CYBER LAW

By
Dayal Legal Associates

Corporate office Chamber No 209, Block - 1

Dayal Legal Associates Shershah Road,

ALTF Global, Delhi High Court, India Gate

1st Floor, Global Foyer Mall, New Delhi, Delhi 110503,

Sector 43, India

Golf Course Road, Gurgaon,

Haryana 122002, India. Email:

(Near sector 42/43 Rapid deepak@dayallegal.in

Metro Station, Golf dayallegalassociates2000@g

Course Road, Gurgaon) mail.com

Mobile: +91 9560732244

Website: www.dayallegal.in

Litigation office

CYBER LAW Page 1

 DISCLAIMER
NO PART OF THIS PUBLICATION MAY BE REPRODUCED OR COPIED IN ANY FORM BY ANY MEANS
WITHOUT PRIOR WRITTEN PERMISSION OF DAYAL LEGAL ASSOCIATES. DAYAL LEGAL
ASSOCIATES HOLDS THE COPYRIGHT TO ALL THE WORK CONTRIBUTED TO THIS PUBLICATION.

THE VIEWS EXPRESSED IN THIS PUBLICATION ARE PURELY PERSONAL OPINIONS OF THE

AUTHORS AND ARE NOT INTENDED TO HURT ANY SENTIMENTS OR BE BIASED IN FAVOR OF OR

AGAINST ANY PARTICULAR PERSON, COMMUNITY, SOCIETY, SEX, GENDER, RACE, CREED,

NATION, RELIGION AND SUCH REMOTELY AND PROXIMATELY RELATED TERMS. THOUGH ALL

EFFORTS ARE MADE TO ENSURE THE ACCURACY AND CORRECTNESS OF THE INFORMATION

PUBLISHED, DAYAL LEGAL ASSOCIATES SHALL NOT BE RESPONSIBLE FOR ANY ERRORS

CAUSED DUE TO OVERSIGHT OR OTHERWISE. THIS DISCLAIMER MAY CHANGE FROM TIME TO

TIME WITHOUT NOTICE, AND YET WILL ALWAYS BE APPLICABLE. PLEASE CHECK ALWAYS

BEFORE USING ANYTHING ON DAYAL LEGAL ASSOCIATES.

CYBER LAW Page 2

 EDITORIAL TEAM

EDITOR IN CHIEF

Mr. Deepak Dayal

MANAGING PARTNER, DAYAL LEGAL ASSOCIATES

EDITOR

KUMAR UTSAV

LEGAL INTERN, DAYAL LEGAL ASSOCIATES

CYBER LAW Page 3

 ABOUT US
DAYAL LEGAL ASSOCIATES’ ROOTS WAS FOUNDED BY MR. BISHAMBER DAYAL
IN 1919, IT WAS SET UP IN INDIA BY A GROUP OF EMINENT AND HIGHLY

EXPERIENCED LAWYERS, RENOWNED IN THE LEGAL FRATERNITY. THE FIRM

STARTED WITH THE AXIOM OF GETTING THE BEST OF EXPERIENCE AND

KNOWLEDGE UNDER ONE ROOF. COUPLED WITH SOME VETERAN PROFESSIONALS,

THE FIRM FOCUSES ON PROVIDING UNSURPASSED SERVICES WITH A DEFINITIVE

FOCUS ON THE CLIENT NEEDS. WE PROVIDE AN ARRAY OF SERVICES BOTH IN THE

NATURE OF LEGAL AND ADVISORY. WITH ON THE PANEL CIVIL AND CRIMINAL

LAWYERS, CHARTERED ACCOUNTANTS AND COMPANY SECRETARIES. DAYAL

LEGAL ASSOCIATES IS READY TO PROVIDE ANY LEGAL OR ADVISORY

PREDICAMENT.

CYBER LAW Page 4

 INDEX

S.NO CONTENTS PAGE NO

1 Cover Page 1-4

2 Index 5

3 Introduction 6-8

4 Chapter 1 - Cyber Law in India 9 - 10

5 Chapter 2 - Need For Cyber Laws 11

6 Chapter 3 - Information Technology ACT 12 - 16

7 Chapter 4 - Computer Forensic science and their needs 17 - 18

8 Chapter 5 - What is Cyber Crime & Computer Crime? 19

9 Chapter 6 - Technology Challenge in Cyber Crime 20

10 Chapter 7 - Computer Forensic Science & Cyber Laws need to 21 - 22

be modified/updated in various technologies

11 Conclusion & Recommendations 23 - 24

1. INTRODUCTION
Man has always been a social animal and more so now with the internet and the social media.
Human beings are now with the internet and the social media. Human beings are now Cyber
beings, choosing to spend a considerable amount of time in the cyber world. The rapid change
occurring in the present era of Information technology and the computer has gained popularity
in every aspect of our lives. This includes the use of Computer by persons involved in the
commission of crimes. Today, Computers play a major role in almost every crime that is

CYBER LAW Page 5

committed. Every crime that is committed is not necessarily a computer crime, but it does
mean that law enforcement must become much more computer literate just to be able to keep
up with the criminal element. .As the cyber world expands, cybercrime grows with it.
Cybercrime is complex, given that there are no geographical boundaries in the cyber world.
Actions on the internet have quick and far reaching consequences. Anonymity awarded by the
cyber space complicates matters further. Hence such activities cannot be satisfactorily handled
by conventional laws1.

Cyber law is the area of law that deals with the internet’s relationship to technological and
electronic elements, including computers, software, hardware and information systems. In
short, cyber law is the law governing computers and the internet. Its legislation focused on the
acceptable behavioral use of technology including computer hardware and software, the
internet and networks. Cyber law helps protect users from harm by enabling the investigation
and prosecution of online criminal activity. It applies to the actions of individuals, groups, the
public, government, and private organizations.2 Cyber law is the law governing this cyber space
and is important for anyone using the internet, be it organizations or individuals.

Cyber law is the part of the overall legal system that deals with the internet, cyberspace, and
their respective legal issues. Cyber law covers a fairly broad area covering several subtopics
including freedom of expression, access to and usage of the internet, and online privacy.
Generally Cyber law is referred to as law of internet3.

Cyber crimes include fraud, forgery, money laundering, theft, and other illegal activities
performed via computer hardware and software, the internet, and networks. Cyber law
investigates crimes perpetrated in the physical world but enabled in cyberspace. For example,
organized crime syndicates may face prosecution under cyber laws. In business, cyber law
protects companies from unlawful access and theft of their intellectual property.

Cyber law is important because it touches almost all aspects of transactions and activities on
and involving the internet, World Wide Web and cyberspace. Every action and reaction in

1
Indian Journal of Law [Manupatra]
2
https://online.norwich.edu/academic-programs/resources/cyber-law-definition
3
https://ciso.economictimes.indiatimes.com/amp/news/importance-of-cyber-law-
opinion/72450598

CYBER LAW Page 6

cyberspace has some legal perspectives. Cyber law encompasses laws relating to Cyber crimes,
Electronic and digital signatures, Intellectual property, Data protection and privacy.

The primary source of cyber law in India is the Information Technology Act, 2000 which came
into force on 17th October 2000. This Act provided legal recognition to electronic commerce
and was intended to facilitate filing of electronic records with the Government. The term
electronic commerce or Ecommerce is used to refer to electronic data used in commercial
transactions. Electronic commerce laws usually address issues of data authentication by
electronic or digital signatures.

Intellectual Property rights, as we traditionally know them, have undergone a sea change with
the development of new technology and the reach of the Internet. This includes copyright law
in relation to computer software, computer source code, websites, cell phone content etc.
Software and source code licenses come under the ambit of this law. Trademark law with
relation to domain names, meta tags, mirroring, framing, linking, etc. and patent law in relation
to computer hardware and software.

Data protection refers to the policies and laws which aim to curtail intrusion into privacy which
is caused mainly by the collection, storage and dissemination of one’s personal data. All the
information or data which relate to a person, who can be identified from that information or
data, is known as personal data of that individual. Privacy refers to the right of an individual
where one can choose the extent to which he or she would like to disclose information/data
which pertains to him or her. Some examples of sensitive personal data or information include
passwords, financial information such as bank account or credit card or debit card or other
payment instrument details; physical, physiological and mental health condition; sexual
orientation, medical records and history, biometric information, etc. The Supreme Court
recognizes that the right of privacy is a fundamental right.

There are three major categories of cybercrime; against individuals, against property and
against the Government. Crimes against individuals include cyber harassment and stalking,
various types of spoofing, credit card fraud, human trafficking, identity theft etc. Some online
crimes happen against property, such as a computer or server. These crimes include DDOS
attacks, hacking, virus transmission, cyber and typo squatting, computer vandalism etc. When a
cybercrime is committed against the government, it is considered an attack on that nation's

CYBER LAW Page 7

sovereignty and an act of war. Cybercrimes against the government include hacking, accessing
confidential information, cyber warfare, cyber terrorism and pirated software.

The importance and scope of Cyber law is ever increasing as we become more and more
dependent on the internet and the related technologies, for our day to day functioning as
individuals and as a society4.

2. CYBER LAW IN INDIA

Cyber law in India prevents any crime done using technology, where a computer is a tool for
cyber crime. The laws for cybercrime protect citizens from dispensing sensitive information to
a stranger online. Ever since the introduction to cyber laws in India happened, IT Act 2000 was
enacted and amended in2008 covering different types of crimes under cyber law in India. The
Act gives legal validity to electronic contracts; recognition of electronic signatures. The Act
explains the types of crimes and punishment5.

4
http://www.meity.gov.in/content/cyber-laws
5
The Information Technology Act, Author: S.R. Bhansali

CYBER LAW Page 8

Cyber law in India is not a separate legal framework. It’s a combination of Contract,
Intellectual Property, Data Protection, and privacy laws. With the computer and internet taking
over every aspect of our life, there was a need for strong cyber law. Cyber laws supervise the
digital circulation of information, software, information security, e-commerce, and monetary
transactions6.

The IT Act, 2000 addresses the gamut of new-age crimes. Computer technology, mobile
devices, software and the internet are both medium and target of such crimes. All traditional
criminal activities such as theft, fraud, forgery, defamation, and mischief are part of
cyberspace. These were already addressed in Indian Penal Code7.

2.1. Cyber Laws & their roles

Existing terrestrial laws against physical acts of trespass or breaking and entering often do not
cover their “virtual” counterparts. Computer – related crime is a real expanding phenomenon. It
seems very difficult to make only territorial laws applicable to online activities that have no
relevant or even determinable geographic location. Web pages such as the e-commerce sites
recently hit by widespread, distributed denial of service attacks may not be covered by outdated
laws as protected when it attempted to prosecute the perpetrator of the May 2000 Love Bug
virus, which caused billion of dollars of damage in worldwide 8. In India, Information
Technology Bill (1999) came into focus for regulating cyber world 9 to meet the challenges
posed by new kinds of crime possible by computer technology, many countries have also
reviewed their respective domestic criminal laws so as to prevent computer related crimes. The
legislations enacted by different countries cover only few of the classified computer related
offences.

6
https://www.myadvo.in/blog/what-is-the-cyber-law-in-india/
7
Internet Law, Author: Rodney D. Ryder
8
Curtis P A., Cowell L. " Cyber Crime": "The Next Challenge" in seminar at School of Law
Enforcement Supervision in November 12, 2000
9
Patil S V "Computer forensic Science" The proceeding of conference on E-security, February
18-19, 2004.

CYBER LAW Page 9

 3. NEED FOR CYBER LAWS
“The modern thief can steal more with a computer than with a gun. Tomorrows terrorist may
be able to do more damage with a keyboard than with a bomb”.

-National Research Council, USA “Computer at Risk”1991

Internet has dramatically changed the way we think, the way we govern, the way we do
commerce and the way we perceive ourselves. Information technology is encompassing all
CYBER LAW Page 10
walks of life all over the world. Cyber space creates moral, civil and criminal wrongs. It has
now given a new way to express criminal tendencies. “IT” has brought transition from paper to
paperless world. The laws of real world cannot be interpreted in the light of emerging
cyberspace to include all aspects relating to different activities in cyberspace. Internet requires
an enabling and supportive legal infrastructure in tune with the times. In today’s digital world
the world is becoming more and more digitally sophisticated and so are the crimes. Initially
Internet was developed as a research and information sharing tool and was in an unregulated
manner, as the time passed it became more transactional with e-business, e-commerce, e-
governance and e-procurement etc. All legal issues related to internet crime are dealt with
cyber laws. As the number of internet users is on rise, the need for cyber laws and their
application has also gathered great momentum. In today’s highly digitalized world, almost
everyone is affected by cyber law. For example almost all transactions in share are in demat
form. Almost all companies extensively depend upon their computer networks and keep their
valuable data in electronic form. Government forms including income tax returns, company
law forms etc. are now filled in electronic form. Consumers are increasingly using online
payment for transfer or money and shopping. Technology per se is never a disputed issue but
for whom and at what cost has been the issue in the ambit of governance. The cyber revolution
holds the promise of quickly reaching the masses as opposed to the earlier technologies, which
had a trickledown effect. Such a promise and potential can only be realized with an appropriate
legal regime based on a given social economic matrix.

4. INFORMATION TECHNOLOGY ACT

The Information Technology Act, 2000 came into force on 17 October 2000. This Act applies
to whole of India, and its provisions also apply to any offense or contravention, committed
even outside the territorial jurisdiction of Republic of India, by any person irrespective of his
nationality10. In order to attract provisions of this Act, such an offence or contravention should
involve a computer, computer system, or computer network located in India. The IT Act 2000

10
Information Technology ACT, 2002

CYBER LAW Page 11

provides an extraterritorial applicability to its provisions by virtue of Section 1(2) read with
Section 75. This Act has 90 Sections.

The Information Technology Act 2000 has tried to assimilate legal principles available in
several such laws (relating to information technology) enacted earlier in several other
countries, as also various guidelines pertaining to information technology law. The Act gives
legal validity to electronic contracts, recognition of electronic signatures. This is a modern
legislation which makes acts like hacking, data theft, spreading of virus, identity theft,
defamation (sending offensive messages) pornography, child pornography, cyber terrorism, a
criminal offence.

The Act is supplemented by a number of rules which includes rules for cyber cafes, electronic
service delivery, data security, blocking of websites. It also has rules for observance of due
diligence by internet intermediaries (ISP's, network service providers, cyber cafes, etc.). Any
person affected by data theft, hacking, spreading of viruses can apply for compensation from
Adjudicator appointed under Section 46 as well as file a criminal complaint. Appeal from
adjudicator lies to Cyber Appellate Tribunal11.

The main purpose of this act is to give legal recognition to electronic commerce and to
facilitate filing of electronic records with the government. Till now the Indian Law has not
given any definition to the term “Cyber Crime” and “Cyber fraud”. In fact the IPC does not use
the term “Cyber crime” at any point even after its amendment by the IT Act.

4.1. OFFRENCES UNDER IT ACT

Section 65 – “Tampering with computer source documents”

If a person knowingly or intentionally conceals, destroys or alters or intentionally or knowingly

causes another to conceal, destroy or alter any computer source code used for a computer,
computer programme, computer system or computer network, when the computer source code
is required to be kept or maintained by law for the time being in force.

Penalty - Imprisonment up to three years, or/and with fine up to RS 200,000

Section 66- “Hacking with computer system”

11
Information Technology ACT, 2008

CYBER LAW Page 12

If a person with the intent to cause or knowing that he is likely to cause wrongful loss or
damage to the public or any person destroys or deletes or alters any information residing in a
computer resource or diminishes its value or utility or affects it injuriously by any means,
commits hack.

Penalty - Imprisonment up to three years, or/and with fine up to RS 500,000

Section 66A and Restriction of Free Speech: From its establishment as an amendment to the
original act in 2008, Section 66A attracted controversy over its unconstitutional nature.

Section 66A – “Publishing offensive, false or threatening information”

Any person who sends by any means of a computer resource any information that is grossly
offensive or has a menacing character; or any information which he knows to be false.

Penalty- The purpose of causing annoyance, inconvenience, danger, obstruction, insult shall be
punishable with imprisonment for a term which may extend to three years and with fine.

Section 66B – “Receiving stolen computer or communication device”

A person receives or retains a computer resource or communication device which is known to

be stolen or the person has reason to believe is stolen.

Penalty - Imprisonment up to three years, or/and with fine up to RS 100,000

Section 66C- “ Using password of another person”

A person fraudulently uses the password, digital signature or other unique identification of
another person.

Penalty - Imprisonment up to three years, or/and with fine up to RS 100,000

Section 66D- “Cheating using computer resource”

If a person cheats someone using a computer resource or communication.

Penalty - Imprisonment up to three years, or/and with fine up to RS 100,000

Section 66E- “Publishing private images of others”

If a person captures, transmits or publishes images of a person's private parts without his/her
consent or knowledge.

Penalty - Imprisonment up to three years, or/and with fine up to RS 200,000

CYBER LAW Page 13

Section 66F- “Act of cyber terrorism”

If a person denies access to authorized personnel to a computer resource, accesses a protected

system or introduces contaminant into a system, with the intention of threatening the unity,
integrity, sovereignty or security of India, then he commits cyber terrorism.

Penalty - Imprisonment up to life.

Section 67 – “Publishing information which is obscene in e-form”

If a person publishes or transmits or causes to be published in the electronic form, any material
which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave
and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or
hear the matter contained or embodied in it.

Penalty - Imprisonment up to five years, or/and with fine up to RS 1,000,000

Section 67A – “Publishing images containing sexual acts”

If a person publishes or transmits images containing a sexual explicit act or conduct.

Penalty- Imprisonment up to seven years, or/and with fine up to RS 1,000,000

Section 67B- “Publishing child porn or predating children online”

If a person captures, publishes or transmits images of a child in a sexually explicit act or

conduct. If a person induces a child into a sexual act. A child is defined as anyone under 18.

Penalty- Imprisonment up to five years, or/and with fine up to RS 1,000,000 on first

conviction. Imprisonment up to seven years, or/and with fine up to RS 1,000,000 on second
conviction.

Section 67C – “Failure to maintain records”

Persons deemed as intermediary (such as an ISP) must maintain required records for stipulated
time. Failure is an offence.

Penalty- Imprisonment up to three years, or/and with fine.

Section 68 – “Failure/refusal to comply with orders”

The Controller may, by order, direct a Certifying Authority or any employee of such Authority
to take such measures or cease carrying on such activities as specified in the order if those are

CYBER LAW Page 14

necessary to ensure compliance with the provisions of this Act, rules or any regulations made
there under. Any person who fails to comply with any such order shall be guilty of an offence.

Penalty- Imprisonment up to three years, or/and with fine up to RS 200,000

Section 69 – “Failure/refusal to decrypt data”

If the Controller is satisfied that it is necessary or expedient so to do in the interest of the

sovereignty or integrity of India, the security of the State, friendly relations with foreign States
or public order or for preventing incitement to the commission of any cognizable offence, for
reasons to be recorded in writing, by order, direct any agency of the Government to intercept
any information transmitted through any computer resource. The subscriber or any person in
charge of the computer resource shall, when called upon by any agency which has been
directed, must extend all facilities and technical assistance to decrypt the information. The
subscriber or any person who fails to assist the agency referred is deemed to have committed a
crime.

Penalty- Imprisonment up to seven years and possible fine.

Section 70 – “Securing access to a protected system”

The appropriate Government may, by notification in the Official Gazette, declare that any
computer, computer system or computer network to be a protected system. The appropriate
Government may, by order in writing, authorize the persons who are authorized to access
protected systems. If a person who secures access or attempts to secure access to a protected
system, then he is committing an offence.

Penalty- Imprisonment up to ten years, or/and with fine.

Section 71- “Misrepresentation”

If anyone makes any misrepresentation to, or suppresses any material fact from, the Controller
or the Certifying Authority for obtaining any license or Digital Signature Certificate.

Penalty - Imprisonment up to three years, or/and with fine up to RS 100,000

CYBER LAW Page 15

 5. COMPUTER FORENSIC SCIENCE AND THEIR NEEDS

Computer forensic is a science of acquiring, preserving, retrieving and presenting data that has
been processed electronically and stored on computer media and according to Department Of
Justice Federal Bureau of Investigation (FBI),computer forensic includes formalized and
approved methodology to collect, analyze and present data in a court of law12.
12
Patil S V "Computer forensic Science" The proceeding of conference on E-security, February
18-19, 2004.

CYBER LAW Page 16

Computer forensic is needed due to the complex nature of electronic media. Traditional
forensic science technique will not work in recovering and compiling computer based
evidence. There is tremendous amount of fraud being committed using computers. Everyday
thousands of computer users are bombarded with tons of bogus email. There is always
someone on the internet typing to find a new victim to commit a crime against. There are fake
websites, phony on line auctions, credit card fraud and a host of other crimes. The percentage
of fraud is going up and people are losing thousands of dollars to cyber thieves. Attacks against
companies are also very rampant on the internet. Hackers and other such individuals are always
trying to compromise one system on the internet. It may range from a home user to a sensitive
government system. Hackers have been known to steal valuable information from e-commerce
systems and hold the information for ransom. Thus, all these various examples necessitate the
need for computer forensic to save cyber society.

5.1. Techniques of Computer Forensic

1. Email Forensic Techniques

As a result of e-commerce transactions and email communications over the internet, a new type
of virtual evidence has been created. Computer related investigations can involve the review of
email folder achieves to determine internet policy abuses in businesses or government
agencies. Using computer forensics procedures, processes and tools, the computer forensics
specialist can identify fragments of email messages that were dumped from computer memory
during past work sessions.

2. Internet Forensic Techniques

Since DOS and WINDOWS were never designed to be secure, Computer Scientists & Law
Enforcement personnel could easily obtain information about internet content, web browsing
and other activities from windows system. Even after data has been deleted, much information
remains available for discovery of the Windows swap file. Windows swap files are
dynamically created during the web session & then erased. These same files are then left
behind as a large erased file in unallocated spaces. Unless specifically defragmented and
written over, these erased swap files can be retrieved and archived for analysis.

3. Password cracking Techniques and Cryptanalysis

CYBER LAW Page 17

Password cracking is a problem facing by computer forensic scientist. Numerous programs are
available on the internet for cracking passwords, including the Password Cracking Library
(PCL) available at various web sites e.g. www.passwords-crackers.com.Cryptanalysis is one of
two branches of cryptology that is concerned with breaking and defeating cryptography.
Cryptanalysis can be an invaluable tool for Computer Forensic Scientists to penetrate encrypted
files and passwords and Cryptanalyst is the attacker who is concerned with eavesdropping and
breaking encrypted chipper text.

6. WHAT IS CYBER CRIME & COMPUTER CRIME?

The Encyclopedia Britannica defines Cyber crime as any crime that is committed by means of
special knowledge or expert use of computer technology. United Nation Manual on prevention
& Control of computer crime and Oxford Reference Online gives list of cyber crimes
committed over internet13. Cyber crime includes a wide variety of criminal offenses and
activities Because of lack of physical evidences investigating a cyber crime become very

13
Curtis P A., Cowell L. " Cyber Crime": "The Next Challenge" in seminar at School of Law
Enforcement Supervision in November 12, 2000

CYBER LAW Page 18

difficult. Scope of this definition becomes wider with a frequent companion or substitute term
“computer-related crime”. Cyber crimes are harmful acts committed from or against a
computer or network. Cyber Crimes differ from most terrestrial crimes in four ways:

 They are easy to learn how to commit.

 They require few resources relative to the potential damage caused.
 They can be committed in a jurisdiction without being physically present in it.
 They are often not clearly illegal.
 A criminal might use a computer to keep track of the robberies a person committed or the
drug person sold, which means that even stick-ups, breaking and entering and every drug
transaction could be considered a computer crime.

7. Technology Challenges in Cyber Crime

In the present era of information technology, the technology in World has become more
advanced; law enforcement agencies must provide their computer crime investigators with the
technology required to conduct complex computer investigations. Besides access to
technology, law enforcement agencies must also be given Forensic Computer support as many
computer crimes leave “footprints” on the computer as well as on the internet 14 Most
prosecutors also lack the training and specialization to focus on the prosecution of criminals
14
National ICT Security and Emergency Response Centre (NISER) "Is Cyber Crime reigning on
a no Man's land".

CYBER LAW Page 19

who use computer-based and Internet system as a means of committing crimes. Thus, they
must have a working knowledge of computer-based and Internet investigations if they are to
handle these crimes effectively.

A good example is a recent case in UK where a teenager was acquitted after being charged in
court for Distribution Denial of Service (DDOS) attack that crippled the Port of Houston, a US
web-based computer system. Denial of Service (DoS) attacks and more particularly the
distributed ones (DDoS) are one of the latest and most powerful threats that have appeared in
the world of networking. The wildly publicized DDoS attacks against Yahoo, eBay,
Amazon.com and the White House websites have revealed the vulnerability of well-equipped
networks.

There are two principal classes of attacks: Logic attacks & Flooding attacks. The logic attacks,
such as the “Ping of Death” exploit the existing software flaws to substantially degrade
network performance; the flooding attacks such as “Smurf” overwhelm the victim's CPU,
memory and network resources by sending a large number of spurious requests. In this paper,
we will focus only on flooding attacks15.

8. COMPUTER FORENSIC SCIENCE & CYBER LAWS

NEED TO BE MODIFIED/ UPDATED IN VARIOUS
TECHNOLOGIES

1. The Internet

The internet is joy for members of the law enforcement community. On one hand, it facilitates
one's ability to communicate and gather information. On the other hand, it enables the criminal
element to do the same. The criminal element actually embraced the benefits of the Internet
long before the law enforcement community did it and in some ways, the latter have resisted
15
Tomar P, "Defense & Solution against Denial of Services Attacks: A Challenges" Proceeding
of Second National Conference on Advanced Images Processing and Networking, organized by
Department of Computer Science and Engineering & IT, National Engineering College,
Kovilpatti, Tamilnadu , February 11th-12th,2005,page 201.

CYBER LAW Page 20

this tool [2]. However, these system protection tools, the software and hardware for defending
information systems are complex & expensive to operate.

2. Data Theft

Law enforcement is charged with the investigation of the theft of data from companies, but the
main concern of the law enforcement community is the protection of their own data and
unauthorized access to their files. This may require law enforcement agencies to bring in a
security consultant to be sure that their own data is secure from unauthorized access. The only
way to ensure that their system is totally safe is to not to have outside access to it [2]. If they
are connected to the Internet through phone lines through a network or a modem, one cannot
assume that their system will not be compromised at some point. Agencies can install fairly
simple monitoring systems on their systems that will signal them when there has been a
“knock” at the door. These security measures will also alert them to an actual intrusion.

3. Child Pornography

Child pornography distribution is a natural for the Internet. It offers anonymity and ease of
transferring images and text. Child Pornographers trade images of very young children,
depending on their preferences, to other pornographers that will trade them to others or simply
keep them for their own collection.

4. White Collar Crime

Encyclopedia Britannica defines White Collar Crime as crimes committed by persons of

relatively high social or economic status in connection with their regular occupation. Though
crimes such as stalking and pedophilia make the headlines, the majority of computer crime is
white collar in nature, involving the theft of credit cards, money, identity, or intellectual
property such as software or data.

CYBER LAW Page 21

 9. CONCLUSION
Computers add a new dimension to criminal law, presenting many issues for law enforcement.
At the front of law enforcement concern is the necessity to secure adequate training to combat
these crimes. This requires additional resources. The technical sophistication needed to follow
new methods surpassing traditional methods of investigation. In some cases data are encrypted,
making it difficult for police authorities to get the contents of the information. Corporations
may fear the negative publicity that might result as a consequence of their systems being
compromised. In many cases, unauthorized computer access may go undetected by the
individual or entity whose computer system had been invaded. Though not all the peoples are
CYBER LAW Page 22
victims to cyber crimes but they are still at risk. The nature of electronics evidence is such that
it poses special challenges for its admissibility in court. To meet these challenges, it is
imperative to follow proper forensic procedures. These procedures include, but not limited to,
four phases: collection, examination, analysis and reporting. This article emphasizes on Role of
cyber laws to save cyber society of 21st century from cyber crime by developing strong cyber
laws worldwide. Experts, who investigate only cyber crime are required to stop the cyber
crime. To improve law and forensic science technique officers should be trained to become
more literate about cyber world. Proper forensic procedures and techniques go hand in hand
with good forensic tools, the evidence may be compromised or destroyed.

RECOMMENDATIONS
To avoid the cyber crime some improvement are suggested here to protect the nations:

 Organization should secure their networked information by using different Technology

 Laws to enforce property rights work only when property owners take reasonable steps to
protect their property in first place.
 Governments remain the dominant authority for regulating criminal behavior in most
places in the world. One nation already has struggled from, and ultimately improved, its
legal authority after a confrontation with the unique challenges presented by cyber crime
[1]. It is crucial that other nations profit from this lesson, and examine their current laws to
discern whether they are composed in a technologically neutral manner that would not
exclude the prosecution of cyber criminals.
 Organizations, governments, civil society and cyber society should work cooperatively to
strengthen legal frameworks for cyber security and cyber laws
 A model approach is underway in the Council of Europe comprising 41 countries to craft
an international Convention on Cyber Crime. The Convention would address illegal
access, illegal interception, data interference, system interference, computer-related
forgery, computer-related fraud, and the aiding and abetting of these crimes.

Computer Forensic Tools:

CYBER LAW Page 23

Net Threat Analyzer: A tool that is designed to help police and other law officials analyze the
internet history of computer users.
GetSlack: This tool is used to retrieve file slack information. As discussed before, file slack
contain very valuable information and can be very helpful to investigators.
DeriveSpy: This tool can perform a verity of forensic functions. It can be installed to collect
evidence as it occurs, examine disk partitions, process hidden and deleted file, create exports
and a host of other features.
Image: This tool is designed to create copies of floppy disks that are suitable for forensic
analysis. It uses a MD5 checksum to maintain integrity.
PD Block: This tool is designed to block physical writes to disk derives during an
investigation.

CYBER LAW Page 24