Cyber Forensics in India

by

Team
name :
GPJN
Date: Class : Second year
16-Nov-09 M.Tech
Name Qualification Email ID Contact no.
Ganesh BTech(IT) dnp.ganesh@isim.ac.in 9008176826
Priyanka BTech(CSE) priyanka@isim.net.in 9379398748
Jahfer BTech(CSE) jahfar@isim.net.in 9947693324
Nikesh M.Com, M.L.I.Sc nikesh@isim.net.in 9742788109

Introduction:
India is embracing digital technologies at par with global developments, in more and more areas
to simplify human life and bring efficiency in governance. But as the two sides of a coin this has
given birth to a new genre of cyber crimes and a new breed of criminals. The increasing use of
ICT by the criminals, insurgents and terrorists has necessitated a re-look at the criminal justice
system to tackle the impact of the new technologies on the society and the crime patterns. Crimes
evidences are in electronic form, and this has led to the development of a new discipline
computer forensics, also called digital forensics or cyber forensics. This paper examines the need
and importance of cyber forensics, its challenges, tools that are being used, and the state of the
art scenario with special reference to India.
Cyber forensic: Definition
“The use of scientifically derived and proven methods toward the preservation, collection,
validation, identification, analysis, interpretation, documentation and presentation of digital
evidence derived from digital sources for the purpose of facilitating or furthering the
reconstruction of events found to be criminal, or helping to anticipate unauthorized actions
shown to be disruptive to planned operations”.
               (Digital Forensic Research Workshop (DFRWS), 2001)
 
There are two distinct areas in cyber forensics, computer forensics and network forensics. The
first deals with gathering evidence from computer media seized at the crime scene. The second
concerns itself primarily with in-depth analysis of computer network intrusion evidence.
Currently available commercial intrusion analysis tools are inadequate to deal with today's
networked and distributed environments.
Importance of cyber forensics
The rate of criminal activities in the cyber world is increasing at a rapid pace. Be it phishing,
hacking, spreading malicious content, or pornography. Also cybercrimes are getting more
sophisticated and there seems to be no end to it. To fight this battle for the benefit of the world,
there is a need for effective cyber forensics.
 
President Clinton’s impeachment trial is a best example which has gained word wide attention.
Using cyber forensic methods, experts recovered deleted data from Monica Lewinsky’s home
computer as well as computers at the white house. Computer examinations of deleted white
house e-mail records exposed the Clinton-Monica Lewinsky scandal.
In India, Sections 65, 66 and 67 of IT Act, 2000, lay down offences that are punishable under
law. However, linking crime to a criminal is a major challenge in the cyber crime scenario. The
evidence available is digital in nature and special techniques and methods are needed to be
adopted for collecting evidence and presenting it to the court. Traditional forensics science
methods and tools are not sufficient in many of the cyber crime scenarios.
Challenges
1.               Technical Challenges
-Crimes evolve more rapidly than the tools that examine them.
-Ever-increasing digital storage capacity comes as a hurdle in the time and effort required during
the analysis.
2.               Operational Challenges
-Difficulty in gathering data from networked computers from different locations and countries.
-Lack of physical evidence and acceptance of digital evidence at the court of law
-Volatile and prone to modification. Difficult to gather from deleted files.
3.               Social Challenges
-Privacy.
-Effectiveness of current investigation techniques.
4.               Legal Challenges
-There is no clear cut mentioning about the digital evidences in the evidence act.
-Current tools & techniques are not rigorously used / contested in court.
Cyber forensics in India - Present scenario 
The Information Technology Act, 2000 is the legislation which governs India’s Cyberspace. It is
popularly called the country’s Cyber law. The latest amendment bill was brought in December
2008 and enacted in October 2009 by incorporating provisions to treat cyber forensic devices and
tools used for cracking cyber crimes as evidence in a court of law. In order to strengthen the
cyber forensic activities Govt. of India and state Govt. have set up various systems and entrusted
various agencies to device tools and carry out cyber forensic tests for various law enforcing
agencies.

Cyber Forensics Labs

Centre for Development of Advanced Computing(C-DAC)
C-DAC acts as a resource centre for computer forensics and provides training on cyber forensics
methods and practices. C-DAC has developed and released some tools. They are
CyberCheckSuite –disk forensics tools for acquisition and analysis of digital evidence.
NetForce –It comprises of NetworkSessionAnalyzer for analyzing and reconstructing network
packets,
CyberInvestigator –It is for forensics analysis of various kinds of logs and EmailTracer for
identifying the sender of e-mail.
‘DeviceAnalyst’ –it is a package having tools for acquiring and analyzing digital evidence from
PDA’s and smart phones.
TrueBack –It is having features for disk imaging and analysis with these set of tools.
DataRec –It is a new tool released for advanced data recovery.
Hasher – It is a tool for computing hashes and
E-mail Tracer –It is a specialized tool for tracing mails.
C-DAC has handed over more than 200 copies of CybercheckSuite to Law enforcing agencies in
India. It has also conducted more than 25 basic and advanced level training programmes on
Cyber Forensics to LEAs. It also analyzed more than 200 cyber crime cases and submitted
technical reports to different courts in India.
Central Forensic Science laboratory:
Computer Forensic division started functioning from January-2004. The division provides
facility for examination of offline Computer/digital storage media and other similar devices. Its
main objectives are preservation, identification, extraction and documentation of computer
evidence in various Computer related crimes (email tracing, pornography, human trafficking,
corporate frauds etc.) forwarded to the laboratory. The deleted data can be retrieved without
tempering date & time tag by use of various professional hardware/software tools validated by
courts of Law.
Other Initiatives:
Organizations like Police Academies, CBI, Indian Computer Emergency Response Team
(CERT-In), Controller of Certifying Authority, NCRB, and Regional Police Computer Training
Centers etc conduct regular training programmes for imparting training to the police officials for
preventing cyber crimes in the country. The Department of information Technology has provided
grants to CBI and Kerala Police to set up Cyber forensic labs for investigation of cyber crimes
and these labs will also be used for training of police officers. Three Central Forensic Science
Laboratories (CFSLs) and three Government Examiners of Questioned Documents Laboratories
(GEsQD) under the Directorate of Forensic Science (DFS) are having good facilities for
providing forensic analytical support to the investigating agencies. These laboratories under the
DFS regularly conduct training programmes throughout the year for the benefit of law
enforcement agencies and train them in search and seizure methods for handling cyber crimes
and internet crimes, e-mail investigations, mobile phone forensics etc. The Government has also
conducted several awareness and training programmes on cyber laws and cyber crimes for
judicial officers and Law enforcement agencies. Further, under XIth Five Year Plan, a provision
of Rs. 10 core has been sanctioned to set up a National Training & Resource Centre for Cyber
Forensics under the Directorate of Forensic Science.
Public- private partnership efforts: Truth Labs
Facilities in Government Forensics Labs are inadequate to meet the requirements of nearly six
lakhs cases every year. So Government has decided to encourage private participation in this
area. Bureau of Police Research and Development is set up a sophisticated lab with private
participation, namely Truth Lab.
Perry4Law
Perry4Law is the “First and Exclusive” Techno-Legal and Cyber Forensics Firm of India in
private sector. It provides a wide variety of Techno-Legal Service including Cyber Forensics
Services. Being the only Cyber Forensics Firm of India, it has developed “Domain Specific”
Cyber Forensics Capabilities and Expertise.
 
Other Measures to aid cyber forensic activities
Cyber Forensics in Cyber cafes
In India, there are around 46 million Internet users and 200,000 cyber cafes. The Indian
government has asked cafe owners to authenticate Internet users through their identity cards and
to place CCTV (closed circuit TV) cameras in the cyber cafes. Cyber forensic audits at cyber
cafes can play a pivotal role in dissuading criminal use of the cyber cafes.. The meta-data of the
files or any document can be analyzed and matched with the log maintained by the cyber cafe.
Mobile Phone
As per the Govt. of India directions, every cellular providers need to verify customer’s identity
before providing connections. Using various tracking mechanisms, it is possible to trace the call
details. Once identity of a person is authenticated, it will be helpful in identifying the culprits
who have committed the crime.
Critical application areas: Terrorism
Cyber forensics has been employed in investigating many individual, corporate and Government
officials’ related crimes. Terrorism investigation is one of the critical areas in which cyber
forensics are employed recently in India. In high profile cases and incidents, such as the
Parliament attack at New Delhi in 2001, the Mumbai serial train blasts in 2006, and the 26/11
Mumbai attacks, cyber forensics played a decisive role in gathering e-evidence and collating the
sequence of events for the prosecution of the suspects. This also provided the necessary
breakthroughs and insights of how terrorists are masking their identities and executing their
plans. Detailed post-event forensics generates information and evidence chain that facilitate
monitoring and tracking.
Cyber forensics techniques can also be employed in pre-event detection of cyber terrorism by
employing packet level forensics and real time data mining forensics to isolate patterns based on
previously known ‘suspicious entities or new ones.
Cyber forensics in steganographic and encrypted messages:
This is a challenging area for the investigators. There are, however, various technological tools
available that can be used to analyze and mine the traffic movement of packets from ISPs
(Internet service providers) for steganographic and encrypted messages. Here, the key is the
integration of the technologies of business intelligence with cyber forensics to facilitate effective
analysis and pattern-depiction.
Future Trends

Development of mobile forensic tools:

At present Law enforcing agencies including the Federal Bureau
of Investigation is using EnCase, a mobile forensic tools
developed by an International company. Also, an effective tool
to track crimes committed using Blackberry and other new
technologies like 3G is not yet available in the Indian market.
The main issue with Blackberry service is that it is being routed
through a server outside the country and hence the
law-enforcement agencies have limitations in tracking crimes
committed using Blackberry.
CDAC, Thiruvananthapuram is developing a set of mobile
forensic tools for the law enforcement agencies. These software
based tools would be comprehensive which could even deal with
advanced technologies like 3G and Blackberry mobiles.
Another important area is detection of trends and patterns from the sea of data gathered from
logs and packets along with link analysis. It is a big challenge in itself and can only be executed
through technologies such as data and text mining, natural language processing, etc.
Conclusion:
The ICT revolution has not only affected our social and economic life, it has also impacted on
how the criminals commit crime. We have to prepare our criminal justice system to deal with the
emerging situation. IT act and evidence act should be modified without much delay by
incorporating provisions to tackle latest Cyber threats. The present level of manpower and
resources in computer forensic laboratories are insufficient to meet even the current levels of
requirement. It calls for an overhaul of the system. Computer forensic laboratories must be
strengthened with skilled manpower and latest equipments and software. Computer forensics
must be central to the modernization of the police force. At the same time, the public prosecutors
must be trained to present electronic evidences in a sound manner, and to argue the case in the
cyber crimes. Unless we tackle the cyber crimes effectively, bring the offenders to book, and
keep cyber crimes under control, the growth of the ICT in the country will be seriously
hampered. It will undermine our efforts at e-commerce and e-governance.
 
References:
 
1.   Vacca, Johan R: Computer Forensics : Computer crime Scene investigation,
Charles River Media , 2005
2.   Shinder,Debra: Computer Forensics hand book,  Syngress Shinder Books, 2005
3.   http://www.pib.nic.in/release/release.asp?relid=47959
4.   http://www.thehindu.com/2009/08/30/stories/2009083055381000.htm
5.   http://dfs.gov.in/CFSLHyderabad/laboratorycfslhyderabad.htm
6.   http://www.cbi.nic.in/cfsl/cfsldivision.htm#comp
7.  
http://www.thaindian.com/newsportal/uncategorized/the-history-and-future-of-cybe
r-law-of-india_100157411.html
8.  
http://www.apc.org/pt-br/blog/development/all/cyber-forensics-india-kindly-help-na
tional-consens
9.   http://www.thomex.com/product-news/cybercheck-suite-version/index.html
10. http://www.cdac.in/html/press/1q08/prs_rl173.asp