BPRD Cyber Forensics Presentation

Cyber Forensics
Training to Deputy SPs Organised by Bureau of

Police Research & Development Govt. of India
Dr. Tabrez Ahmad
Associate Professor of Law
www.site.technolexindia.com
tabrezahmad7@gmail.com
http://technolexindia.blogspot.com
Dr. Tabrez ahmad, www.site.technolexindia.com,

Wednesday,Feb 03, 2010 http://technolexindia.blogspot.com 1
Dr. Tabrez ahmad,
www.site.technolexindia.com,
Digital Revolution Internet Infra in INDIA
Internet
INDIA Internet Infrastructure:2008.5
1Mil. Domains
(0.5 Mil. “.in”)
Bharti
BSNL NIC
130+ IDCs 134 Major Mail Servers

ISPs
ERNET
Reliance
TATA
Communications
4.8 Mil. High DNS

Speed Internet
Enterprise
IT /
65 Mil. Internet Govt. ITES
Users BPO
Home
248 Mil. Mobile Academia
Phones
8 Mil. Mobile Phones being added
per month
`
Tele Density 24 per 1000 person

Targetted Broadband connection = 10 Mil. VOIP, IPTV
(2010) Dr. Tabrez ahmad, www.site.technolexindia.com, 3
Agenda
1. Background of Cyberlaw
2. Development of Internet regulation
3. Types of Cybercrimes
4. Computer viruses
5. Combating Cyber Crimes
6. New Scheme of Cybercrime Prevention,
Control and Regulation
7. Vicarious Liability of ISPs and Govt.
8. Cases
9. Cyberforensics
10. Future course of action

Dr. Tabrez ahmad,

Real-world & Virtual- world
Current approaches evolved to deal
with real-world crime
Cybercrime occurs in a virtual-world

and therefore presents different
issues

Example : Theft
Real-world theft:
Possession of property shifts completely
from A to B, i.e., A had it now B has it
Theft in Virtual-world (Cyber-theft):

Property is copied, so A “has” it and so does B

Development of Cyberlaw and need of
regulation
Internet for Security USA ARPANET
Internet for Research
Internet for e-commerce UNCITRAL Model Law 1996
I.T Act 2000
Internet for e-governance
Internet regulation – serious matter after 9/11 attack
on World Trade Centre
US Patriot Act
I.T Amendment Act 2008

Types of Cyber crimes
Credit card frauds
Cyber pornography
Sale of illegal articles-narcotics,
weapons, wildlife
Online gambling
Intellectual Property crimes-
software piracy, copyright
infringement, trademarks
violations, theft of computer
source code
Email spoofing
Forgery
Defamation
Cyber stalking (section 509 IPC)
Phising
Cyber terrorism Dr. Tabrez ahmad,
Cyber Crimes/
Cyber Tort
Cyber trespass Protection Vicarious
Cyberlibel Cyberprivacy Juris
of Contents Liability of
on Websites ISPs diction
Trespass to Trespass to
person Property Cookies Data Online Magic
Collection survelliance LanternTechnique
Identity
Cybersquating
Theft
Software Piracy
Phising
Cyberst Data Protection

alking
Confidential
Information
Spamming
Dr. Tabrez ahmad,

Hacking www.site.technolexindia.com,
Wednesday,Feb 03, 2010
http://technolexindia.blogspot.com 9
Virus, Worms and Trojan attacks: Viruses are basically
programs that are attached to a file which then gets
circulated to other files and gradually to other computers in
the network. Worms unlike Viruses do not need a host for
attachments they make copies of themselves and do this
repeatedly hence eating up all the memory of the computer.
Trojans are unauthorized programs which functions from
inside what seems to be an authorized program, thereby
concealing what it is actually doing.

Computer Viruses
Viruses
 A computer virus is a
computer program that can
infect other computer
programs by modifying them
in such a way as to include a
(possibly evolved) copy of it.
Note that a program does not
have to perform outright
damage (such as deleting or
corrupting files) in order to be
called a "virus".
Dr. Tabrez ahmad,

Combating cyber crimes
 Technological measures-Public key
cryptography, Electronic signatures
,Firewalls, honey pots
 Cyber investigation- Computer forensics
is the process of identifying, preserving,
analyzing and presenting digital evidence
in a manner that is legally acceptable in
courts of law.
 These rules of evidence include
admissibility (in courts), authenticity
(relation to incident), completeness,
reliability and believability.
 Legal framework-laws & enforcement
Dr. Tabrez ahmad,

I.T. ACT, 2000: OBJECTIVES
Different approaches for controlling, regulating and
facilitating electronic communication and commerce.

Aim to provide legal infrastructure for
e-commerce in India.
To provide legal recognition
for e-transactions

OBJECTIVES (Contd.)
Carried out by means of electronic data interchange, and
Other means of electronic communication, commonly
referred to as "electronic commerce", involving the use of
alternatives to paper-based methods of communication and
storage of information.
To facilitate electronic filing of documents with the
Government agencies
 To amend the Indian Penal Code, the Indian Evidence Act,
1872, the Banker's Book Evidence Act, 1891 and the Reserve
Bank of India Act, 1934
GOVERNMENT –NSP??
Governments Providing Services On The
Network
Governments Are Intermediaries. Sec 79 IT Act.
Under The It Act, 2000, All Governments, Central
And State, All Governmental Bodies Are

“Network Service Providers”
Section 79
For the removal of doubts, it is hereby declared that
no person providing any service as a network service
provider shall be liable under this Act, rules or
regulations made thereunder for any third party
information or data made available by him if he proves
that the offence or contravention was committed
without his knowledge or that he had exercised all due
diligence to prevent the commission of such offence or
contravention.

Network Service Providers:
When Not Liable
Explanation.—For the purposes of this section, —
(a) "network service provider" means an intermediary;
(b) "third party information" means any information
dealt with by a network service provider in his capacity
as an intermediary.

Tansparency In E-governance
Need For Transparent E-governance
Right To Information Act
Government Would Now Not Be Able To Hide
Records Concerning E-governance

AUTHENTICATION OF ELECTRONIC RECORDS
Any subscriber may authenticate an electronic record
Authentication by affixing his digital signature.
Any person by the use of a public key of the subscriber
can verify the electronic record

LEGALITY OF ELECTRONIC SIGNATURES
Legal recognition of digital signatures.

Electronic Signatures not yet legal in India.
Certifying Authorities for Digital Signatures.
Scheme for Regulation of Certifying Authorities for
Digital Signatures

CONTROLLER OF CERTIFYINGAUTHORITIES
Shall exercise supervision over the activities of Certifying

Authorities
Lay down standards and conditions governing Certifying
Authorities
 Specify various forms and content of Digital Signature
Certificates

DIGITAL SIGNATURES & ELECTRONIC RECORDS
Use of Electronic Records and Electronic
Signatures in Government Agencies.
 Publications of rules and regulations in the
Electronic Gazette.
MCA –21 Project- Usage of Digital Signatures

International initiatives
 Representatives from the 26 Council
of Europe members, the
United States, Canada, Japan and  Main objectives-
South Africa in 2001 signed a  Create effective cyber crime laws
convention on cybercrime in efforts
to enhance international cooperation  Handle jurisdiction issues
in combating computer-based  Cooperate in international
crimes. investigations
The Convention on Cybercrime,  Develop acceptable practices for
drawn up by experts of the Council search and seizure
of Europe, is designed to coordinate  Establish effective public/private
these countries' policies and laws on sector interaction
penalties on crimes in cyberspace,
define the formula guaranteeing the
efficient operation of the criminal
and judicial authorities, and
establish an efficient mechanism for
international cooperation.
 In 1997, The G-8 Ministers agreed to
ten "Principles to Combat High-Tech
Crime" and an "Action Plan to
Combat High-TechDr. Crime."
Tabrez ahmad, www.site.technolexindia.com,
Computer Related Crimes under IPC
and Special Laws
Sending threatening messages by email Sec 503 IPC
Sending defamatory messages by email Sec 499, 500 IPC
Forgery of electronic records Sec 463, 470, 471 IPC
Bogus websites, cyber frauds Sec 420 IPC

Email spoofing Sec 416, 417, 463 IPC
Online sale of Drugs NDPS Act
Web-Jacking Sec. 383 IPC
Online sale of Arms Arms Act

Wednesday,Feb 03, 2010 http://technolexindia.blogspot.com
24 24
Cognizability and Bailability
As per IT Amendment Act 2008
Offences which have not less than 3 years

punishment are cognizable and bailable

25 25
Power of Police to Investigate
· Section 156 Cr.P.C. : Power to investigate
cognizable offences.
· Section 155 Cr.P.C. : Power to investigate
non cognizable offences.
· Section 91 Cr.P.C. : Summon to produce
documents.
· Section 160 Cr.P.C. : Summon to require
attendance of witnesses.
Power of Police to investigate (contd.)
· Section 165 Cr.P.C. : Search by police officer.
· Section 93 Cr.P.C : General provision as to
search warrants.
· Section 47 Cr.P.C. : Search to arrest the
accused.
· Section 78 of IT Act, 2000 : Power to investigate
offences-not below rank of Inspector.
· Section 80 of IT Act, 2000 : Power of police
officer to enter any public place and search &
arrest.
New Scheme of Cybercrime Prevention, Control and Regulation
IT amendment Act 2008, Sec. 70-B(1)

Establishment of Indian Computer Emergency Response Team- to
serve as a national agency for incident response. Provide
guidelines and may ask information from intermidiaries.
Sec 70-B ( 8) No Court shall take cognizance of any offence under
this section except on a complaint made by an officer authorised
in this behalf by the agency referred to in Sub-sec (1).
Sec. 79-A Central Govt. to notify examiner of electronic evidence-
for expert opinion- the same will be relevant fact.
Sec. 84-A Central govt. provide modes or methods of encryption.
Sec. 78 Investigation can be made by police officer not below the
rank of Inspector.
Sec. 49 Composition of Cyber Appellate Tribunal
Case Study- BPO Data Theft
The recently reported case of a Bank Fraud in Pune in
which some ex employees of BPO arm of MPhasis Ltd
MsourcE, defrauded US Customers of Citi Bank to the
tune of RS 1.5 crores has raised concerns of many kinds
including the role of "Data Protection".

Case Study (contd.)
 The crime was obviously committed using "Unauthorized Access" to
the "Electronic Account Space" of the customers. It is therefore firmly
within the domain of "Cyber Crimes".
 ITA-2000 is versatile enough to accommodate the aspects of crime not
covered by ITA-2000 but covered by other statutes since any IPC
offence committed with the use of "Electronic Documents" can be
considered as a crime with the use of a "Written Documents".
"Cheating", "Conspiracy", "Breach of Trust" etc are therefore applicable
in the above case in addition to section in ITA-2000.
 Under ITA-2000 the offence is recognized both under Section 66 and
Section 43. Accordingly, the persons involved are liable for
imprisonment and fine as well as a liability to pay damage to the
victims to the maximum extent of Rs 1 crore per victim for which the
"Adjudication Process" can be invoked.

Case Study (contd.)
 The BPO is liable for lack of security that enabled the commission of
the fraud as well as because of the vicarious responsibility for the ex-
employee's involvement. The process of getting the PIN number was
during the tenure of the persons as "Employees" and hence the
organization is responsible for the crime.
 Some of the persons who have assisted others in the commission of the
crime even though they may not be directly involved as beneficiaries
will also be liable under Section 43 of ITA-2000.
 Under Section 79 and Section 85 of ITA-2000, vicarious responsibilities
are indicated both for the BPO and the Bank on the grounds of "Lack
of Due Diligence".
 At the same time, if the crime is investigated in India under ITA-2000,
then the fact that the Bank was not using digital signatures for
authenticating the customer instructions is a matter which would
amount to gross negligence on the part of the Bank. (However, in this
particular case since the victims appear to be US Citizens and the Bank
itself is US based, the crime may come under the jurisdiction of the US
courts and not Indian Courts).
Case Study- Case of Extortion of Money Through
Internet
 The complainant has received a threatening
email demanding protection from unknown
person claiming to be the member of Halala
Gang, Dubai. Police registered a case u/s.
384/506/511 IPC.
 The sender of the email used the email ID
xyz@yahoo.com & abc@yahoo.com and
signed as Chengez Babar.

Case Study (contd.)
 Both the email accounts were tracked, detail
collected from ISP’s & locations were
identified.
 The Cyber cafes from which the emails has
been made were monitored and the accused
person was nabbed red handed.

FIR NO 76/02 PS PARLIAMENT STREET
Mrs. SONIA GANDHI RECEIVED THREATING E-

MAILS
E- MAIL FROM
missonrevenge84@khalsa.com
missionrevenge84@hotmail.com
THE CASE WAS REFERRED
ACCUSED PERSON LOST HIS PARENTS DURING
1984 RIOTS

34 34
PM office computers attacked
In the month of December 2009, PM office computers
were attacked by Chinese hackers
On the same day Google and other sites were also
attacked by the Chinese hackers.

Threat mail to our CM
Mr. Navin Pattanaik got threat mail last week from a
cybercafe in Bhubaneswar.
Police traced the cybercafe but no record was
maintained by the café owner.
2 days ago Central University Koraput V C Mr.

Banerjee’s email was hacked and mail was send to
different officials
Still police is unable to find out the hackers

Survey published in March 2003-
Incidence of Cyber crime in India
Non Reporting-causes
60% feared negative
publicity
23% did not know police
equipped to handle
cyber crimes
9% feared further cyber
attacks
8% had no awareness of
cyber laws
False arrest concerns
Dr. Tabrez ahmad,
The Information Technology (Amendment) Act, 2008
has come into force on 27th October, 2009.
Almost Nine years and 10 days after the birth of cyber laws in
India, the new improved cyber law regime in India has
become a reality. The Information Technology Act initially
came into force on 17th October 2000 on the model
UNCITRAL of UNO 1996. Major changes to the IT Act 2000
have now come into force with effect from 27th October 2009.
There are around 17 changes and out of that most of the
changes relate to cyber crimes. The last decade has seen a
spurt in crimes like cyber stalking and voyeurism, cyber
pornography, email frauds, phishing and crimes through
social networking. All these and more are severely dealt with
under the new laws.
Some of the major modifications are:
1. A special liability has been imposed on call centers, BPOs, banks
and others who hold or handle sensitive personal data. If they are
negligent in "implementing and maintaining reasonable security
practices and procedures", they will be liable to pay compensation.
It may be recalled that India's first major BPO related scam was the
multi crore MphasiS-Citibank funds siphoning case in 2005. Under
the new law, in such cases, the BPOs and call centers could also be
made liable if they have not implemented proper security measures.
2. Compensation on cyber crimes like spreading viruses, copying
data, unauthorised access, denial of service etc is not restricted to
Rs 1 crore anymore. The Adjudicating Officers will have jurisdiction
for cases where the claim is upto Rs. 5 crore. Above that the case will
need to be filed before the civil courts.
3.The offence of cyber terrorism has been specially
included in the law. A cyber terrorist can be punished
with life imprisonment.
4. Sending threatening emails and sms are
punishable with jail upto 3 years.
5. Publishing sexually explicit acts in the electronic
form is punishable with jail upto 3 years. This would
apply to cases like the Delhi MMS scandal where a
video of a young couple having sex was spread through
cell phones around the country.

6.Voyeurism is now specifically covered. Acts like hiding
cameras in changing rooms, hotel rooms etc is punishable
with jail upto 3 years. This would apply to cases like the
infamous Pune spycam incident where a 58-year old man was
arrested for installing spy cameras in his house to 'snoop' on
his young lady tenants.
7. Cyber crime cases can now be investigated by Inspector
rank police officers. Earlier such offences could not be
investigated by an officer below the rank of a deputy
superintendent of police.
8. Collecting, browsing, downloading etc of child
pornography is punishable with jail upto 5 years for the first
conviction. For a subsequent conviction, the jail term can
extend to 7 years. A fine of upto Rs 10 lakh can also be levied.

9. The punishment for spreading obscene material
by email, websites, sms has been reduced from 5 years
jail to 3 years jail. This covers acts like sending 'dirty'
jokes and pictures by email or sms.
10. Refusing to hand over passwords to an authorized
official could land a person in prison for upto 7 years.
 11. Hacking into a Government computer or
website, or even trying to do so in punishable with
imprisonment upto 10 years.
12. Rules pertaining to section 52 (Salary, Allowances
and Other Terms and Conditions of Service of
Chairperson and Members),

13. Rules pertaining to section 69 (Procedure and
Safeguards for Interception, Monitoring and
Decryption of Information),
14. Rules pertaining to section 69A (Procedure and
Safeguards for Blocking for Access of Information by
Public),
15. Rules pertaining to section 69B (Procedure and
safeguard for Monitoring and Collecting Traffic Data or
Information) and
16. Notification under section 70B for appointment of
the Indian Computer Emergency Response Team.
17. Rules Rules pertaining to section 54 (Procedure for
Investigation of Misbehaviour or Incapacity of
Chairperson and Members),
Computer Forensics and Cyberforensics
Computer forensics is considered to be the use of analytical and
investigative techniques to identify, collect, examine, preserve
and present evidence or information which is magnetically
stored or encoded
A better definition for law enforcement would be the scientific
method of examining and analyzing data from computer storage
media so that the data can be used as evidence in court.
Media = computers, mobile phones, PDA, digital camera, etc.

Handling of Evidences by Cyber Analysts
Collect, Analyze and

Identify Observe & Verify
Organize
Preserve
Four major tasks for working with digital evidence

Identify: Any digital information or artifacts that can be
used as evidence.
Collect, observe and preserve the evidence
Analyze, identify and organize the evidence.
Rebuild the evidence or repeat a situation to verify the
same results every time. Checking the hash value.

WHY IS IT UNIQUE ?
MULTI DIMENSIONAL CHALLENGES

MULTI DIMENSIONAL CHALLENGE
TECHNICAL
OPERATIONAL
SOCIAL
LEGAL

TECHNICAL
TECHNOLOGY IS CHANGING RAPIDLY
CYBER CRIMES ARE ALSO CHANGING RAPIDLY
SYSTEMS AND CRIMES EVOLVE MORE RAPIDLY
THAN THE TOOLS THAT EXAMINE THEM

NEW
METHODOLOGIES
NEW
TOOLS
TECHNOLOGY
EVOLUTION
NEWER
DEVICES
OBSOLESENCE

Digital Evidence
Not obvious…….it’s most likely hidden on purpose
or needs to be unearthed by forensics experts
Criminals Hide Evidence Forensics Uncover Evidence

 Delete their files and emails  Restore deleted files and emails –
they are still really there!
 Hide their files by encryption,
password protection, or  Find the hidden files through
embedding them in unrelated complex password, encryption
files (dll, os etc) programs, and searching
techniques
 Use Wi-Fi networks and cyber
cafes to cover their tracks  Track them down through the
digital trail - IP addresses to ISPs
to the offender
The Crime Scene (with Computer Forensics)
 Similar to traditional crime scenes
 Must acquire the evidence while preserving
the integrity of the evidence
No damage during collection,

transportation, or storage
 Document everything
 Collect everything the first time
 Establish a chain of custody
 But also different…….
 Can perform analysis of evidence on

exact copy!
 Make many copies and investigate them
without touching original
 Can use time stamping/hash code
techniques to prove evidence hasn’t
been compromised
Dr. Tabrez ahmad,
TECHNICAL
Ubiquity Of Computers
Crimes Occur In All Jurisdictions
Training Law Enforcement Agencies Becomes a
Challenge
Technology Revolution Leads To Newer Systems, Devices
Etc..

OPERATIONAL
ALL DATA MUST BE GATHERED AND EXAMINED
FOR EVIDENCE
 GIGABYTES OF DATA
 PROBLEMS OF
 STORAGE
 ANALYSIS
 PRESENTATION..
NO STANDARD SOLUTION AS YET

SOCIAL
IT RESULTS IN
UNCERTAINITIES ABOUT EFFECTIVENESS OF
CURRENT INVESTIGATION TECHNIQUES
SUB OPTIMAL USE OF RESOURCES
PRIVACY CONCERNS

LEGAL
USES & BOUNDARIES OF DIGITAL EVIDENCE IN
LEGAL PROCEDURES STILL UNCLEAR
CURRENT TOOLS & TECHNIQUES NOT
RIGOROUSLY USED / CONTESTED IN COURT

TYPICAL TOOLS
EMAIL TRACER
TRUEBACK
CYBERCHECK
MANUAL

Current and Emerging Cyber Forensic Tools of Law Enforcement

EMAIL TRACER FORENSIC TOOL

FEATURES OF EMAIL TRACER
•Display of Actual Mail Content for Outlook Express, Eudora, MS
Outlook and mail clients with MBOX mailbox.
•Display the Mail Content (HTML / Text)
•Display the Mail Attributes for Outlook Express.
•Display of extracted E-mail header information
•Save Mail Content as .EML file.
•Display of all Email attachments and Extraction.
•Display of E-mail route.
•IP trace to the sender’s system.
•Domain name look up.
•Display of geographical location of the sender’s gateway on a world
map.
•Mail server log analysis for evidence collection.
•Access to Database of Country code list along with IP address
information.
EMAIL TRACING OVER WEB
AS A PRE-EMPTIVE TOOL

EMAIL TRACING SERVICE
Users can submit their tracing task to Email Tracer
through web.
Tracing IP Address upto city level (non-spoofed)
Detection of spoofed mail
Detailed report

SEIZURE & ACQUISITION TOOL
TRUEBACK

FEATURES OF TRUE BACK
DOS application with event based
Windowing System.
Self-integrity check.
Minimum system configuration check.
Extraction of system information
Three modes of operation:
- Seize
- Acquire
- Seize and Acquire

Disk imaging through Parallel port.
Disk imaging using Network Interface Card.
Block by Block acquisition with data integrity
check on each block.
IDE/SCSI, USB, CD and Floppy acquisition.
Acquisition of floppies and CDs in Batch mode.
Write protection on all storage media except
destination media.
Checking for sterile destination media.
Progress Bar display on all modes of operation.
Report generation on all modes of operation.
BIOS and ATA mode acquisition
ANALYSIS TOOL
CYBER CHECK

CyberCheck - Features
Standard Windows application.
Self-integrity check.
Minimum system configuration check.
Analyses evidence file containing FAT12, FAT16,
FAT32, NTFS and EXT2FS file system.
Analyses evidence files created by the following disk
imaging tools:
TrueBack
LinkMasster
Encase
User login facilities.
CyberCheck– Features (Contd …)
Creates log of each analysis session and Analyzing
officer’s details.
Block by block data integrity verification while loading
evidence file.
Explorer type view of contents of the whole evidence file.
Display of folders and files with all attributes.
Show/Hide system files.
Sorting of files based on file attributes.
Text/Hex view of the content of a file.
Picture view of an image file.
Gallery view of images.
Graphical representation of the following views of an
evidence file:
Disk View.
Cluster View.
Block view.
Timeline view of:
All files
Deleted files.
Time anomaly files.
Signature mismatched files.
Files created within a time frame.
Display of cluster chain of a file.
Single and Multiple Keyword search.
Extraction of Disk, Partition, File and MBR slacks.
Exclusive search in slack space.
Extraction of unused unallocated clusters and exclusion from
search space.
Exclusive search in used unallocated clusters .
Extraction of lost clusters.
Exclusive search in data extracted from lost clusters.
Extraction of Swap files.
Exclusive search in data extracted from Swap files.

File search based on file extension.
File search based on hash value.
Exclusion of system files from search space.
Data recovery from deleted files, slack space, used unallocated
clusters and lost clusters.
Recovery of formatted partitions.
Recovery of deleted partitions.
Exporting files, folders and slack content.
Exporting folder structure including file names into a file.
Exporting files on to external viewer.

Local preview of storage media.
Network preview of storage media using cross-over
cable.
Book marking of folders, files and data.
Adding book marked items into report.
Restoration of storage media.
Creating raw image.
Raw image analysis.
Facility for viewing Mailbox files of Microsoft Outlook
Express, Microsoft Outlook, Eudora and Linux Mail
clients.
Registry viewer.
Hash set of system files.
Identification of encrypted & password protected files.
Identification of steganographed image files.
Generation of analysis report with the following features.
Complete information of the evidence file system.
Complete information of the partitions and drive geometry.
Hash verification details.
User login and logout information.

Exported content of text file and slack information.

Includes picture file as image.
Saving report, search hits and book marked items for
later use.
Password protection of report. Print report.

ISSUES AHEAD..
&..
TECHNOLOGY BEHIND..

CASE #4
 A young girl had been involved in a series of
sexually explicit exchanges via instant
messenger system and email.
Upon investigation, the perpetrator was tracked
to the home of a 50 year old prominent local
physician.
Computers seized from the physician’s house
had 240GB hard disk each, full of files.

ISSUE #1
How to get convincing leads to go ahead with the
case in a short time from among the overload of
available material.

ADVANCED CONCEPT
SEARCH

ISSUE #2
Computers contained many password
protected/encrypted files.
How to get into these files in a short time.

PASSWORD CRACKING
GRID Enabled Password Cracker

PASSWORD CRACKING OF ZIP FILES USING GRID
CYBER FORENSICS LAB
INTERNET
GRID
GRID SERVER
FSL CBI
POLICE CRIME CELL

PASSWORD CRACKING OF ZIP FILES USING GRID
4. GRID SERVER SENDS

3. CLIENTS COMPUTES AND
RESULTS OVER INTERNET
SEND RESULTS TO SERVER
INTERNET
GRID
GRID SERVER
1.ZIPPED FILE SUBMISSION
CBI
2. SERVER FSL
RECEIVES AND
DISTRIBUTES TO POLICE CRIME CELL
GRID CLIENTS

ISSUE #3
However, the case took a twist when it came to light
that the doctor’s 13-year-old son and 15 year old
nephew had also been using the doctor’s account.
Who was at the keyboard then?

WHO’S AT THE KEYBOARD?
BIOMETRICS
A software driver associated with the keyboard
records the user’s rhythm in typing.
These rhythms are then used to generate a profile of
the authentic user.

FORENSIC STYLISTICS
A qualitative approach to authorship assesses errors
and “idiosyncrasies” based on the examiner’s
experience.
 This approach could be quantified through
Databasing.

STYLOMETRY
It is quantitative and computational method, focusing
on readily computable and countable language
features, e.g. word length, phrase length, sentence
length, vocabulary frequency, distribution of words of
different lengths.

….
REAL CYBER FORENSIC CHALLENGE IS YET TO COME..

Challenges faced by Law Enforcement
Awareness: Technology is changing very rapidly. So does the increase in

Cyber crimes, No proper awareness shared with regard to crime and latest
tools. People are so ignorant that makes it effortless for cyber criminals to
attack. People fear to report crimes and some crimes are not properly
recorded. The reason behind this is that the victim is either scared of police
harassment or wrong media publicity. For minority and marginalised groups
who already bear the brunt of media bias, reporting online harassment to
the police may simply draw further unwanted attention. The public is not
aware of the resources and services that law enforcement could provide
them if being a victim of crime or witness.

Technical Issues: Large amount of storage space
required for storing the imaged evidences and also for
storing retrieved evidence after analysis. Retrieved
evidence might contain documents, pictures, videos and
audio files which takes up a lot of space. Technical issues
can further be categorised into software and hardware
issues.

Software and Hardware Issues: The growth of Cyber crime as
given rise to numerous Forensic software vendors. The challenge
being to choose among them and no single forensic tool solves
the entire case, there are loads of third party tools available. So is
the case with Hardware tools, Most common and liable h/w tool
is the FRED. But when it comes to Mobile forensics it is a
challenge to decide the compatibility of different phones and
which h/w to rely on..

Future Course of Action
Recently China has been manufacturing mobile
phones that have cloned IME numbers which is a
current challenge faced in Mobile forensics.
Information sharing: Information sharing is a best

practice and can be accomplished by a variety of means
such as interacting with industry groups, attending
briefings, meetings, seminars and conferences, and
working actively with forensic bodies like CDAC..
Inadequate Training and Funds:
Due to the growing of cyber forensic tools law enforcement

does not get adequate training and awareness on innovative
tools. Training bodies are limited and are pricey. Insufficient
funding in order to send officers for training and investing on
future enhancements. Transfers and recruiting officers adds to
the loss of experienced staff and spending for training the
newcomers. Cases become pending in such circumstances.

Global Issues: Most of the IP addresses retrieved during
investigation leads to servers or computers located abroad which have
no identity, hence further investigations are blocked and closed.
Correspondence with bodies such as Google, Yahoo, Hotmail is quite
time consuming and prolong the investigations.
Wireless or Wi-Fi, Bluetooth, Infrared Issues: Latest wireless

technologies which provide internet connections causes exploitation
especially when it is not secured. This is the present technology
terrorists and radical activists exploit. This is another vulnerability
that law enforcement faces.
Future Course of Action (Contd.)
Mumbai Cyber lab is a joint initiative of Mumbai police and
NASSCOM –more exchange and coordination of this kind
More Public awareness campaigns
Training of police officers to effectively combat cyber crimes
More Cyber crime police cells set up across the country
Effective E-surveillance
Websites aid in creating awareness and encouraging
reporting of cyber crime cases.
Specialised Training of forensic investigators and experts
Active coordination between police and other law
enforcement agencies and authorities is required.

Do you have any question?

Thanks


BPRD Cyber Forensics Presentation

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BPRD Cyber Forensics Presentation

Uploaded by

Copyright:

Available Formats

Cyber Forensics

Training to Deputy SPs Organised by Bureau of

Dr. Tabrez ahmad, www.site.technolexindia.com,

130+ IDCs 134 Major Mail Servers

4.8 Mil. High DNS

Tele Density 24 per 1000 person

Dr. Tabrez ahmad,

Cybercrime occurs in a virtual-world

Dr. Tabrez ahmad, www.site.technolexindia.com,

Theft in Virtual-world (Cyber-theft):

Dr. Tabrez ahmad, www.site.technolexindia.com,

Dr. Tabrez ahmad, www.site.technolexindia.com,

Cyberst Data Protection

Dr. Tabrez ahmad,

Dr. Tabrez ahmad, www.site.technolexindia.com,

Dr. Tabrez ahmad,

Dr. Tabrez ahmad,

facilitating electronic communication and commerce.

Dr. Tabrez ahmad, www.site.technolexindia.com,

Under The It Act, 2000, All Governments, Central

And State, All Governmental Bodies Are

Dr. Tabrez ahmad, www.site.technolexindia.com,

Dr. Tabrez ahmad, www.site.technolexindia.com,

Right To Information Act

Government Would Now Not Be Able To Hide

Records Concerning E-governance

Dr. Tabrez ahmad, www.site.technolexindia.com,

Dr. Tabrez ahmad, www.site.technolexindia.com,

Legal recognition of digital signatures.

Dr. Tabrez ahmad, www.site.technolexindia.com,

Shall exercise supervision over the activities of Certifying

Dr. Tabrez ahmad, www.site.technolexindia.com,

Use of Electronic Records and Electronic

Signatures in Government Agencies.

 Publications of rules and regulations in the

MCA –21 Project- Usage of Digital Signatures

Dr. Tabrez ahmad, www.site.technolexindia.com,

Sending defamatory messages by email Sec 499, 500 IPC

Forgery of electronic records Sec 463, 470, 471 IPC

Bogus websites, cyber frauds Sec 420 IPC

Online sale of Drugs NDPS Act

Web-Jacking Sec. 383 IPC

Online sale of Arms Arms Act

Dr. Tabrez ahmad, www.site.technolexindia.com,

Offences which have not less than 3 years

Dr. Tabrez ahmad, www.site.technolexindia.com,

IT amendment Act 2008, Sec. 70-B(1)

Dr. Tabrez ahmad, www.site.technolexindia.com,

Dr. Tabrez ahmad, www.site.technolexindia.com,

Dr. Tabrez ahmad, www.site.technolexindia.com,

Dr. Tabrez ahmad, www.site.technolexindia.com,

Mrs. SONIA GANDHI RECEIVED THREATING E-

Dr. Tabrez ahmad, www.site.technolexindia.com,

Dr. Tabrez ahmad, www.site.technolexindia.com,

2 days ago Central University Koraput V C Mr.

Dr. Tabrez ahmad, www.site.technolexindia.com,

Dr. Tabrez ahmad, www.site.technolexindia.com,

Dr. Tabrez ahmad, www.site.technolexindia.com,

Dr. Tabrez ahmad, www.site.technolexindia.com,

Dr. Tabrez ahmad, www.site.technolexindia.com,

Collect, Analyze and

Four major tasks for working with digital evidence

Dr. Tabrez ahmad, www.site.technolexindia.com,

MULTI DIMENSIONAL CHALLENGES