Best BCA colleges in Delhi NCR JIMS Vasant Kunj New Delhi.
cyber ethics is a part of curriculum of BCA 6TH Sem of BESTBCACOLLGE IN DELHI NCR.
JIMS Vasant KunjII is the Top institute for BCA. JIMS is one of the Best BCA Colleges in Delhi which offers best placements in Top IT Companies in Delhi NCR. It is amongst the top A+ Category highest ranked colleges in Delhi, provides 3 years Regular Degree from UGC Approved University
1. Cyber Ethics Notes
What is Cyber Security?
The technique of protecting internet-connected systems such as computers, servers, mobile
devices, electronic systems, networks, and data from malicious attacks is known as cybersecurity.
We can divide cybersecurity into two parts one is cyber, and the other is security. Cyber refers to
the technology that includes systems, networks, programs, and data. And security is concerned
with the protection of systems, networks, applications, and information. In some cases, it is also
called electronic information security or information technology security.
Some other definitions of cybersecurity are:
"Cyber Security is the body of technologies, processes, and practices designed to protect networks,
devices, programs, and data from attack, theft, damage, modification or unauthorized access."
"Cyber Security is the set of principles and practices designed to protect our computing resources and
online information against threats."
Types of Cyber Security
Every organization's assets are the combinations of a variety of different systems. These systems
have a strong cybersecurity posture that requires coordinated efforts across all of its systems.
Therefore, we can categorize cybersecurity in the following sub-domains:
o Network Security: It involves implementing the hardware and software to secure a computer
network from unauthorized access, intruders, attacks, disruption, and misuse. This security helps an
organization to protect its assets against external and internal threats.
2. o Application Security: It involves protecting the software and devices from unwanted threats. This
protection can be done by constantly updating the apps to ensure they are secure from attacks.
Successful security begins in the design stage, writing source code, validation, threat modeling,
etc., before a program or device is deployed.
o Information or Data Security: It involves implementing a strong data storage mechanism to
maintain the integrity and privacy of data, both in storage and in transit.
o Identity management: It deals with the procedure for determining the level of access that each
individual has within an organization.
o Operational Security: It involves processing and making decisions on handling and securing data
assets.
o Mobile Security: It involves securing the organizational and personal data stored on mobile
devices such as cell phones, computers, tablets, and other similar devices against various malicious
threats. These threats are unauthorized access, device loss or theft, malware, etc.
o Cloud Security: It involves in protecting the information stored in the digital environment or cloud
architectures for the organization. It uses various cloud service providers such as AWS, Azure,
Google, etc., to ensure security against multiple threats.
o Disaster Recovery and Business Continuity Planning: It deals with the processes, monitoring,
alerts, and plans to how an organization responds when any malicious activity is causing the loss of
operations or data. Its policies dictate resuming the lost operations after any disaster happens to
the same operating capacity as before the event.
o User Education: It deals with the processes, monitoring, alerts, and plans to how an organization
responds when any malicious activity is causing the loss of operations or data. Its policies dictate
resuming the lost operations after any disaster happens to the same operating capacity as before
the event.
Why is Cyber Security important?
Today we live in a digital era where all aspects of our lives depend on the network, computer and
other electronic devices, and software applications. All critical infrastructure such as the banking
system, healthcare, financial institutions, governments, and manufacturing industries use devices
connected to the Internet as a core part of their operations. Some of their information, such as
intellectual property, financial data, and personal data, can be sensitive for unauthorized access or
exposure that could have negative consequences. This information gives intruders and threat
3. actors to infiltrate them for financial gain, extortion, political or social motives, or just vandalism.
Cyber-attack is now an international concern that hacks the system, and other security attacks
could endanger the global economy. Therefore, it is essential to have an excellent cybersecurity
strategy to protect sensitive information from high-profile security breaches. Furthermore, as the
volume of cyber-attacks grows, companies and organizations, especially those that deal with
information related to national security, health, or financial records, need to use strong
cybersecurity measures and processes to protect their sensitive business and personal information.
Cyber Security Goals
Cyber Security's main objective is to ensure data protection. The security community provides a
triangle of three related principles to protect the data from cyber-attacks. This principle is called
the CIA triad. The CIA model is designed to guide policies for an organization's information
security infrastructure. When any security breaches are found, one or more of these principles has
been violated.
We can break the CIA model into three parts: Confidentiality, Integrity, and Availability. It is
actually a security model that helps people to think about various parts of IT security. Let us discuss
each part in detail.
Confidentiality
Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves
4. ensuring the data is accessible by those who are allowed to use it and blocking access to others. It
prevents essential information from reaching the wrong people. Data encryption is an excellent
example of ensuring confidentiality.
Integrity
This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized
modification by threat actors or accidental user modification. If any modifications occur, certain
measures should be taken to protect the sensitive data from corruption or loss and speedily
recover from such an event. In addition, it indicates to make the source of information genuine.
Availability
This principle makes the information to be available and useful for its authorized people always. It
ensures that these accesses are not hindered by system malfunction or cyber-attacks.
Types of Cyber Security Threats
A threat in cybersecurity is a malicious activity by an individual or organization to corrupt or steal
data, gain access to a network, or disrupts digital life in general. The cyber community defines the
following threats available today:
Malware
Malware means malicious software, which is the most common cyber attacking tool. It is used by
5. the cybercriminal or hacker to disrupt or damage a legitimate user's system. The following are the
important types of malware created by the hacker:
o Virus: It is a malicious piece of code that spreads from one device to another. It can clean files and
spreads throughout a computer system, infecting files, stoles information, or damage device.
o Spyware: It is a software that secretly records information about user activities on their system. For
example, spyware could capture credit card details that can be used by the cybercriminals for
unauthorized shopping, money withdrawing, etc.
o Trojans: It is a type of malware or code that appears as legitimate software or file to fool us into
downloading and running. Its primary purpose is to corrupt or steal data from our device or do
other harmful activities on our network.
o Ransomware: It's a piece of software that encrypts a user's files and data on a device, rendering
them unusable or erasing. Then, a monetary ransom is demanded by malicious actors for
decryption.
o Worms: It is a piece of software that spreads copies of itself from device to device without human
interaction. It does not require them to attach themselves to any program to steal or damage the
data.
o Adware: It is an advertising software used to spread malware and displays advertisements on our
device. It is an unwanted program that is installed without the user's permission. The main
objective of this program is to generate revenue for its developer by showing the ads on their
browser.
o Botnets: It is a collection of internet-connected malware-infected devices that allow cybercriminals
to control them. It enables cybercriminals to get credentials leaks, unauthorized access, and data
theft without the user's permission.
Phishing
Phishing is a type of cybercrime in which a sender seems to come from a genuine
organization like PayPal, eBay, financial institutions, or friends and co-workers. They contact a
target or targets via email, phone, or text message with a link to persuade them to click on that
links. This link will redirect them to fraudulent websites to provide sensitive data such as personal
information, banking and credit card information, social security numbers, usernames, and
passwords. Clicking on the link will also install malware on the target devices that allow hackers to
control devices remotely.
6. Man-in-the-middle (MITM) attack
A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a
cybercriminal intercepts a conversation or data transfer between two individuals. Once the
cybercriminal places themselves in the middle of a two-party communication, they seem like
genuine participants and can get sensitive information and return different responses. The main
objective of this type of attack is to gain access to our business or customer data. For example, a
cybercriminal could intercept data passing between the target device and the network on an
unprotected Wi-Fi network.
Distributed denial of service (DDoS)
It is a type of cyber threat or malicious attempt where cybercriminals disrupt targeted servers,
services, or network's regular traffic by fulfilling legitimate requests to the target or its surrounding
infrastructure with Internet traffic. Here the requests come from several IP addresses that can make
the system unusable, overload their servers, slowing down significantly or temporarily taking them
offline, or preventing an organization from carrying out its vital functions.
Brute Force
A brute force attack is a cryptographic hack that uses a trial-and-error method to guess all
possible combinations until the correct information is discovered. Cybercriminals usually use this
attack to obtain personal information about targeted passwords, login info, encryption keys, and
Personal Identification Numbers (PINS).
SQL Injection (SQLI)
SQL injection is a common attack that occurs when cybercriminals use malicious SQL scripts for
backend database manipulation to access sensitive information. Once the attack is successful, the
malicious actor can view, change, or delete sensitive company data, user lists, or private customer
details stored in the SQL database.
Domain Name System (DNS) attack
A DNS attack is a type of cyberattack in which cyber criminals take advantage of flaws in the
Domain Name System to redirect site users to malicious websites (DNS hijacking) and steal data
from affected computers. It is a severe cybersecurity risk because the DNS system is an essential
element of the internet infrastructure.
7. Latest cyber threats
The following are the latest cyber threats reported by the U.K., U.S., and Australian governments:
Romance Scams
The U.S. government found this cyber threat in February 2020. Cybercriminals used this threat
through dating sites, chat rooms, and apps. They attack people who are seeking a new partner and
duping them into giving away personal data.
Dridex Malware
It is a type of financial Trojan malware identifies by the U.S. in December 2019 that affects the
public, government, infrastructure, and business worldwide. It infects computers through phishing
emails or existing malware to steal sensitive information such as passwords, banking details, and
personal data for fraudulent transactions. The National Cyber Security Centre of the United
Kingdom encourages people to make sure their devices are patched, anti-virus is turned on and up
to date, and files are backed up to protect sensitive data against this attack.
Emotet Malware
Emotet is a type of cyber-attack that steals sensitive data and also installs other malware on our
device. The Australian Cyber Security Centre warned national organizations about this global cyber
threat in 2019.
The following are the system that can be affected by security breaches and attacks:
o Communication: Cyber attackers can use phone calls, emails, text messages, and messaging apps
for cyberattacks.
o Finance: This system deals with the risk of financial information like bank and credit card detail.
This information is naturally a primary target for cyber attackers.
o Governments: The cybercriminal generally targets the government institutions to get confidential
public data or private citizen information.
o Transportation: In this system, cybercriminals generally target connected cars, traffic control
systems, and smart road infrastructure.
o Healthcare: A cybercriminal targets the healthcare system to get the information stored at a local
8. clinic to critical care systems at a national hospital.
o Education: A cybercriminals target educational institutions to get their confidential research data
and information of students and employees.
Benefits of cyber security
The following are the benefits of implementing and maintaining cybersecurity:
o Cyber attacks and data breach protection for businesses.
o Data and network security are both protected.
o Unauthorized user access is avoided.
o After a breach, there is a faster recovery time.
o End-user and endpoint device protection.
o Regulatory adherence.
o Continuity of operations.
o Developers, partners, consumers, stakeholders, and workers have more faith in the company's
reputation and trust.
Cyber Safety Tips
Let us see how to protect ourselves when any cyber-attacks happen. The following are the popular
cyber safety tips:
Conduct cybersecurity training and awareness: Every organization must train their staffs on
cybersecurity, company policies, and incident reporting for a strong cybersecurity policy to be
successful. If the staff does unintentional or intentional malicious activities, it may fail the best
technical safeguards that result in an expensive security breach. Therefore, it is useful to conduct
security training and awareness for staff through seminars, classes, and online courses that reduce
security violations.
Update software and operating system: The most popular safety measure is to update the
software and O.S. to get the benefit of the latest security patches.
Use anti-virus software: It is also useful to use the anti-virus software that will detect and removes
unwanted threats from your device. This software is always updated to get the best level of
protection.
9. Perform periodic security reviews: Every organization ensures periodic security inspections of all
software and networks to identify security risks early in a secure environment. Some popular
examples of security reviews are application and network penetration testing, source code reviews,
architecture design reviews, and red team assessments. In addition, organizations should prioritize
and mitigate security vulnerabilities as quickly as possible after they are discovered.
Use strong passwords: It is recommended to always use long and various combinations of
characters and symbols in the password. It makes the passwords are not easily guessable.
Do not open email attachments from unknown senders: The cyber expert always advises not to
open or click the email attachment getting from unverified senders or unfamiliar websites because
it could be infected with malware.
Avoid using unsecured Wi-Fi networks in public places: It should also be advised not to use
insecure networks because they can leave you vulnerable to man-in-the-middle attacks.
Backup data: Every organization must periodically take backup of their data to ensure all sensitive
data is not lost or recovered after a security breach. In addition, backups can help maintain data
integrity in cyber-attack such as SQL injections, phishing, and ransom ware.
The objective of Cybersecurity is to protect information from being stolen, compromised
or attacked. Cybersecurity can be measured by at least one of three goals-
1. Protect the confidentiality of data.
2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.
These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all
security programs. The CIA triad is a security model that is designed to guide policies for
information security within the premises of an organization or company. This model is
also referred to as the AIC (Availability, Integrity, and Confidentiality) triad to avoid
the confusion with the Central Intelligence Agency. The elements of the triad are
considered the three most crucial components of security.
The CIA criteria are one that most of the organizations and companies use when they
have installed a new application, creates a database or when guaranteeing access to
some data. For data to be completely secure, all of these security goals must come into
10. effect. These are security policies that all work together, and therefore it can be wrong
to overlook one policy.
The CIA triad are-
1. Confidentiality
Confidentiality is roughly equivalent to privacy and avoids the unauthorized disclosure
of information. It involves the protection of data, providing access for those who are
allowed to see it while disallowing others from learning anything about its content. It
prevents essential information from reaching the wrong people while making sure that
the right people can get it. Data encryption is a good example to ensure confidentiality.
Tools for Confidentiality
11. Encryption
Encryption is a method of transforming information to make it unreadable for
unauthorized users by using an algorithm. The transformation of data uses a secret key
(an encryption key) so that the transformed data can only be read by using another
secret key (decryption key). It protects sensitive data such as credit card numbers by
encoding and transforming data into unreadable cipher text. This encrypted data can
only be read by decrypting it. Asymmetric-key and symmetric-key are the two primary
types of encryption.
Access control
Access control defines rules and policies for limiting access to a system or to physical or
virtual resources. It is a process by which users are granted access and certain privileges
to systems, resources or information. In access control systems, users need to present
credentials before they can be granted access such as a person's name or a computer's
serial number. In physical systems, these credentials may come in many forms, but
credentials that can't be transferred provide the most security.
Authentication
An authentication is a process that ensures and confirms a user's identity or role that
someone has. It can be done in a number of different ways, but it is usually based on a
combination of-
o something the person has (like a smart card or a radio key for storing secret keys),
o something the person knows (like a password),
o something the person is (like a human with a fingerprint).
Authentication is the necessity of every organizations because it enables organizations
to keep their networks secure by permitting only authenticated users to access its
protected resources. These resources may include computer systems, networks,
databases, websites and other network-based applications or services.
Authorization
Authorization is a security mechanism which gives permission to do or have something.
It is used to determine a person or system is allowed access to resources, based on an
access control policy, including computer programs, files, services, data and application
features. It is normally preceded by authentication for user identity verification. System
12. administrators are typically assigned permission levels covering all system and user
resources. During authorization, a system verifies an authenticated user's access rules
and either grants or refuses resource access.
Physical Security
Physical security describes measures designed to deny the unauthorized access of IT
assets like facilities, equipment, personnel, resources and other properties from damage.
It protects these assets from physical threats including theft, vandalism, fire and natural
disasters.
2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and safeguarded
from unauthorized user modification. It is the property that information has not be
altered in an unauthorized way, and that source of the information is genuine.
Tools for Integrity
Backups
13. Backup is the periodic archiving of data. It is a process of making copies of data or data
files to use in the event when the original data or data files are lost or destroyed. It is
also used to make copies for historical purposes, such as for longitudinal studies,
statistics or for historical records or to meet the requirements of a data retention policy.
Many applications especially in a Windows environment, produce backup files using the
.BAK file extension.
Checksums
A checksum is a numerical value used to verify the integrity of a file or a data transfer. In
other words, it is the computation of a function that maps the contents of a file to a
numerical value. They are typically used to compare two sets of data to make sure that
they are the same. A checksum function depends on the entire contents of a file. It is
designed in a way that even a small change to the input file (such as flipping a single
bit) likely to results in different output value.
Data Correcting Codes
It is a method for storing data in such a way that small changes can be easily detected
and automatically corrected.
3. Availability
Availability is the property in which information is accessible and modifiable in a timely
fashion by those authorized to do so. It is the guarantee of reliable and constant access
to our sensitive data by authorized people.
Tools for Availability
o Physical Protections
o Computational Redundancies
Physical Protections
Physical safeguard means to keep information available even in the event of physical
challenges. It ensure sensitive information and critical information technology are
housed in secure areas.
14. Computational redundancies
It is applied as fault tolerant against accidental faults. It protects computers and storage
devices that serve as fallbacks in the case of failures.
Cyber Security Principles
The UK internet industry and Government recognized the need to develop a series of
Guiding Principles for improving the online security of the ISPs' customers and limit the
rise in cyber-attacks. Cybersecurity for these purposes encompasses the protection of
essential information, processes, and systems, connected or stored online, with a broad
view across the people, technical, and physical domains.
These Principles recognize that the ISPs (and other service providers), internet users, and
UK Government all have a role in minimizing and mitigating the cyber threats inherent
in using the internet.
These Guiding Principles have been developed to respond to this challenge by
providing a consistent approach to help, inform, educate, and protect ISPs' (Internet
Service Provider's) customers from online crimes. These Guiding Principles are
aspirational, developed and delivered as a partnership between Government and ISPs.
They recognize that ISPs have different sets of customers, offer different levels of
support and services to protect those customers from cyber threats.
Some of the essential cybersecurity principles are described below-
Skip Ad
15. 1. Economy of mechanism
2. Fail-safe defaults
3. Least Privilege
4. Open Design
5. Complete mediation
6. Separation of Privilege
7. Least Common Mechanism
8. Psychological acceptability
9. Work Factor
10. Compromise Recording
16. 1. Economy of mechanism
This principle states that Security mechanisms should be as simple and small as possible.
The Economy of mechanism principle simplifies the design and implementation of
security mechanisms. If the design and implementation are simple and small, fewer
possibilities exist for errors. The checking and testing process is less complicated so that
fewer components need to be tested.
Interfaces between security modules are the suspect area which should be as simple as
possible. Because Interface modules often make implicit assumptions about input or
output parameters or the current system state. If the any of these assumptions are
wrong, the module's actions may produce unexpected results. Simple security
framework facilitates its understanding by developers and users and enables the
efficient development and verification of enforcement methods for it.
2. Fail-safe defaults
The Fail-safe defaults principle states that the default configuration of a system should
have a conservative protection scheme. This principle also restricts how privileges are
initialized when a subject or object is created. Whenever access, privileges/rights, or
some security-related attribute is not explicitly granted, it should not be grant access to
that object.
Example: If we will add a new user to an operating system, the default group of the user
should have fewer access rights to files and services.
3. Least Privilege
This principle states that a user should only have those privileges that need to complete
his task. Its primary function is to control the assignment of rights granted to the user,
not the identity of the user. This means that if the boss demands root access to a UNIX
system that you administer, he/she should not be given that right unless he/she has a
task that requires such level of access. If possible, the elevated rights of a user identity
should be removed as soon as those rights are no longer needed.
4. Open Design
17. This principle states that the security of a mechanism should not depend on the secrecy
of its design or implementation. It suggests that complexity does not add security. This
principle is the opposite of the approach known as "security through obscurity." This
principle not only applies to information such as passwords or cryptographic systems
but also to other computer security related operations.
Example: DVD player & Content Scrambling System (CSS) protection. The CSS is a
cryptographic algorithm that protects the DVD movie disks from unauthorized copying.
5. Complete mediation
The principle of complete mediation restricts the caching of information, which often
leads to simpler implementations of mechanisms. The idea of this principle is that access
to every object must be checked for compliance with a protection scheme to ensure
that they are allowed. As a consequence, there should be wary of performance
improvement techniques which save the details of previous authorization checks, since
the permissions can change over time.
Whenever someone tries to access an object, the system should authenticate the access
rights associated with that subject. The subject's access rights are verified once at the
initial access, and for subsequent accesses, the system assumes that the same access
rights should be accepted for that subject and object. The operating system should
mediate all and every access to an object.
Example: An online banking website should require users to sign-in again after a certain
period like we can say, twenty minutes has elapsed.
6. Separation of Privilege
This principle states that a system should grant access permission based on more than
one condition being satisfied. This principle may also be restrictive because it limits
access to system entities. Thus before privilege is granted more than two verification
should be performed.
Example: To su (change) to root, two conditions must be met-
o The user must know the root password.
o The user must be in the right group (wheel).
7. Least Common Mechanism
18. This principle states that in systems with multiple users, the mechanisms allowing
resources shared by more than one user should be minimized as much as possible. This
principle may also be restrictive because it limits the sharing of resources.
Example: If there is a need to be accessed a file or application by more than one user,
then these users should use separate channels to access these resources, which helps to
prevent from unforeseen consequences that could cause security problems.
8. Psychological acceptability
This principle states that a security mechanism should not make the resource more
complicated to access if the security mechanisms were not present. The psychological
acceptability principle recognizes the human element in computer security. If security-
related software or computer systems are too complicated to configure, maintain, or
operate, the user will not employ the necessary security mechanisms. For example, if a
password is matched during a password change process, the password changing
program should state why it was denied rather than giving a cryptic error message. At
the same time, applications should not impart unnecessary information that may lead to
a compromise in security.
Example: When we enter a wrong password, the system should only tell us that the user
id or password was incorrect. It should not tell us that only the password was wrong as
this gives the attacker information.
9. Work Factor
This principle states that the cost of circumventing a security mechanism should be
compared with the resources of a potential attacker when designing a security scheme.
In some cases, the cost of circumventing ("known as work factor") can be easily
calculated. In other words, the work factor is a common cryptographic measure which is
used to determine the strength of a given cipher. It does not map directly to cyber
security, but the overall concept does apply.
Example: Suppose the number of experiments needed to try all possible four character
passwords is 244
= 331776. If the potential attacker must try each experimental
password at a terminal, one might consider a four-character password to be satisfactory.
On the other hand, if the potential attacker could use an astronomical computer capable
of trying a million passwords per second, a four-letter password would be a minor
barrier for a potential intruder.
10. Compromise Recording
19. The Compromise Recording principle states that sometimes it is more desirable to
record the details of intrusion that to adopt a more sophisticated measure to prevent it.
Example: The servers in an office network may keep logs for all accesses to files, all
emails sent and received, and all browsing sessions on the web. Another example is that
Internet-connected surveillance cameras are a typical example of a compromise
recording system that can be placed to protect a building.
Cyber Laws in India and Information Technology
Act –
o
Cyber law is important because it touches almost all aspects of transactions and
activities and on involving the internet, World Wide Web and cyberspace. Every
action and reaction in cyberspace has some legal and cyber legal angles.
With the Computer and internet taking over every aspect of our life, there was a
need for strong cyber law. The article aims to understand the cyber legislations in
India and the offences relating to the use of or concerned with the abuse of
computers or other electronic gadgets.
Cyber law in India is not a separate legal framework. It is a combination of
contract, intellectual property, data protection, and privacy laws.
Cyber laws supervise the digital circulation of information, software, information
security, e-commerce, and monetary transactions.
Introduction:
The dawn of cyber laws in India started with the boom in globalization and
computerization in India. The number of cyber-crimes registered each year in India is
shocking and it is only getting worse. This is because the pool of gullible prey for cyber
20. conmen has shot up with India going digital. This calls for a basic understanding of the
laws that govern the cyber space in India.
The Cyber Laws in India or the Information Technology Act, 2000 was amended in 2008
to include cyber-crimes related to banking and financial transactions.
Cyber Law Regulatory framework under the Information
Technology Act in India:
India enacted the Information Technology Act, 2000 (“IT Act”) on 09 June 2000. The IT
Act now becomes the law of land in India which in general terms is also known as Cyber
Law. The IT Act is based on the UNCITRAL model law on e-commerce. The preamble
of the IT Act simply indicates that the Act is centered on affording legal recognition to
transactions carried out electronically. However, the scope of the IT Act goes much
beyond its preamble. It covers multiple areas including data protection and security,
cybercrimes, adjudication of cyber disputes, government mandated surveillance of digital
communication, and intermediary liability.
The following Act, Rules, and regulations are included under cyber laws.
1. Information Technology Act,2000
2. Information Technology (Certifying Authorities) Rules,2000
3. Information Technology (Security Procedure) Rules, 2004
4. Information Technology (Certifying Authority) Regulations, 2001
5. The Indian Evidence Act, 1872
6. The Bankers Books Evidence Act, 1891
Emerging technologies, explosion of digital business models and a substantial increase in
the instances of cybercrimes have triggered the government to take steps to fast track the
process of amending the IT Act.
In a cyber-crime, computer or the data itself is the target or the object of offence or a tool
in committing some other offence, providing the necessary inputs for that offence. All
such acts of crime will come under the broader definition of cyber-crime.
Cyber law encompasses laws relating to:
21. Cyber crimes
Electronic and digital signatures
Intellectual property
Data protection and privacy
Penalty for Damage to Computer, Computer Systems, etc. under
the IT Act:
Under this law, there is a provision for imposition of penalty in case of any non-
compliance. The following are some of the penalty provisions as prescribed under the
law.
Tampering with Computer source documents:
-Hazardous chemical processing units have to ensure that vessels, pipes, valves should be tested
periodically to curb down such accidents.
Sending offensive messages through communication service:
-Imprisonment, which may extend up to three years with fine.
Violation of Privacy:
-Imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.
Publication for fraudulent purposes:
-Imprisonment up to two years or with fine which may extend up to one lakh rupees, or with both
Publishing of Absence information in electronic form:
-Imprisonment up to ten years, or with fine which may extend up to two lakh rupees, or with both.
Importance of Cyber Law in India:
In today’s techno-savvy environment, the internet is treated as a research and information
sharing tool. Since the number of internet users is on the rise, it gives birth to Cyber
Crimes. All issues relating to cybercrime or internet crime are dealt with through Cyber
Law. So, to get the remedy against Cyber Crime, the need for Cyber-law arises.
22. Cyber-law is important in a country like India where the internet is used to a large extent.
The law is enacted to save people and organizations from cybercrime and other internet-
related crimes. It protects the privacy of every individual and organization. Before the
enactment of Cyber-law, no specific law existed in India to deal with cybercrime. As per
rules and regulations of the Cyber-law, a person who commits cybercrime is liable to get
punishment. If anyone violates and breaks the provisions of the law, then it allows
another person or organization to take legal action against that person.
The requirement of Cyber Law can arise as under:
o
Nowadays as all the transactions related to shares are done in Demat form, anyone
who is associated with these transactions requires internet and protection under
Cyber Law in case of any fraudulent transaction.
Most of the companies in India keep their official data in electronic form. To avoid
the misuse of such data, a company can need the assistance of this law.
Due to the rapid growth of technology, various Government forms like ITR return,
Service tax returns are filled in electronic form. Anyone can by hacking the
government portal sites easily misuse those forms. Only under cyber law, you are
eligible to get remedy against this type of fraud.
People are using credit cards and debit cards for shopping purposes. However,
some frauds through the internet clone those credit cards and debit cards. Card
cloning is a technique where someone with the help of the internet easily obtains
your card details. With the help of Cyber law, you can easily trace such criminals.
Digital Signatures and e-contracts are the most common methods of transacting
business. Anyone who is associated with such digital Signatures and e-contracts
can easily make fraud by misusing them. Cyber law protects you against such type
of fraud.
Prevention of Cyber Crime:
Anyone using the internet should exercise some basic precautions. Following are some
basic precautions:
a) Use a full-service internet security suite: For instance, Norton Security provides real-
time protection against existing and emerging malware including ransomware and
viruses, and helps protect your private and financial information when you go online.
b) Use strong passwords.
23. c) Keep your software updated.
d) Manage your social media settings.
Conclusion:
With the adoption of the IT Act, India is now one of the few countries in the world that
have a separate law to deal with IT issues and crimes. This has now paved the way for
incredible growth in the fields of e-commerce and internet transactions which has, in
turn, resulted in advanced economic growth.
Regardless, the implementation of the Act along with its counterpart, the IT Rules, has
been successful in tackling cyber-crimes so far. With the ever-growing world of new
technology and expanding cyberspace, we aren’t yet aware of what kind of cyber-
crimes may arise. Cyber law is the appropriate law to provide a remedy against
Cybercrime. At present, people who commit cyber-crime offenses think twice about the
cyber law, before committing any such offenses. The law helps in decreasing the rate
of cybercrime offenses.
Cyberspace
Cyberspace can be defined as an intricate environment that involves interactions
between people, software, and services. It is maintained by the worldwide distribution
of information and communication technology devices and networks.
With the benefits carried by the technological advancements, the cyberspace today
has become a common pool used by citizens, businesses, critical information
infrastructure, military and governments in a fashion that makes it hard to induce clear
boundaries among these different groups. The cyberspace is anticipated to become
even more complex in the upcoming years, with the increase in networks and devices
connected to it.
Cyber security
24. Cybersecurity denotes the technologies and procedures intended to safeguard
computers, networks, and data from unlawful admittance, weaknesses, and attacks
transported through the Internet by cyber delinquents.
ISO 27001 (ISO27001) is the international Cybersecurity Standard that delivers a
model for creating, applying, functioning, monitoring, reviewing, preserving, and
improving an Information Security Management System.
The Ministry of Communication and Information Technology under the government of
India provides a strategy outline called the National Cybersecurity Policy. The purpose
of this government body is to protect the public and private infrastructure from cyber-
attacks.
Cybersecurity Policy
The cybersecurity policy is a developing mission that caters to the entire field of
Information and Communication Technology (ICT) users and providers. It includes −
Home users
Small, medium, and large Enterprises
Government and non-government entities
It serves as an authority framework that defines and guides the activities associated
with the security of cyberspace. It allows all sectors and organizations in designing
suitable cybersecurity policies to meet their requirements. The policy provides an
outline to effectively protect information, information systems and networks.
It gives an understanding into the Government’s approach and strategy for security of
cyber space in the country. It also sketches some pointers to allow collaborative
working across the public and private sectors to safeguard information and information
systems. Therefore, the aim of this policy is to create a cybersecurity framework, which
leads to detailed actions and programs to increase the security carriage of cyberspace.
Cyber Crime
The Information Technology Act 2000 or any legislation in the Country does not
describe or mention the term Cyber Crime. It can be globally considered as the
gloomier face of technology. The only difference between a traditional crime and a
cyber-crime is that the cyber-crime involves in a crime related to computers. Let us see
the following example to understand it better −
Traditional Theft − A thief breaks into Ram’s house and steals an object kept in the
house.
Hacking − A Cyber Criminal/Hacker sitting in his own house, through his computer,
hacks the computer of Ram and steals the data saved in Ram’s computer without
physically touching the computer or entering in Ram’s house.
The I.T. Act, 2000 defines the terms −
25. access in computer network in section 2(a)
computer in section 2(i)
computer network in section (2j)
data in section 2(0)
information in section 2(v).
To understand the concept of Cyber Crime, you should know these laws. The object of
offence or target in a cyber-crime are either the computer or the data stored in the
computer.
Nature of Threat
Among the most serious challenges of the 21st century are the prevailing and possible
threats in the sphere of cybersecurity. Threats originate from all kinds of sources, and
mark themselves in disruptive activities that target individuals, businesses, national
infrastructures, and governments alike. The effects of these threats transmit significant
risk for the following −
public safety
security of nations
stability of the globally linked international community
Malicious use of information technology can easily be concealed. It is difficult to
determine the origin or the identity of the criminal. Even the motivation for the
disruption is not an easy task to find out. Criminals of these activities can only be
worked out from the target, the effect, or other circumstantial evidence. Threat actors
can operate with considerable freedom from virtually anywhere. The motives for
disruption can be anything such as −
simply demonstrating technical prowess
theft of money or information
extension of state conflict, etc.
Criminals, terrorists, and sometimes the State themselves act as the source of these
threats. Criminals and hackers use different kinds of malicious tools and approaches.
With the criminal activities taking new shapes every day, the possibility for harmful
actions propagates.
26. Enabling People
The lack of information security awareness among users, who could be a simple
school going kid, a system administrator, a developer, or even a CEO of a company,
leads to a variety of cyber vulnerabilities. The awareness policy classifies the following
actions and initiatives for the purpose of user awareness, education, and training −
A complete awareness program to be promoted on a national level.
A comprehensive training program that can cater to the needs of the national
information security (Programs on IT security in schools, colleges, and
universities).
Enhance the effectiveness of the prevailing information security training
programs. Plan domain-specific training programs (e.g., Law Enforcement,
Judiciary, E-Governance, etc.)
Endorse private-sector support for professional information security
certifications.
Information Technology Act
The Government of India enacted The Information Technology Act with some major
objectives which are as follows −
To deliver lawful recognition for transactions through electronic data interchange
(EDI) and other means of electronic communication, commonly referred to
as electronic commerce or E-Commerce. The aim was to use replacements of
paper-based methods of communication and storage of information.
To facilitate electronic filing of documents with the Government agencies and
further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the
27. Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934
and for matters connected therewith or incidental thereto.
The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000. The
I. T. Act got the President’s assent on June 9, 2000 and it was made effective from
October 17, 2000. By adopting this Cyber Legislation, India became the 12th nation in
the world to adopt a Cyber Law regime.
Intellectual property rights are the legal rights that cover the privileges given to
individuals who are the owners and inventors of a work, and have created something
with their intellectual creativity. Individuals related to areas such as literature, music,
invention, etc., can be granted such rights, which can then be used in the business
practices by them.
The creator/inventor gets exclusive rights against any misuse or use of work without
his/her prior information. However, the rights are granted for a limited period of time to
maintain equilibrium.
The following list of activities which are covered by the intellectual property rights are
laid down by the World Intellectual Property Organization (WIPO) −
Industrial designs
Scientific discoveries
Protection against unfair competition
Literary, artistic, and scientific works
Inventions in all fields of human endeavor
Performances of performing artists, phonograms, and broadcasts
Trademarks, service marks, commercial names, and designations
All other rights resulting from intellectual activity in the industrial, scientific, literary, or
artistic fields
28. Types of Intellectual Property Rights
Intellectual Property Rights can be further classified into the following categories −
Copyright
Patent
Patent
Trade Secrets, etc.
Advantages of Intellectual Property Rights
Intellectual property rights are advantageous in the following ways −
Provides exclusive rights to the creators or inventors.
Encourages individuals to distribute and share information and data instead of
keeping it confidential.
Provides legal defense and offers the creators the incentive of their work.
Helps in social and financial development.
Intellectual Property Rights in India
To protect the intellectual property rights in the Indian territory, India has defined the
formation of constitutional, administrative and jurisdictive outline whether they imply the
copyright, patent, trademark, industrial designs, or any other parts of the intellectual
property rights.
Back in the year 1999, the government passed an important legislation based on
international practices to safeguard the intellectual property rights. Let us have a
glimpse of the same −
29. The Patents (Amendment) Act, 1999, facilitates the establishment of the mail
box system for filing patents. It offers exclusive marketing rights for a time period
of five years.
The Trade Marks Bill, 1999, replaced the Trade and Merchandise Marks Act,
1958
The Copyright (Amendment) Act, 1999, was signed by the President of India.
The sui generis legislation was approved and named as the Geographical
Indications of Goods (Registration and Protection) Bill, 1999.
The Industrial Designs Bill, 1999, replaced the Designs Act, 1911.
The Patents (Second Amendment) Bill, 1999, for further amending the Patents
Act of 1970 in compliance with the TRIPS.
Intellectual Property in Cyber Space
Every new invention in the field of technology experiences a variety of threats. Internet
is one such threat, which has captured the physical marketplace and have converted it
into a virtual marketplace.
To safeguard the business interest, it is vital to create an effective property
management and protection mechanism keeping in mind the considerable amount of
business and commerce taking place in the Cyber Space.
Today it is critical for every business to develop an effective and collaborative IP
management mechanism and protection strategy. The ever-looming threats in the
cybernetic world can thus be monitored and confined.
Various approaches and legislations have been designed by the law-makers to up the
ante in delivering a secure configuration against such cyber-threats. However it is the
duty of the intellectual property right (IPR) owner to invalidate and reduce such mala
fide acts of criminals by taking proactive measures.
Salient Features of I.T Act
The salient features of the I.T Act are as follows −
Digital signature has been replaced with electronic signature to make it a more
technology neutral act.
It elaborates on offenses, penalties, and breaches.
It outlines the Justice Dispensation Systems for cyber-crimes.
30. It defines in a new section that cyber café is any facility from where the access to
the internet is offered by any person in the ordinary course of business to the
members of the public.
It provides for the constitution of the Cyber Regulations Advisory Committee.
It is based on The Indian Penal Code, 1860, The Indian Evidence Act, 1872, The
Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934, etc.
It adds a provision to Section 81, which states that the provisions of the Act shall
have overriding effect. The provision states that nothing contained in the Act
shall restrict any person from exercising any right conferred under the Copyright
Act, 1957.
Scheme of I.T Act
The following points define the scheme of the I.T. Act −
The I.T. Act contains 13 chapters and 90 sections.
The last four sections namely sections 91 to 94 in the I.T. Act 2000 deals with
the amendments to the Indian Penal Code 1860, The Indian Evidence Act 1872,
The Bankers’ Books Evidence Act 1891 and the Reserve Bank of India Act 1934
were deleted.
It commences with Preliminary aspect in Chapter 1, which deals with the short,
title, extent, commencement and application of the Act in Section 1. Section 2
provides Definition.
Chapter 2 deals with the authentication of electronic records, digital signatures,
electronic signatures, etc.
Chapter 11 deals with offences and penalties. A series of offences have been
provided along with punishment in this part of The Act.
Thereafter the provisions about due diligence, role of intermediaries and some
miscellaneous provisions are been stated.
The Act is embedded with two schedules. The First Schedule deals with
Documents or Transactions to which the Act shall not apply. The Second
Schedule deals with electronic signature or electronic authentication technique
and procedure. The Third and Fourth Schedule are omitted.
Application of the I.T Act
As per the sub clause (4) of Section 1, nothing in this Act shall apply to documents or
transactions specified in First Schedule. Following are the documents or transactions
to which the Act shall not apply −
Negotiable Instrument (Other than a cheque) as defined in section 13 of the
Negotiable Instruments Act, 1881;
31. A power-of-attorney as defined in section 1A of the Powers-of-Attorney Act,
1882;
A trust as defined in section 3 of the Indian Trusts Act, 1882;
A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925
including any other testamentary disposition;
Any contract for the sale or conveyance of immovable property or any interest in
such property;
Any such class of documents or transactions as may be notified by the Central
Government.
Amendments Brought in the I.T Act
The I.T. Act has brought amendment in four statutes vide section 91-94. These
changes have been provided in schedule 1-4.
The first schedule contains the amendments in the Penal Code. It has widened
the scope of the term "document" to bring within its ambit electronic documents.
The second schedule deals with amendments to the India Evidence Act. It
pertains to the inclusion of electronic document in the definition of evidence.
The third schedule amends the Banker's Books Evidence Act. This amendment
brings about change in the definition of "Banker's-book". It includes printouts of
data stored in a floppy, disc, tape or any other form of electromagnetic data
storage device. Similar change has been brought about in the expression
"Certified-copy" to include such printouts within its purview.
The fourth schedule amends the Reserve Bank of India Act. It pertains to the
regulation of fund transfer through electronic means between the banks or
between the banks and other financial institution.
Intermediary Liability
Intermediary, dealing with any specific electronic records, is a person who on behalf of
another person accepts, stores or transmits that record or provides any service with
respect to that record.
According to the above mentioned definition, it includes the following −
Telecom service providers
Network service providers
Internet service providers
Web-hosting service providers
Search engines
Online payment sites
32. Online auction sites
Online market places and cyber cafes
Highlights of the Amended Act
The newly amended act came with following highlights −
It stresses on privacy issues and highlights information security.
It elaborates Digital Signature.
It clarifies rational security practices for corporate.
It focuses on the role of Intermediaries.
New faces of Cyber Crime were added.
Cyber Forensics or Computer Forensics is the application of investigation that
makes use of analysis techniques to gather and preserve data as evidence from
particular computing devices. The computing devices must be a suitable machine
or device that is presentable in the court of law.
The main objective or goal of Cyber Forensics is to perform a structured
investigation process through the maintenance of a documented evidence chain
to find out the situation of what happened on a computing device and the
person responsible for it.
Investigators majorly use cyber Forensic. Investigators use a variety of proprietary
softwares and techniques that have forensic applications and use these
applications to examine or search hidden copies or folders and unallocated disc
spaces of multiple damaged, deleted, or encrypted files or folders.
Investigators use all the evidence found as a digital copy and then document it as
a ‘finding report’ and later verify them with the initial preparation for a
presentation at legal proceedings that involve actual litigation or discovery, or
depositions.
Computer or Cyber forensics has evolved as a well-known area of scientific
expertise, with accompanying certification and coursework.
33. Handling of digital evidence
In the private sector, the response to cybersecurity incidents (e.g., a distributed denial of
service attack, unauthorized access to systems, or data breach) includes specific
procedures that should be followed to contain the incident, to investigate it and/or to
resolve the cybersecurity incident (Cyber Security Coalition, 2015). There two primary
ways of handling a cybersecurity incident: recover quickly or gather evidence (Cyber
Security Coalition, 2015): The first approach, recover quickly, is not concerned with the
preservation and/or collection of data but the containment of the incident to minimize
harm. Because of its primary focus on swift response and recovery, vital evidence
could be lost. The second approach, monitors the cybersecurity incident and focuses on
digital forensic applications in order to gather evidence of and information about the
incident. Because of its primary focus of evidence collection, the recovery from the
cybersecurity incident is delayed. These approaches are not exclusive to the private
sector. The approach taken by the private sector varies by organization and the
priorities of the organization.
Digital evidence is volatile and fragile and the improper handling of this evidence can
alter it. Because of its volatility and fragility, protocols need to be followed to ensure that
data is not modified during its handling (i.e., during its access, collection, packaging,
transfer, and storage). These protocols delineate the steps to be followed when
handling digital evidence. There are four phases involved in the initial handling of digital
evidence: identification, collection, acquisition, and preservation
Identification
In the identification phase, preliminary information is obtained about the cybercrime
case prior to collecting digital evidence. This preliminary information is similar to that
which is sought during a traditional criminal investigation. The investigator seeks to
answer the following questions:
Who was involved?
What happened?
When did the cybercrime occur?
Where did the cybercrime occur?
How did the cybercrime occur?
34. The answers to these questions will provide investigators with guidance on how to
proceed with the case. For example, the answer to the question "where did this crime
occur?" - that is, within or outside of a country's - will inform the investigator on how to
proceed with the case (e.g., which agencies should be involved and/or contacted).
In the identification phase, cybercrime investigators use many traditional investigative
techniques especially with respect to information and evidence gathering. For example,
victims, witnesses, and suspects of a cybercrime are interviewed to gather information
and evidence of the cybercrime under investigation. Undercover law enforcement
investigations have also been conducted to identify, investigate, and prosecute
cybercriminals .Additionally, cybercrime investigators have conducted covert
surveillance. This tactic is a "particularly intrusive method for collecting evidence. The
use of covert surveillance measures involves a careful balancing of a suspect's right to
privacy against the need to investigate serious criminality. Provisions on covert
surveillance should fully respect "the rights of the suspect. There have been various
decisions of international human rights bodies and courts on the permissibility of covert
surveillance and the parameters of these measures" (UNODC, 2010, p. 13). Even
malware has been used by law enforcement agencies to conduct surveillance in order
to gather information about and evidence of cybercrime.
Before digital evidence collection begins, the investigator must define the types of
evidence sought. Digital evidence can be found on digital devices, such as computers,
external hard drives, flash drives, routers, smartphones, tablets, cameras, smart
televisions, Internet-enabled home appliances (e.g., refrigerators and washing
machines), and gaming consoles (to name a few), as well as public resources (e.g.,
social media platforms, websites, and discussion forums) and private resources (e.g.
Internet service providers logs of user activity; communication service providers
business records; and cloud storage providers records of user activity and content).
Many applications, websites, and digital devices utilize cloud storage services. Users'
data can thus be stored wholly or in fragments by many different providers in servers in
multiple locations Because of this, retrieving data from these providers is challenging
The evidence sought will depend on the cybercrime under investigation. If the
cybercrime under investigation is identity-related fraud, then digital devices that are
seized will be searched for evidence of this crime (e.g., evidence of a fraudulent
transactions or fraudulent transactions).
35. Collection
With respect to cybercrime, the crime scene is not limited to the physical location of
digital devices used in the commissions of the cybercrime and/or that were the target of
the cybercrime. The cybercrime crime scene also includes the digital devices that
potentially hold digital evidence, and spans multiple digital devices, systems, and
servers. The crime scene is secured when a cybercrime is observed, reported, and/or
suspected. The first responder by isolating the users of all digital devices found at the
crime scene (e.g., holding them in a separate room or location). The users must not be
given the opportunity to further operate the digital devices. Neither should the first
responder nor the investigator seek the assistance of any user during the search and
documentation process. The investigator, if different from the first responder, searches
the crime scene and identifies the evidence. Before evidence is collected, the crime
scene is documented. Documentation is needed throughout the entire investigative
process (before, during, and after the evidence has been acquired). This documentation
should include detailed information about the digital devices collected, including the
operational state of the device - on, off, standby mode - and its physical characteristics,
such as make, model, serial number, connections, and any markings or other damage
(Casey, 2011; Sammons, 2012; Maras, 2014; Nelson, Phillips, and Steuart, 2015). In
addition to written notes, sketches, photographs and/or video recordings of the crime
scene and evidence are also needed to document the scene and evidence (Maras,
2014, pp. 230-233).
Acquisition
Different approaches to performing acquisition exist. The approach taken depends on
the type of digital device. For example, the procedure for acquiring evidence from a
computer hard drive is different from the procedure required to obtain digital evidence
from mobile devices, such as smartphones.
Unless live acquisition is performed, evidence is extracted from the seized digital
devices at the forensic laboratory (i.e., static acquisition). At the forensics laboratory,
digital evidence should be acquired in a manner that preserves the integrity of the
evidence (i.e., ensuring that the data is unaltered); that is, in a forensically
36. sound manner (see Cybercrime Module 4 on Introduction to Digital Forensics). To
achieve this, the tools and techniques used to acquire digital evidence must prevent
alterations to the data or when this is not possible, at the very least minimize them
(SWGDE Best Practices for Computer Forensic Acquisitions, 2018). The tools and
techniques used should be valid and reliable (NIST, n.d.; SWGDE Recommended
Guidelines for Validation Testing, 2014; US National Institute of Justice, 2007b). The
limitations of these tools and techniques should be identified and considered before
their use (SWGDE Best Practices for Computer Forensic Acquisitions, 2018). The US
National Institute of Standards and Technology has a searchable digital forensics tools
database with tools with various functionalities (e.g., cloud forensics tools, among
others) (for more information on digital forensics tools, see Cybercrime Module 4 on
Introduction to Digital Forensics).
Preservation
Evidence preservation seeks to protect digital evidence from modification. The integrity
of digital evidence should be maintained in each phase of the handling of digital
evidence (ISO/IEC 27037). First responders, investigators, crime scene technicians,
and/or digital forensics experts must demonstrate, wherever possible, that digital
evidence was not modified during the identification, collection, and acquisition phase;
the ability to do so, of course, depends on the digital device (e.g., computer and mobile
phones) and circumstances encountered by them (e.g., need to quickly preserve data).
To demonstrate this, a chain of custody must be maintained. The chain of custody is
"the process by which investigators preserve the crime (or incident) scene and evidence
throughout the life cycle of a case. It includes information about who collected the
evidence, where and how the evidence was collected, which individuals took
possession of the evidence, and when they took possession of it" (Maras, 2014, 377;
Cybercrime Module 4 on Introduction to Digital Forensics). In the chain of custody, the
names, titles, and contact information of the individuals who identified, collected, and
acquired the evidence should be documented, as well as any other individuals the
evidence was transferred to, details about the evidence that was transferred, the time
and date of transfer, and the purpose of the transfer.
Analysis and Reporting
37. In addition to the handling of digital evidence, the digital forensics process also involves
the examination and interpretation of digital evidence ( analysis phase), and the
communication of the findings of the analysis ( reporting phase). During
the analysis phase, digital evidence is extracted from the device, data is analysed, and
events are reconstructed. Before the analysis of the digital evidence, the digital
forensics analyst in the laboratory must be informed of the objectives of the search, and
provided with some background knowledge of the case and any other information that
was obtained during the investigation that can assist the forensics analyst in this phase
(e.g., IP address or MAC addresses). Various forms of analyses are performed
depending on the type of digital evidence sought, such as network, file system,
application, video, image, and media analysis Files are analysed to determine their
origin, and when and where the data was created, modified, accessed, downloaded, or
uploaded, and the potential connection of these files on storage devices to, for example,
remote storage, such as cloud-based storage (Carrier, 2005). The type of digital
evidence (e.g., emails, text messages, geolocation, Word processing documents,
images, videos, and chat logs) sought depends on the cybercrime case.
Generally, there are four types of analyses that can be performed on computers: time-
frame analysis; ownership and possession analysis; application and file analysis; and
data hiding analysis. The time-frame analysis seeks to create a timeline or time
sequence of actions using time stamps (date and time) that led to an event or to
determine the time and date a user performed some action (US National Institute of
Justice, 2004b). This analysis is performed to attribute a crime to a perpetrator or at the
very least attribute an act that led to a crime to particular individual (US National
Institute of Justice, 2004b); there are, however, challenges in validating time-frame
analysis results (see "Note" box).
The ownership and possession analysis is used to determine the person who created,
accessed, and/or modified files on a computer system (US National Institute of Justice,
2004b). For instance, this analysis may reveal an image of child sexual abuse material
(i.e., the "representation, by whatever means, of a child engaged in real or simulated
explicit sexual activities or representation of the sexual parts of a child for primarily
sexual purposes"; Article 2, United Nations Optional Protocol to the Convention on the
Rights of the Child on the Sale of Children, Child Prostitution, and Child Pornography of
2000) on a suspect's device. This piece of information alone is not enough to prove
ownership of child sexual abuse material. Further evidence is needed to prove this such
as exclusive use of the computer where the material was found. The application and file
analysis is performed to examine applications and files on a computer system to
38. determine the perpetrator's knowledge of and intent and capabilities to commit
cybercrime (for example, the labelling or name of the file may indicate the contents of
the file; e.g., the file name can be the cybercrime victim's name) (US National Institute
of Justice, 2004b).
Deleted Files
When a file is deleted on a computer, it is placed in the Recycle Bin or Trash. If the
Recycle Bin or Trash of trash is emptied (i.e., by the deletion of content), the files that
were deleted are removed from the file allocation table, which archives file names and
locations on hard drives (Maras, 2014). The space where the file resides is marked as
free space (i.e., unallocated space) after it is deleted but the file still resides in that
space (at least until it is fully or partially overwritten by new data) (Maras, 2014)
As the US National Institute of Justice concluded, "[i]n and of themselves, results
obtained from any one of these ….[analyses] may not be sufficient to draw a conclusion.
When viewed as a whole, however, associations between individual results may provide
a more complete picture" (p. 18).
The purpose of these analyses is crime reconstruction (or event reconstruction). Event
reconstruction seeks to determine who was responsible for the
event, what happened, where did the event occur, when did the event take place,
and howthe event unfolded, through the identification, collation, and linkage of data
(revealing the "big picture" or essence of an event). Event reconstruction can involve
a temporal analysis (i.e., the determination of the time events occurred and the
sequence of these events), relational analysis (i.e., the determination of the individuals
involved and what they did, and the association and relationships between these
individuals), and functional analysis (i.e., assessment of the performance and
capabilities of systems and devices involved in events) (Casey, 2010; Casey, 2011;
Kao, 2016). Overall, event reconstruction is performed to prove or disprove a working
hypothesis concerning the case (i.e., educated guess concerning the sequence of acts
that led to an event) (ENFSI, 2015).
Digital forensics
The digital forensics process involves the: search, acquisition, preservation, and
maintenance of digital evidence; description, explanation and establishment of the origin
of digital evidence and its significance; the analysis of evidence and its validity,
39. reliability, and relevance to the case; and the reporting of evidence pertinent to the case
(Maras, 2014).
Various digital forensics methodologies have been developed and adopted. In 2001, the
Digital Forensic Research Workshop, "a non-profit, volunteer organization,
….[dedicated to] sponsoring technical working groups, annual conferences and
challenges to help drive the direction of research and development," developed a model
based on the United States Federal Bureau of Investigation's protocol for physical crime
scene searches, which includes seven phases: identification, preservation, collection,
examination, analysis, presentation, and decision (Palmer, 2001, p. 14) (see Figure 1).
Figure 1. Palmer, Gary. (2001). DFRWS Technical Report: A Road Map for Digital Forensic
Research. Digital Forensic Research Workshop. Utica, New York. p. 24
In 2002, another digital forensics model was proposed, which was based on the 2001
Digital Forensic Research Workshop model and the United States Federal Bureau of
40. Investigation's crime scene search protocol (for physical crime scenes) (Reith, Carr, and
Gunsch, 2002). This model ("The Abstract Digital Forensics Model") had nine phases
(Baryamureeba and Tushabe, 2004, 3):
identification (i.e., "recognizes an incident from indicators and determines its type");
preparation (i.e., "preparation of tools, techniques, search warrants, and monitoring
authorizations and management support");
approach strategy (i.e., "develops a procedure to use in order to maximize the collection of
untainted evidence while minimizing the impact to the victim");
preservation (i.e., "the isolation, securing and preservation of the state of physical and digital
evidence");
collection (i.e., "recording of the physical scene and duplicate digital evidence using
standardized and accepted procedures");
examination (i.e., "an in-depth systematic search of evidence relating to the suspected crime");
analysis (i.e., "determination of the significance, reconstructing fragments of data and drawing
conclusions based on evidence found");
presentation (i.e., "summary and explanation of conclusions"); and
returning evidence (i.e., "physical and digital property is returned to proper owner").
In 2003, the Integrated Digital Investigation Model (see Figure 2) was proposed, which
is a more holistic investigative approach that has five basic stages, each with its own
phases readiness (i.e., assess ability of operations and infrastructure to support
investigation); deployment (i.e., incident detected, appropriate personnel notified, and
authorization for investigation is obtained - e.g., legal order for law enforcement
investigations, supervisor authorization for private investigations); physical crime scene
investigation (i.e., secure crime scene, identify relevant physical evidence, document
crime scene, collect physical evidence at crime scene, examine this evidence,
reconstruct crime scene events, and present findings in court); digital crime scene
investigation (i.e., secure and identify relevant digital evidence, document the evidence,
acquire, and analyse it, reconstruct events, and present findings in court);
and review(i.e., once the investigation is concluded, an assessment is made to identify
lessons learned).
41. Figure 2. Integrated Digital Investigation Process Phases: Carrier, Brian D. and Eugene H.
Spafford. (2003). Getting physical with the digital investigation process. International Journal
of Digital Evidence, Vol. 2(2), p. 6.
In 2006, the United States National Institute of Standards and Technology proposed a
four-phase digital forensics model (see Figure 3) the collection phase, which includes
the identification of evidence at the scene, and its labelling, documentation, and ultimate
collection; examination phase wherein the appropriate forensic tools and techniques to
be used to extract relevant digital evidence, while preserving its integrity, are
determined; analysis phase whereby the evidence extracted is evaluated to determine
its usefulness and applicability to the case; and the reporting phase, which includes the
actions performed during the digital forensics process and the presentation of the
findings.
Figure 3. National Institute of Standards and Technology, four-phase digital investigation
model proposed in SP 800-86: Kent, Karen et al. (2006). Guide to Integrating Forensic
Techniques into Incident Response. National Institute of Standards and Technology. p. 25.
The above-mentioned models are based on the assumptions that all of the phases are
completed for each crime and cybercrime investigation (Rogers et al., 2006). In
practice, however, this is not always the case. Because the volumes of data and the
digital devices collecting, storing, and sharing data have exponentially expanded,
resulting in more criminal cases involving some type of digital device, it is increasingly
being considered impractical to conduct in-depth examinations of each digital device. As
42. Casey, Ferraro, and Nguyen (2009) pointed out, "few [digital forensics laboratories] can
still afford to create a forensic duplicate of every piece of media and perform an in-depth
forensic examination of all data on those media… It makes little sense to wait for the
review of each piece of media if only a handful of them will provide data of evidentiary
significance" (p. 1353).
In view of that, digital forensics process models have been developed that take this into
consideration. For instance, Rogers et. al (2006) proposed the Cyber Forensic Field
Triage Process Model (CFFTPM), "an onsite or field approach" digital forensics process
model "for providing the identification, analysis and interpretation of digital evidence in a
short time frame, without the requirement of having to take the system(s)/media back to
the lab for an in-depth examination or acquiring a complete forensic image(s)" (p. 19).
Building on this model, Casey, Ferraro, and Nguyen (2009) proposed "three levels of
forensic examination" that can be used in the field or in the lab:
Survey/triage forensics inspection. This inspection is conducted to quickly review potential
sources of evidence and prioritize certain sources for examination based on the importance of
the type of evidence they could contain and the volatility of the evidence (Casey, Ferraro, and
Nguyen, 2009, pp. 1353 and 1356).
Preliminary forensic examination. To speed up the digital forensics process, a preliminary
forensic examination is conducted on the sources identified during the survey/triage
forensics inspection phase to find information that could be used in the investigation to obtain
direct, circumstantial, or other corroborative evidence of a matter asserted (Casey, Ferraro, and
Nguyen, 2009, pp. 1353 and 1356-1359). The failure to find forensic artefacts (i.e., data that
may be relevant to a digital forensics investigation) during this examination, which could
potentially happen because they were overlooked, does not automatically mean that an in-depth
forensic examination will not be conducted (this depends on the case and policies and
procedures of those conducting the examination).
In-depth forensic examination. All sources of evidence are examined. This type of examination
is often conducted "when evidence destruction is suspected, when additional questions arise
and when a case nears trial" (Casey, Ferraro, and Nguyen, 2009, p. 1359).
The viability and relevance of each model and its components continues to be debated
today (Valjarevic and Venter, 2015; Du, Le-Khac, and Scanlon, 2017). The reality is that
each country follows its own digital forensics standards, protocols and procedures.
However, differences in processes serve as an impediment to international cooperation
in law enforcement investigations
43. Ethics can be understood from a normative and prescriptive perspective. It refers to a body of
well-based standards of right and wrongs that prescribe what humans must do in terms of rights,
obligations, fairness, virtues and benefits. Ethical standards includes the right to choose, the right
to privacy, the right to freedom and expression among others that are founded and supported by
well-founded reasons. The second definition is founded on the continuous effort to access the
moral beliefs and conducts of society and can be defined as the study and development of
personal standards, behavior, feelings, laws and regulations.
Overview
In the Internet, people can feel invisible and do things they normally would not do in person or in
public – things they understand it is wrong to do. The Internet is becoming an indispensable tool
in life and it is becoming increasingly important to dust off the concept of cyberspace ethics.
Common terms such as cyber citizenship, cyber ethics and netiquette are becoming commonly
used to refer to cyber social behavior. The terms refer to the things that people do online when
no one is watching. Children are using Internet at an increased rate than before and cyber ethics
as emerged as a common denominator to instilling good e-habits at an early age. The unfortunate
thing is that children armed with computers can instill serious damages and harm irrespective of
whether they are trying to be mischievous or intentionally commit cybercrimes. Cybercrime is
not limited to young people who are getting to know technological offerings alone. Government
agencies, businesses, consumers and the general public have become victims of cyber-attacks.
Attacks on US infrastructure in 2008 originating from Middle East and causing serious digital
beachhead as well the case of Bradley Manning, a US Military specialist who leaked thousands
of classified information to Whistle-blowing website Wikileak highlight just a few of the cyber
crimes and their damaging effects. The recent attack on Target that saw 70 million customers
encrypted PIN stolen is another wakeup call for policy makers and businesses demonstrating the
magnitude of cyber war. Though these attacks can be thought as spanning a wide spectrum, they
just highlight the difficulties of enforcing cyber etiquette (Sembok, 2013).
There has been contention as to whether there is a difference between ethics in the real world and
44. that in online platforms. While the answer to some might seem obvious, there is a greater
disconnect between ethics in the real world and cyberspace. For instance, in a poll conducted on
elementary and middle school kids, half of them reported that they don’t believe that hacking is a
real crime. This assertion emanating from a tender age group just highlights the divide between
real world and online ethics and stress on the need for parents and educational groups to initiate
intensive programs on ethical behavior especially in the cyber space