand
 
Introduction to Cyber Crimes
Introduction to Cyber CrimesIntroduction to Cyber Crimes
Introduction to Cyber Crimesatuljaybhaye
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensicSANTANU KUMAR DAS
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Introduction to Cyber law (IT Act 2000)
Introduction to Cyber law (IT Act 2000)Introduction to Cyber law (IT Act 2000)
Introduction to Cyber law (IT Act 2000)Ambar Deo
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
cyber forensics
cyber forensicscyber forensics
cyber forensicsAmbuj Kumar
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Cyber crimes in the digital age
Cyber crimes in the digital ageCyber crimes in the digital age
Cyber crimes in the digital ageatuljaybhaye
 
Cyber crime and its types
Cyber crime and its typesCyber crime and its types
Cyber crime and its typesDINESH KAMBLE
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics pptRoshiniVijayakumar1
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Cyber crime against property
Cyber crime against propertyCyber crime against property
Cyber crime against propertyvarunbamba
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies Network Intelligence India
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013Vidushi Singh
 
Historical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes newHistorical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes newDr. Arun Verma
 
Information technology act 2000
Information technology act 2000Information technology act 2000
Information technology act 2000Akash Varaiya
 
Jurisdiction issues in cyberspace
Jurisdiction issues in cyberspaceJurisdiction issues in cyberspace
Jurisdiction issues in cyberspaceatuljaybhaye
 
Forgery
ForgeryForgery
ForgeryRahul Kumar
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime InvestigationHarshita Ved
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Karnika Seth
 

Mais conteúdo relacionado

Mais procurados

Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Cyber crimes in the digital age
Cyber crimes in the digital ageCyber crimes in the digital age
Cyber crimes in the digital ageatuljaybhaye
 
Cyber crime and its types
Cyber crime and its typesCyber crime and its types
Cyber crime and its typesDINESH KAMBLE
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Cyber crime against property
Cyber crime against propertyCyber crime against property
Cyber crime against propertyvarunbamba
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies Network Intelligence India
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013Vidushi Singh
 
Historical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes newHistorical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes newDr. Arun Verma
 
Information technology act 2000
Information technology act 2000Information technology act 2000
Information technology act 2000Akash Varaiya
 
Jurisdiction issues in cyberspace
Jurisdiction issues in cyberspaceJurisdiction issues in cyberspace
Jurisdiction issues in cyberspaceatuljaybhaye
 

Mais procurados (20)

Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Cyber crimes in the digital age
Cyber crimes in the digital ageCyber crimes in the digital age
Cyber crimes in the digital age
 
Cyber crime and its types
Cyber crime and its typesCyber crime and its types
Cyber crime and its types
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
Cyber crime against property
Cyber crime against propertyCyber crime against property
Cyber crime against property
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
 
Historical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes newHistorical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes new
 
Information technology act 2000
Information technology act 2000Information technology act 2000
Information technology act 2000
 
Jurisdiction issues in cyberspace
Jurisdiction issues in cyberspaceJurisdiction issues in cyberspace
Jurisdiction issues in cyberspace
 
Forgery
ForgeryForgery
Forgery
 

Destaque

Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime InvestigationHarshita Ved
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Karnika Seth
 
Learn More About Cyber Crime Investigation
Learn More About Cyber Crime Investigation Learn More About Cyber Crime Investigation
Learn More About Cyber Crime Investigation Skills Academy
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card SecurityPrav_Kalyan
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 

Destaque (10)

Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime Investigation
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
 
Learn More About Cyber Crime Investigation
Learn More About Cyber Crime Investigation Learn More About Cyber Crime Investigation
Learn More About Cyber Crime Investigation
 
Ch08
Ch08Ch08
Ch08
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card Security
 
Smart card system ppt
Smart card system ppt Smart card system ppt
Smart card system ppt
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Smart card
Smart cardSmart card
Smart card
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
 

Semelhante a Cybercrime investigation

Electronic evidence digital evidence in india
Electronic evidence digital evidence in indiaElectronic evidence digital evidence in india
Electronic evidence digital evidence in indiaAdv Prashant Mali
 
Relavancy and Admissibility ppt.pptx
Relavancy and Admissibility ppt.pptxRelavancy and Admissibility ppt.pptx
Relavancy and Admissibility ppt.pptxadiljamalullaily
 
Useful article on e evidnce
Useful article on e evidnceUseful article on e evidnce
Useful article on e evidnceArjun Randhir
 
Gautam 046.pptx on evidence law related to electronic evidence
Gautam 046.pptx on evidence law related to electronic evidenceGautam 046.pptx on evidence law related to electronic evidence
Gautam 046.pptx on evidence law related to electronic evidenceGautamShaurya
 
Electronic Evidence fraud conference
Electronic Evidence fraud conferenceElectronic Evidence fraud conference
Electronic Evidence fraud conferenceAdv Prashant Mali
 
Legal aspects of handling cyber frauds
Legal aspects of handling cyber fraudsLegal aspects of handling cyber frauds
Legal aspects of handling cyber fraudsSagar Rahurkar
 
CYBER CRIME JUDICIAL PERSPECTIVE (1).ppt
CYBER CRIME JUDICIAL PERSPECTIVE (1).pptCYBER CRIME JUDICIAL PERSPECTIVE (1).ppt
CYBER CRIME JUDICIAL PERSPECTIVE (1).pptAdityaRanjan789094
 
Computer Forensics & Cyber Crimes
Computer Forensics & Cyber CrimesComputer Forensics & Cyber Crimes
Computer Forensics & Cyber CrimesAnamZunaira
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 
Cyber Security Attacks - Critical Legal and Investigation Aspects
Cyber Security Attacks - Critical Legal and Investigation AspectsCyber Security Attacks - Critical Legal and Investigation Aspects
Cyber Security Attacks - Critical Legal and Investigation AspectsBenjamin Ang
 
Recent trends in use of ict in courts
Recent trends in use of ict in courtsRecent trends in use of ict in courts
Recent trends in use of ict in courtsTalwant Singh
 
Cybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowCybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowBenjamin Ang
 

Semelhante a Cybercrime investigation (20)

Electronic evidence digital evidence in india
Electronic evidence digital evidence in indiaElectronic evidence digital evidence in india
Electronic evidence digital evidence in india
 
Relavancy and Admissibility ppt.pptx
Relavancy and Admissibility ppt.pptxRelavancy and Admissibility ppt.pptx
Relavancy and Admissibility ppt.pptx
 
Itet3 its forensics
Itet3 its forensicsItet3 its forensics
Itet3 its forensics
 
Useful article on e evidnce
Useful article on e evidnceUseful article on e evidnce
Useful article on e evidnce
 
Gautam 046.pptx on evidence law related to electronic evidence
Gautam 046.pptx on evidence law related to electronic evidenceGautam 046.pptx on evidence law related to electronic evidence
Gautam 046.pptx on evidence law related to electronic evidence
 
Electronic Evidence with Case Laws for Maharashtra Judicial Academy by Prasha...
Electronic Evidence with Case Laws for Maharashtra Judicial Academy by Prasha...Electronic Evidence with Case Laws for Maharashtra Judicial Academy by Prasha...
Electronic Evidence with Case Laws for Maharashtra Judicial Academy by Prasha...
 
Electronic Evidence fraud conference
Electronic Evidence fraud conferenceElectronic Evidence fraud conference
Electronic Evidence fraud conference
 
Cyber evidence at crime scene
Cyber evidence at crime sceneCyber evidence at crime scene
Cyber evidence at crime scene
 
Legal aspects of handling cyber frauds
Legal aspects of handling cyber fraudsLegal aspects of handling cyber frauds
Legal aspects of handling cyber frauds
 
CYBER CRIME JUDICIAL PERSPECTIVE (1).ppt
CYBER CRIME JUDICIAL PERSPECTIVE (1).pptCYBER CRIME JUDICIAL PERSPECTIVE (1).ppt
CYBER CRIME JUDICIAL PERSPECTIVE (1).ppt
 
Computer Forensics & Cyber Crimes
Computer Forensics & Cyber CrimesComputer Forensics & Cyber Crimes
Computer Forensics & Cyber Crimes
 
Cyber security
Cyber securityCyber security
Cyber security
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber crime 1
Cyber crime 1Cyber crime 1
Cyber crime 1
 
Cyber Security Attacks - Critical Legal and Investigation Aspects
Cyber Security Attacks - Critical Legal and Investigation AspectsCyber Security Attacks - Critical Legal and Investigation Aspects
Cyber Security Attacks - Critical Legal and Investigation Aspects
 
Recent trends in use of ict in courts
Recent trends in use of ict in courtsRecent trends in use of ict in courts
Recent trends in use of ict in courts
 
Cybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must knowCybersecurity attacks critical legal and investigation aspects you must know
Cybersecurity attacks critical legal and investigation aspects you must know
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
 

Mais de Prof. (Dr.) Tabrez Ahmad

Trademark Infringements in E-commerce: A Comparative Study of India, China & USA
Trademark Infringements in E-commerce: A Comparative Study of India, China & USATrademark Infringements in E-commerce: A Comparative Study of India, China & USA
Trademark Infringements in E-commerce: A Comparative Study of India, China & USAProf. (Dr.) Tabrez Ahmad
 
Future of Intellectual Property and the Commons: Friends or Foes
Future of Intellectual Property and the Commons: Friends or FoesFuture of Intellectual Property and the Commons: Friends or Foes
Future of Intellectual Property and the Commons: Friends or FoesProf. (Dr.) Tabrez Ahmad
 
Dr. Tabrez Ahmad Presentation on Legal Education Challenges and Reforms in 21...
Dr. Tabrez Ahmad Presentation on Legal Education Challenges and Reforms in 21...Dr. Tabrez Ahmad Presentation on Legal Education Challenges and Reforms in 21...
Dr. Tabrez Ahmad Presentation on Legal Education Challenges and Reforms in 21...Prof. (Dr.) Tabrez Ahmad
 
Part 3 lecture- environmnetal regulation in energy sector
Part 3 lecture- environmnetal regulation in energy sectorPart 3 lecture- environmnetal regulation in energy sector
Part 3 lecture- environmnetal regulation in energy sectorProf. (Dr.) Tabrez Ahmad
 
Part 2 lecture environmental regulation in energy sector
Part 2 lecture environmental regulation in energy sectorPart 2 lecture environmental regulation in energy sector
Part 2 lecture environmental regulation in energy sectorProf. (Dr.) Tabrez Ahmad
 
Part 1 lecture- environmental regulation in energy sector
Part 1 lecture- environmental regulation in energy sectorPart 1 lecture- environmental regulation in energy sector
Part 1 lecture- environmental regulation in energy sectorProf. (Dr.) Tabrez Ahmad
 
Law of technology transfer and interlinking issues
Law of technology transfer and interlinking issuesLaw of technology transfer and interlinking issues
Law of technology transfer and interlinking issuesProf. (Dr.) Tabrez Ahmad
 

Mais de Prof. (Dr.) Tabrez Ahmad (20)

Plagiarism & internet
Plagiarism & internetPlagiarism & internet
Plagiarism & internet
 
Tabrez agro supply chain conf 7 oct 2016
Tabrez agro supply chain conf 7 oct 2016Tabrez agro supply chain conf 7 oct 2016
Tabrez agro supply chain conf 7 oct 2016
 
Trademark Infringements in E-commerce: A Comparative Study of India, China & USA
Trademark Infringements in E-commerce: A Comparative Study of India, China & USATrademark Infringements in E-commerce: A Comparative Study of India, China & USA
Trademark Infringements in E-commerce: A Comparative Study of India, China & USA
 
Future of Intellectual Property and the Commons: Friends or Foes
Future of Intellectual Property and the Commons: Friends or FoesFuture of Intellectual Property and the Commons: Friends or Foes
Future of Intellectual Property and the Commons: Friends or Foes
 
Dr. Tabrez Ahmad Presentation on Legal Education Challenges and Reforms in 21...
Dr. Tabrez Ahmad Presentation on Legal Education Challenges and Reforms in 21...Dr. Tabrez Ahmad Presentation on Legal Education Challenges and Reforms in 21...
Dr. Tabrez Ahmad Presentation on Legal Education Challenges and Reforms in 21...
 
Mining law
Mining lawMining law
Mining law
 
Nuclear energy law
Nuclear energy lawNuclear energy law
Nuclear energy law
 
Law & justice in globalised world
Law & justice in globalised worldLaw & justice in globalised world
Law & justice in globalised world
 
Part 3 lecture- environmnetal regulation in energy sector
Part 3 lecture- environmnetal regulation in energy sectorPart 3 lecture- environmnetal regulation in energy sector
Part 3 lecture- environmnetal regulation in energy sector
 
Part 2 lecture environmental regulation in energy sector
Part 2 lecture environmental regulation in energy sectorPart 2 lecture environmental regulation in energy sector
Part 2 lecture environmental regulation in energy sector
 
Part 1 lecture- environmental regulation in energy sector
Part 1 lecture- environmental regulation in energy sectorPart 1 lecture- environmental regulation in energy sector
Part 1 lecture- environmental regulation in energy sector
 
Law of technology transfer and interlinking issues
Law of technology transfer and interlinking issuesLaw of technology transfer and interlinking issues
Law of technology transfer and interlinking issues
 
Law of export processing zones
Law of export processing zonesLaw of export processing zones
Law of export processing zones
 
Law of Export Oriented Units
Law of Export Oriented UnitsLaw of Export Oriented Units
Law of Export Oriented Units
 
Foreign Exchange Management Law
Foreign Exchange Management LawForeign Exchange Management Law
Foreign Exchange Management Law
 
Foreign trade regulation
Foreign trade regulationForeign trade regulation
Foreign trade regulation
 
Sexual Harassment of Women at Work Place
Sexual Harassment of Women at Work PlaceSexual Harassment of Women at Work Place
Sexual Harassment of Women at Work Place
 
Negotiable instruments
Negotiable instrumentsNegotiable instruments
Negotiable instruments
 
Consumer protection law
Consumer protection lawConsumer protection law
Consumer protection law
 
Sale of Goods
Sale of GoodsSale of Goods
Sale of Goods
 

Último

JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 

Último (20)

JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 

Cybercrime investigation

  • 1. Investigation of Cyber Crimes & Forensics Biju Pattnaik State Police Academy Bhubaneswar By Dr. Tabrez Ahmad Professor of Law www.technolexindia.com 1 Dr. Tabrez Ahmad http://technolexindia.blogspot.com
  • 2. Agenda 1. The possible reliefs to a cybercrime victim and strategy adoption 2. The preparation for prosecution 3. Admissibility of digital evidence in courts 4. Defending an accused in a computer related crime 5. The techniques of cyber investigation and forensic tools 6. Future course of action  2 Dr. Tabrez Ahmad
  • 3. Possible reliefs to a cybercrime victim- strategy adoption  A victim of cybercrime needs to immediately report the matter to his local police station and to the nearest cybercrime cell  Depending on the nature of crime there may be civil and criminal remedies.  In civil remedies , injunction and restraint orders may be sought, together with damages, delivery up of infringing matter and/or account for profits.  In criminal remedies, a cybercrime case will be registered by police if the offence is cognisable and if the same is non cognisable, a complaint should be filed with metropolitan magistrate  For certain offences, both civil and criminal remedies may be available to the victim 3 Dr. Tabrez Ahmad
  • 4. Before lodging a cybercrime case  Important parameters-  Gather ample evidence admissible in a court of law  Fulfill the criteria of the pecuniary ,territorial and subject matter jurisdiction of a court.  Determine jurisdiction – case may be filed where the offence is committed or where effect of the offence is felt ( S. 177 to 179, CrPc) 4 Dr. Tabrez Ahmad
  • 5. The criminal prosecution pyramid Conviction /acquittal Trial Contents of charge Issue of process –summons, warrant Examine the witnesses Examine the complainant on oath Initiation of criminal proceedings-cognizance of offences by magistrates 5 Dr. Tabrez Ahmad
  • 6. Preparation for prosecution  Collect all evidence available & saving snapshots of evidence  Seek a cyberlaw expert‟s immediate assistance for advice on preparing for prosecution  Prepare a background history of facts chronologically as per facts  Pen down names and addresses of suspected accused.  Form a draft of complaint and remedies a victim seeks  Cyberlaw expert & police could assist in gathering further evidence e.g tracing the IP in case of e-mails, search & seizure or arrest as appropriate to the situation  A cyber forensic study of the hardware/equipment/ network server related to the cybercrime is generally essential 6 Dr. Tabrez Ahmad
  • 7. Government Initiative • The Cyber Crime Investigation cell (CCIC) of the CBI, notified in September 1999, started functioning from 3 March 2000. • It is located in New Delhi, Mumbai, Chennai and Bangalore. • Jurisdiction of the cell is all over India. • Any incident of the cyber crime can be reported to a police station, irrespective of whether it maintains a separate cell or not. 7 Dr. Tabrez Ahmad
  • 8. The Indian Computer Emergency Response Team (CERT-In)  IT Amendment ACT 2008. “70A. (1) The Indian Computer Emergency Response Team (CERT-In) shall serve as the national nodal agency in respect of Critical Information Infrastructure for coordinating all actions relating to information security practices, procedures, guidelines, incident prevention, response and report. (2) For the purposes of sub-section (1), the Director of the Indian Computer Emergency Response Team may call for information pertaining to cyber security from the service providers, intermediaries or any other person. 8 Dr. Tabrez Ahmad
  • 9. Cognizability and Bailability As per IT Amendment Act 2008 Offences which have not less than 3 years punishment are cognizable and bailable 9 Dr. Tabrez Ahmad 9
  • 10. Power of Police to Investigate Section 156 Cr.P.C. : Power to investigate cognizable offences. Section 155 Cr.P.C. : Power to investigate non cognizable offences. Section 91 Cr.P.C. : Summon to produce documents. Section 160 Cr.P.C. : Summon to require attendance of witnesses. 10 Dr. Tabrez Ahmad
  • 11. Power of Police to investigate (contd.) Section 165 Cr.P.C. : Search by police officer. Section 93 Cr.P.C : General provision as to search warrants. Section 47 Cr.P.C. : Search to arrest the accused. Section 78 of IT Act, 2000 : Power to investigate offences-not below rank of Inspector. Section 80 of IT Act, 2000 : Power of police officer to enter any public place and search & arrest. 11 Dr. Tabrez Ahmad
  • 12. Amendments- Indian Evidence Act 1872  Section 3 of the Evidence Act amended to take care of admissibility of ER as evidence along with the paper based records as part of the documents which can be produced before the court for inspection.  Section 4 of IT Act confers legal recognition to electronic records Dr. Tabrez Ahmad 12
  • 13. Societe Des products Nestle SA case 2006 (33 ) PTC 469  By virtue of provision of Section 65A, the contents of electronic records may be proved in evidence by parties in accordance with provision of 65B.  Held- Sub section (1) of section 65B makes admissible as a document, paper print out of electronic records stored in optical or magnetic media produced by a computer subject to fulfillment of conditions specified in subsection 2 of Section 65B . a) The computer from which the record is generated was regularly used to store or process information in respect of activity regularly carried on by person having lawful control over the period, and relates to the period over which the computer was regularly used. b) Information was fed in the computer in the ordinary course of the activities of the person having lawful control over the computer. c) The computer was operating properly, and if not, was not such as to affect the electronic record or its accuracy. d) Information reproduced is such as is fed into computer in the ordinary course of activity.  State v Mohd Afzal, 2003 (7) AD (Delhi)1 13 Dr. Tabrez Ahmad
  • 14. State v Navjot Sandhu (2005)11 SCC 600  Held, while examining Section 65 B Evidence Act, it may be that certificate containing details of subsection 4 of Section 65 is not filed, but that does not mean that secondary evidence cannot be given.  Section 63 & 65 of the Indian Evidence Act enables secondary evidence of contents of a document to be adduced if original is of such a nature as not to be easily movable. 14 Dr. Tabrez Ahmad
  • 15. Presumptions in law- Section 85 B Indian Evidence Act  The law also presumes that in any proceedings, involving secure digital signature, the court shall presume, unless the contrary is proved, that the secure digital signature is affixed by the subscriber with the intention of signing or approving the electronic record  In any proceedings involving a secure electronic record, the court shall presume, unless contrary is proved, that the secure electronic record has not been altered since the specific point of time, to which the secure status relates 15 Dr. Tabrez Ahmad
  • 16. Presumption as to electronic messages- Section 88A of Evidence Act  The court may treat electronic messages received as if they were sent by the originator, with the exception that a presumption is not to be made as to the person by whom such message was sent.  It must be proved that the message has been forwarded from the electronic mail server to the person ( addressee ) to whom such message purports to have been addressed  An electronic message is primary evidence of the fact that the same was delivered to the addressee on date and time indicated. 16 Dr. Tabrez Ahmad
  • 17. IT Amendment Act 2008-Section 79A  Section 79A empowers the Central govt to appoint any department, body or agency as examiner of electronic evidence for proving expert opinion on electronic form evidence before any court or authority.  Till now, government forensic lab of hyderabad was considered of evidentiary value in courts- CFSIL  Statutory status to an agency as per Section 79A will be of vital importance in criminal prosecution of cybercrime cases in India 17 Dr. Tabrez Ahmad
  • 18. Probable activities for defense by an accused in a cybercrime case  Preparation of chain of events table  Probing where evidence could be traced? E-mail inbox/files/folders/ web history  Has the accused used any erase evidence software/tools  Forensically screening the hardware/data/files /print outs / camera/mobile/pendrives of evidentiary value  Formatting may not be a solution  Apply for anticipatory bail  Challenge evidence produced by opposite party and look for loopholes  Filing of a cross complaint if appropriate 18 Dr. Tabrez Ahmad
  • 19. Sec 69: Decryption of information  Ingredients  Controller issues order to Government agency to intercept any information transmitted through any computer resource.  Order is issued in the interest of the  sovereignty or integrity of India,  the security of the State,  friendly relations with foreign States,  public order or  preventing incitement for commission of a cognizable offence  Person in charge of the computer resource fails to extend all facilities and technical assistance to decrypt the information-punishment upto 7 years. 19 Dr. Tabrez Ahmad
  • 20. Sec 70 Protected System  Ingredients  Securing unauthorised access or attempting to secure unauthorised access  to „protected system‟  Acts covered by this section:  Switching computer on / off  Using installed software / hardware  Installing software / hardware  Port scanning  Punishment  Imprisonment up to 10 years and fine  Cognizable, Non-Bailable, Court of Sessions 20 Dr. Tabrez Ahmad
  • 21. Computer Forensics and Cyberforensics Computer forensics is considered to be the use of analytical and investigative techniques to identify, collect, examine, preserve and present evidence or information which is magnetically stored or encoded A better definition for law enforcement would be the scientific method of examining and analyzing data from computer storage media so that the data can be used as evidence in court. Media = computers, mobile phones, PDA, digital camera, etc. 21 Dr. Tabrez Ahmad
  • 22. Handling of Evidences by Cyber Analysts Collect, Obs Analyze and Identify erve & Verify Organize Preserve Four major tasks for working with digital evidence Identify: Any digital information or artifacts that can be used as evidence. Collect, observe and preserve the evidence Analyze, identify and organize the evidence. Rebuild the evidence or repeat a situation to verify the same results every time. Checking the hash value. 22 Dr. Tabrez Ahmad
  • 23. Incident Response – a precursor to Techniques of Cyber investigation & forensic tools  „Incident response‟ could be defined as a precise set of actions to handle any security incident in a responsible ,meaningful and timely manner.  Goals of incident response-  To confirm whether an incident has occurred  To promote accumulation of accurate information  Educate senior management  Help in detection/prevention of such incidents in the future,  To provide rapid detection and containment  Minimize disruption to business and network operations  To facilitate for criminal action against perpetrators 23 Dr. Tabrez Ahmad
  • 24. Six steps of Incident response Detection of incidents Pre incident preparation Resolution Initial response Investigate the incident Reporting 24 Dr. Tabrez Ahmad
  • 25. Techniques of cyber investigation- Cyber forensics  Computer forensics, also called cyber forensics, is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law.  The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it. 25 Dr. Tabrez Ahmad
  • 26. 6 A‟s of digital forensics Assessment Acquisition Authentication Analysis Articulation 26 Dr. Tabrez Ahmad
  • 27. Rules of evidence  Computer forensic components-  Identifying  Preserving  Analysing  Presenting evidence in a legally admissible manner Dr. Tabrez Ahmad 27
  • 28. FBI handbook of forensic investigation- techniques for computer forensics Examine type of content in Comparison of data files computer Transactions-to know time Data files can be extracted and sequence when data files from computer were created Deleted data files can be Data files can be converted recovered from the computer from one format to the other Key word searching passwords Limited source code can be Storage media with analysed and compared standalone word processors can be examined Dr. Tabrez Ahmad 28
  • 29. Sources of Evidence  Existing Files  Deleted Files  Logs  Special system files (registry etc.)  Email archives, printer spools  Administrative settings  Internet History  Chat archives  Misnamed Files  Encrypted Files / Password Protected files etc. 29 Dr. Tabrez Ahmad
  • 30. Cyberforensics in accounting frauds  Use of CAAT –computer assisted audit techniques- spreadsheets, excel, MS access  Generalized audit software-PC based file interrogation software- IDEA,ACL  Help detect fictitious suppliers, duplicate payments, theft of inventory  Tender manipulation, secret commissions  False financial reporting  Expense account misuse  Insider trading 30 Dr. Tabrez Ahmad
  • 31. Establishment and maintenance of „Chain of Custody  Tools required:  - Evidence notebook  - Tamper evident labels  - Permanent ink pen  - Camera  Document the following:  - Who reported the incident along with critical date and times  - Details leading up to formal investigation  - Names of all people conducting investigation  - Establish and maintain detailed „activity log‟ 31 Dr. Tabrez Ahmad
  • 32. Maintaining Chain Of Custody  Take pictures of the evidence  - Document „crime scene‟ details  Document identifiable markings on evidence  Catalog the system contents  Document serial numbers, model numbers, asset tags  “Bag” it!  Maintain Chain Of Custody on tamperproof  evidence bag  Take a picture! Dr. Tabrez Ahmad 32
  • 33. E-mail forensics  E-mail composed of two parts- header and body  Examine headers  Request information from ISP  Trace the IP  Tools-Encase,FTK,Final email  Sawmill groupwise  Audimation for logging  Cracking the password- brute force attack, smart search, dictionary search, date search, customised search, guaranteed decryption, plaintext attack  Passware, ultimate zip cracker,office recovery enterprise,etc 33 Dr. Tabrez Ahmad
  • 34. Computer forensic analysis within the forensic tradition.  Alphonse Bertillon- [freezing the scene]: in 1879 introduce a methodical way of documenting the scene by photographing, for example, bodies, items, footprints, bloodstains in situ with relative measurements of location, position, and size Bertillon is thus the first known forensic photographer.  Bertillonage : system of identifying individuals over 200 separate body measurements, was in use till 1910 and was only rendered obsolete by the discovery that fingerprints were unique. 34 Dr. Tabrez Ahmad
  • 35. Key Principal of Forensics  Edmond Locard articulated one of the forensic science‟s key rules, known as Locard’s Exchange Principle.  “The principle states that when two items or persons come into contact, there will be an exchange of physical traces. Something is brought, and something is taken away, so that suspects can be tied to a crime scene by detecting these traces”. 35 Dr. Tabrez Ahmad
  • 36. Stakeholders:  National security  Custom & Excise  Law enforcement agents  Businesses (embezzlement, industrial espionage, stealing confidential information, and racial or sexual harassment).  Corporate crime [according to report the accountants and auditors for Enron not only used e-mail to communicate but also subsequently deleted these e-mails] 36 Dr. Tabrez Ahmad
  • 37. Problems In Indian Context.  No Standard for Computer Forensic is yet developed.  No Guidelines for Companies dealing with electronic data, during disputes.  No recognition to any of the forensics tool.  Issues related to anti-forensics are not talked about. ……………… 37 Dr. Tabrez Ahmad
  • 38. Over All Scenario  To date, computer forensics has been primarily driven by vendors and applied technologies with very little consideration being given to establishing a sound theoretical foundation  The national and international judiciary has already begun to question the ‘‘scientific’’ validity of many of the ad hoc procedures and methodologies and is demanding proof of some sort of theoretical foundation and scientific rigor. 38 Dr. Tabrez Ahmad
  • 39. CONTD..  Commercial software tools are also a problem because software developers need to protect their code to prevent competitors from stealing their product. However, since most of the code is not made public, it is very difficult for the developers to verify error rates of the software, and so reliability of performance is still questionable . 39 Dr. Tabrez Ahmad
  • 40. CONTD.. The specialized tools used by a computer forensic expert are viewed as intolerably expensive by many corporations, and as a result many corporations simply choose not to invest any meaningful money into computer forensics. This trend amplifies cyber crime rates Open source software‟s were also not been tested or verified for the effectiveness to serve the above purposes (Open for research) 40 Dr. Tabrez Ahmad
  • 41. Legal Aspects  The growing demand for security and certainty in cyber space leads to more stringent laws.  The violation and maintaining of these laws (cyber laws) must be distinguished from classical criminal activities and criminal law enforcement.  The dynamics between these different forms of law violation and law enforcement is important and shall be addressed. 41 Dr. Tabrez Ahmad
  • 42. Computer Forensic Tools Forensic Tool Kit: FTK is developed by Access Data Corporation (USA); it enables law enforcement and corporate security professionals to perform complete and in-depth computer forensic analysis. 42 Dr. Tabrez Ahmad Main Window of FTK
  • 43. TYPICAL TOOLS  EMAIL TRACER  TRUEBACK  CYBERCHECK  MANUAL 43 Dr. Tabrez Ahmad
  • 44. Current and Emerging Cyber Forensic Tools of Law Enforcement 44 Dr. Tabrez Ahmad
  • 45. ENCASE FORENSIC: Encase Forensic developed by Guidance Software USA is the industry standard in computer forensic investigation technology. With an intuitive Graphical User Interface (GUI), superior analytics, enhanced email/Internet support and a powerful scripting engine, EnCase provides investigators with a single robust tool, capable of conducting large-scale and very complex investigations from beginning to end. 45 Dr. Tabrez Ahmad Main Window of Encase
  • 46.  Encase Forensic is very useful forensic solution but it lacks following important feature:  In Encase forensic there is no password cracking/recovery facility. So if during investigation process the examiner detected any password protected files then he had to rely on third party tools. 46 Dr. Tabrez Ahmad
  • 47. EMAIL TRACER FORENSIC TOOL 47 Dr. Tabrez Ahmad
  • 48. FEATURES OF EMAIL TRACER •Display of Actual Mail Content for Outlook Express, Eudora, MS Outlook and mail clients with MBOX mailbox. •Display the Mail Content (HTML / Text) •Display the Mail Attributes for Outlook Express. •Display of extracted E-mail header information •Save Mail Content as .EML file. •Display of all Email attachments and Extraction. •Display of E-mail route. •IP trace to the sender’s system. •Domain name look up. •Display of geographical location of the sender’s gateway on a world map. •Mail server log analysis for evidence collection. •Access to Database of Country code list along with IP address information. 48 Dr. Tabrez Ahmad
  • 49. EMAIL TRACING OVER WEB AS A PRE-EMPTIVE TOOL 49 Dr. Tabrez Ahmad
  • 50. EMAIL TRACING SERVICE  Users can submit their tracing task to Email Tracer through web.  Tracing IP Address upto city level (non-spoofed)  Detection of spoofed mail  Detailed report 50 Dr. Tabrez Ahmad
  • 51. 51 Dr. Tabrez Ahmad
  • 52. 52 Dr. Tabrez Ahmad
  • 53. 53 Dr. Tabrez Ahmad
  • 54. SEIZURE & ACQUISITION TOOL TRUEBACK 54 Dr. Tabrez Ahmad
  • 55. FEATURES OF TRUE BACK  DOS application with event based Windowing System.  Self-integrity check.  Minimum system configuration check.  Extraction of system information  Three modes of operation: - Seize - Acquire - Seize and Acquire 55 Dr. Tabrez Ahmad
  • 56. Disk imaging through Parallel port. Disk imaging using Network Interface Card.  Block by Block acquisition with data integrity check on each block.  IDE/SCSI, USB, CD and Floppy acquisition.  Acquisition of floppies and CDs in Batch mode.  Write protection on all storage media except destination media.  Checking for sterile destination media.  Progress Bar display on all modes of operation.  Report generation on all modes of operation. BIOS and ATA mode acquisition 56 Dr. Tabrez Ahmad
  • 57. ANALYSIS TOOL CYBER CHECK 57 Dr. Tabrez Ahmad
  • 58. Cyber Check Suites: The IT Act 2000 is India's first attempt to combat cyber crime. To assist in the enforcement of the IT Act, the Department of Information Technology, Ministry of Communications and Information Technology, has setup a Technical Resource Centre for Cyber Forensics at C- DAC, Thiruvananthapuram. Cyber Check is a forensic analysis tool developed by C-DAC Thiruvanathapuram, 58 Dr. Tabrez Ahmad Probe Window of Cyber Check Suite
  • 59. CyberCheck - Features Standard Windows application. Self-integrity check. Minimum system configuration check. Analyses evidence file containing FAT12, FAT16, FAT32, NTFS and EXT2FS file system. Analyses evidence files created by the following disk imaging tools: TrueBack LinkMasster Encase User login facilities. 59 Dr. Tabrez Ahmad
  • 60. CyberCheck– Features (Contd …) Creates log of each analysis session and Analyzing officer‟s details. Block by block data integrity verification while loading evidence file. Explorer type view of contents of the whole evidence file. Display of folders and files with all attributes. Show/Hide system files. Sorting of files based on file attributes. Text/Hex view of the content of a file. Picture view of an image file. GalleryTabrez Ahmadimages. 60 Dr. view of
  • 61. CyberCheck– Features (Contd …) Graphical representation of the following views of an evidence file: Disk View. Cluster View. Block view. Timeline view of: All files Deleted files. Time anomaly files. Signature mismatched files. Files created within a time frame. 61 Dr. Tabrez Ahmad
  • 62. CyberCheck– Features (Contd …) Display of cluster chain of a file. Single and Multiple Keyword search. Extraction of Disk, Partition, File and MBR slacks. Exclusive search in slack space. Extraction of unused unallocated clusters and exclusion from search space. Exclusive search in used unallocated clusters . Extraction of lost clusters. Exclusive search in data extracted from lost clusters. Extraction of Swap files. Exclusive search in data extracted from Swap files. 62 Dr. Tabrez Ahmad
  • 63. CyberCheck– Features (Contd …) File search based on file extension. File search based on hash value. Exclusion of system files from search space. Data recovery from deleted files, slack space, used unallocated clusters and lost clusters. Recovery of formatted partitions. Recovery of deleted partitions. Exporting files, folders and slack content. Exporting folder structure including file names into a file. Exporting files on to external viewer. 63 Dr. Tabrez Ahmad
  • 64. CyberCheck– Features (Contd …) Local preview of storage media. Network preview of storage media using cross-over cable. Book marking of folders, files and data. Adding book marked items into report. Restoration of storage media. Creating raw image. Raw image analysis. Facility for viewing Mailbox files of Microsoft Outlook Express, Microsoft Outlook, Eudora and Linux Mail clients. 64 Dr. Tabrez Ahmad
  • 65. CyberCheck– Features (Contd …) Registry viewer. Hash set of system files. Identification of encrypted & password protected files. Identification of steganographed image files. Generation of analysis report with the following features. Complete information of the evidence file system. Complete information of the partitions and drive geometry. Hash verification details. User login and logout information. 65 Dr. Tabrez Ahmad
  • 66. CyberCheck– Features (Contd …) Exported content of text file and slack information. Includes picture file as image. Saving report, search hits and book marked items for later use. Password protection of report. Print report. 66 Dr. Tabrez Ahmad
  • 67. PASSWORD CRACKING GRID Enabled Password Cracker 67 Dr. Tabrez Ahmad
  • 68. PASSWORD CRACKING OF ZIP FILES USING GRID CYBER FORENSICS LAB INTERNET GRID GRID SERVER FSL CBI POLICE CRIME CELL 68 Dr. Tabrez Ahmad
  • 69. PASSWORD CRACKING OF ZIP FILES USING GRID 4. GRID SERVER SENDS 3. CLIENTS COMPUTES AND RESULTS OVER INTERNET SEND RESULTS TO SERVER INTERNET GRID GRID SERVER 1.ZIPPED FILE SUBMISSION FSL CBI 2. SERVER RECEIVES AND DISTRIBUTES TO POLICE CRIME CELL GRID CLIENTS 69 Dr. Tabrez Ahmad
  • 70. WHO’S AT THE KEYBOARD?  BIOMETRICS  A software driver associated with the keyboard records the user’s rhythm in typing.  These rhythms are then used to generate a profile of the authentic user. 70 Dr. Tabrez Ahmad
  • 71. WHO’S AT THE KEYBOARD?  FORENSIC STYLISTICS  A qualitative approach to authorship assesses errors and “idiosyncrasies” based on the examiner’s experience.  This approach could be quantified through Databasing. 71 Dr. Tabrez Ahmad
  • 72. WHO’S AT THE KEYBOARD?  STYLOMETRY  It is quantitative and computational method, focusing on readily computable and countable language features, e.g. word length, phrase length, sentence length, vocabulary frequency, distribution of words of different lengths. 72 Dr. Tabrez Ahmad
  • 73. Comparison between Encase Version 6.0, FTK, and Cyber Check Suite. 73 Dr. Tabrez Ahmad
  • 75. TECHNICAL  Ubiquity Of Computers  Crimes Occur In All Jurisdictions  Training Law Enforcement Agencies Becomes a Challenge  Technology Revolution Leads To Newer Systems, Devices Etc.. 75 Dr. Tabrez Ahmad
  • 76. OPERATIONAL  ALL DATA MUST BE GATHERED AND EXAMINED FOR EVIDENCE  GIGABYTES OF DATA  PROBLEMS OF o STORAGE o ANALYSIS o PRESENTATION..  NO STANDARD SOLUTION AS YET 76 Dr. Tabrez Ahmad
  • 77. SOCIAL  IT RESULTS IN  UNCERTAINITIES ABOUT EFFECTIVENESS OF CURRENT INVESTIGATION TECHNIQUES  SUB OPTIMAL USE OF RESOURCES  PRIVACY CONCERNS 77 Dr. Tabrez Ahmad
  • 78. LEGAL  USES & BOUNDARIES OF DIGITAL EVIDENCE IN LEGAL PROCEDURES STILL UNCLEAR  CURRENT TOOLS & TECHNIQUES NOT RIGOROUSLY USED / CONTESTED IN COURT 78 Dr. Tabrez Ahmad
  • 79. Challenges faced by Law Enforcement Awareness: Technology is changing very rapidly. So does the increase in Cyber crimes, No proper awareness shared with regard to crime and latest tools. People are so ignorant that makes it effortless for cyber criminals to attack. People fear to report crimes and some crimes are not properly recorded. The reason behind this is that the victim is either scared of police harassment or wrong media publicity. For minority and marginalised groups who already bear the brunt of media bias, reporting online harassment to the police may simply draw further unwanted attention. The public is not aware of the resources and services that law enforcement could provide them if being a victim of crime or witness. 79 Dr. Tabrez Ahmad
  • 80.  Technical Issues: Large amount of storage space required for storing the imaged evidences and also for storing retrieved evidence after analysis. Retrieved evidence might contain documents, pictures, videos and audio files which takes up a lot of space. Technical issues can further be categorised into software and hardware issues. 80 Dr. Tabrez Ahmad
  • 81. Software and Hardware Issues: The growth of Cyber crime as given rise to numerous Forensic software vendors. The challenge being to choose among them and no single forensic tool solves the entire case, there are loads of third party tools available. So is the case with Hardware tools, Most common and liable h/w tool is the FRED. But when it comes to Mobile forensics it is a challenge to decide the compatibility of different phones and which h/w to rely on.. 81 Dr. Tabrez Ahmad
  • 82. Recently China has been manufacturing mobile phones that have cloned IME numbers which is a current challenge faced in Mobile forensics.  Information sharing: Information sharing is a best practice and can be accomplished by a variety of means such as interacting with industry groups, attending briefings, meetings, seminars and conferences, and working actively with forensic bodies like CDAC.. 82 Dr. Tabrez Ahmad
  • 83. Inadequate Training and Funds: Due to the growing of cyber forensic tools law enforcement does not get adequate training and awareness on innovative tools. Training bodies are limited and are pricey. Insufficient funding in order to send officers for training and investing on future enhancements. Transfers and recruiting officers adds to the loss of experienced staff and spending for training the newcomers. Cases become pending in such circumstances. 83 Dr. Tabrez Ahmad
  • 84.  Global Issues: Most of the IP addresses retrieved during investigation leads to servers or computers located abroad which have no identity, hence further investigations are blocked and closed. Correspondence with bodies such as Google, Yahoo, Hotmail is quite time consuming and prolong the investigations.  Wireless or Wi-Fi, Bluetooth, Infrared Issues: Latest wireless technologies which provide internet connections causes exploitation especially when it is not secured. This is the present technology terrorists and radical activists exploit. This is another vulnerability that law enforcement faces. 84 Dr. Tabrez Ahmad
  • 85. References  Computer forensics by Michael Sheetz published by John Wiley and Sons  Cyber crime Impact in the new millennium by R.C Mishra.  Roadmap for digital forensic Research [Report From the First Digital Forensic Research Workshop]  Forensic Corpora: A Challenge for Forensic Research Simson L. Garfinkel April 10, 2007  Computer and Intrusion Forensics by Mohay,Anderson Collie,Devel Published by Artech House. 85 Dr. Tabrez Ahmad
  • 86. Future Course of Action  Mumbai Cyber lab is a joint initiative of Mumbai police and NASSCOM –more exchange and coordination of this kind  More Public awareness campaigns  Training of police officers to effectively combat cyber crimes  More Cyber crime police cells set up across the country  Effective E-surveillance  Websites aid in creating awareness and encouraging reporting of cyber crime cases.  Specialised Training of forensic investigators and experts  Active coordination between police and other law enforcement agencies and authorities is required. 86 Dr. Tabrez Ahmad
  • 87. Do you have any question? 87 Dr. Tabrez Ahmad
  • 88. 88 Dr. Tabrez Ahmad