One day Interaction Program for

Faculty Members & Sr. Technocrats, on

“Cyber Security & Data Protection” at
Malaviya National Institute of Technology (MNIT), Jaipur
Department of Computer Science & Engineering
Conducted by: DR CBS CYBER SECURITY SERVICES LLP
Resource Persons:
Dr. C B Sharma IPS R. M.Sc., M.A., LL.B., Diploma in Cyber Law, Ph.D
Certified Lead Auditor, ISMS (ISO/IEC 27001:2013) ,
Member Data Security Council of India (DSCI)
Mrs. Swati Vashisth M.B.A(CSE), B.E. (CSE), Diploma in Cyber Law
Certified Lead Auditor, ISMS (ISO/IEC 27001:2013)
Certified Ethical Hacker (CEH), Member Data Security Council of India (DSCI)
Mr. Sachin Sharma M.Tech(CSE), B.E. (CSE), Diploma in Cyber Law
Certified Lead Auditor, ISMS (ISO/IEC 27001:2013)
Certified Ethical Hacker (CEH), Member Data Security Council of India (DSCI)
Mr. Mudit Chaturvedi M.Tech(CSE), B.Tech(CSE), Diploma in Cyber Law
Certified Lead Auditor, ISMS (ISO/IEC 27001:2013) ,
Certified Ethical Hacker (CEH) , Member Data Security Council of India (DSCI)
10:00 AM – 04:30 PM 20 DEC 2019
1/4/2020 1
 ॐ सह नाववतु । सह नौ भुनक्तु ।
सह वीर्यं करवावहै ।
तेजस्वव नावधीतमवतु |
मा स्वस्िषावहै ।
ॐ शास््तिः शास््तिः शास््तिः ॥
कठोपनिषद्
हे सवव शस्क्तमान परमात्मा आपसे प्रार्वना है कक आप हम दोनों
(वक्ता एवं स्विान श्रोता गण ) की सार् सार् रक्षा करे , सार् सार्
पोषण करे , सार् सार् ऊजाव प्राप्त करे , हम दोनों के स्िए आज़ इस
स्ववमर्यकारी कक्तु सत्र्य, आभासी वावतस्वकता स्वषर्य पर होने
वािी र्यह ज्ञान चचाव तेजमर्यी हो और हम दोनों परवपर िेष न करें |

1/4/2020 2
 I Session
1. Cyber Security

2. Data Security

3. Legal Mandate & International

Standardization

4. Cyber Offences
4 January 2020
3
Cyber
• Cyber is the name given to the
‘characteristic of the culture of
computers, information technology,
and virtual reality’.

4 January 2020 4
Security
• The state of being free from danger
or threat.
• Protection of information from
gaining unauthorized access into the
information system, its use, edit,
destruction etc.

4 January 2020 5
legal Definition :
Cyber Security (Information Security ) :
• Protection of : Information , Equipment, Devices ,
Computer resource, Communication device and
Information stored therein
• From: Unauthorized access , Use , Disclosure , Disruption
, Modification or Destruction.
• Through : The technologies, processes and practices
• To : Ensure preservation of confidentiality, integrity
and availability .

(Section 2(nb) in the Information Technology Act, 2000 )

4 January 2020 6
Section 2(v) in the Information Technology Act, 2000

Information :
includes data, message, text, images,
sound, voice, codes, computer
programmes, software and data
bases or micro film or computer
generated micro fiche;

4 January 2020 7
Section 2(o) in the Information Technology Act, 2000

Data:
means a representation of information, knowledge,
facts, concepts or instructions which are being
prepared in a formalized manner, and is processed,
in a computer system or computer network, and
may be in any form printouts magnetic or optical
storage media, punched cards, tapes or stored
internally in the memory of the computer;

4 January 2020 8
Need of IT (Cyber) Security
• To maintain
A. Confidentiality
B. Integrity
C. Availability
D. Non Repudiation
of Information or Communication.

4 January 2020 9
Use of Computer resource in daily life
1. Computer /Laptop / Tablet/ Palmtop
2. Mobile / smartphone
3. Internet /Wi -Fi / hots pot
4. Social Media Platform
(YouTube/Google/facebook/whatsapp/twitter/ins
tagram etc.)
5. ATM/Debit / Credit Cards
6. E- Banking, E-Wallet, Paytm, Phonpe
7. Online shopping (flipkart, Amazon,snapdeal,
etc.)
8. Email, Website, Mobile Applications.

1/4/2020 10
Information Technology (Cyber) Security is
Protection of :
• Data created/prepared by computer
• Data written on a paper sent by fax
• Data received through network
• Data transmitted across networks
• Data stored in computers, disks & micro film
• Data printed out
• Data spoken on telephone / Smartphone

4 January 2020
11
 What is Cyber Crime?
साइबर अपराध क्र्या है ?
• Cyber crime: is Illegal use of computer or Computer
system or computer networking or computer
resources or communication devices for illegal
activities, where any of the computer resources is
either a Target or a Tool or is incidental to crime.
• साइबर अपराध: कं प्र्यूटर र्या कं प्र्यूटर प्रणािी र्या कं प्र्यूटर नेटवर्ककग र्या
कं प्र्यूटर साधनों र्या संचार र्युस्क्त का अवैधास्नक कार्यो के स्िए
अवैधास्नक तरीको से प्रर्योग करना, जहााँ कं प्र्यूटर साधनों में कोई भी
अपराध का जररर्या र्या िक्ष्र्य र्या आनुषंस्गक हो |

4 January 2020 12
 Computer as a tool
INTERNET BASED MOBILE BASED NETWORK BASED
Website hacking/web jacking Threatening, abusing Wi-Fi issues
Pornography ,stalking bullying,
IP spoofing/ MAC spoofing
E-Mail Issues (Unauthorized access, fake blackmailing,
Man in the middle attack
mails, ID hacking, Mail bombing) defamation, privacy
Denial of service attack
issues
Threatening, abusing ,stalking ,bullying, Proxy Servers
Fake VOIP calls
blackmailing, Morphing defamation, privacy
M-Commerce Frauds
issues
Theft of mobile
Copyright issues, Piracy, information theft
devices/digital devices
Privacy and Data theft
Internet relay chat
Phishing/online lottery
Social networking
Social networking issues
issues
Identity theft Pornography
Internet relay chat Cyber Defamation
E-Commerce frauds Targeting Society, (cast,
(Online Banking, ATM, debit/credit cards) religion, state, nation)
Cyber Defamation Targeting Society, (cast, Online gambling /
religion, state, nation) Online Selling of Drugs
Online gambling / Online Selling of Drugs, & narcotics
narcotics, arms Cyber Terrorism
Cyber Terrorism
Online Dating Scams
4 January 2020 13
 Computer as a target

System Hacking Data Theft & Data Leakage

Virus Dissemination Data diddling & Salami

Unauthorized access Attack
Tampering the source code Copyright & piracy issues
and data Unauthorized access
Forgery
Password breaking
Denial of service attack
Damaging Critical IT
Infrastructure

4 January 2020 14
Types of Cyber Crime (As per victim)
• Against individual :
Hacking , abusing, identity theft, fake id/pages, cyber stalking,
bullying, harassment, blackmailing, cheating, impersonation,
Banking/ Phishing and social engineering crimes etc.
• Against society :
Targeting any society, caste/ religion related issues, rumors
against any society, spreading and publishing anti-social and
spiritual things where emotions of any specific society are
attached with it etc.
• Against corporate :
Hacking, data theft, copyright issues, piracy, E-commerce issues,
phishing, reputation and brand value issues, hacking of email,
websites and portals etc.
• Against Nation :
Cyber terrorism, damaging critical IT infrastructure, Hacking of
government websites & portals etc.
4 January 2020 15
 Common Cyber Threats
1. Hacking / Breaking : अनाधिकृत पहुँच
2. Fake news/ Rumors: अफवाहे
3. Trolling : छोटा दिखाने या ववचलित करने के लिए अपमान
जनक या भड़काऊ मेसेज
4. Stalking/ Bullying : डराने या परे शान करने के लिए िमकी
भरा मेसेज
5. Grooming : यौन या तस्करी के उद्िे श्य से बच्चे से
भावनात्मक सम्बि बनाकर ववश्वास में िेना
6. Defamation/ Impersonation/ : मानहानन, पहचान चोरी
7. Email Bombing/ Denial of Service Attack/ Logic Bomb/ Junk
Mail : सेवा का आक्रमण
8. Hate Speech : समह ू , नस्ि , िमम या जानत को अपमान
जनक भाषण
9. Internet Relay Chat (IRC) Crime : चैट पर बातचीत कर बहिा-
फसिाकर
4 January 2020 अपराि फसाना 16
 Continue…
10. Human Trafficking : श्रम , यौन शोषण , या अन्य व्यवसानयक कायम के लिए
मानव तस्करी / व्यापार
11.Online Gambling : ऑनिाइन जआ
12.Pornography ( Explicit Nudity / Obscene / Sexually organs ) / Revenge Porn:
नग्नता/यौन अंगो / अश्िीिता या कामकता िशामने वािा धचत्रण
13.Privacy and Sensitive Content: गोपनीयता एवं सवेिनशीि सामग्री यथा खाता
संख्या , मेडडकि दहस्री आदि
14.Piracy, Copyright and Intellectual Copyright Issues : सादहत्यक व ् बौद्धिक
चोरी
15. Malicious Files and application/ Malware / worm : िभामवनापूणम सॉफ्टवेर
में कोई ऐसा प्रोग्राम या फाइि जो कंप्यट ू र या कंप्यट
ू र प्रणािी को हानन
पहुँचाने के लिए कंप्यटू र संशािनो में भेजी जाती है जैसे वायरस , रोजन हॉसम,
स्पाई वेयर आदि
16.Cruelty Post ( Human/ Animal/ Birds) : मनष्य / जानवर / पक्षियों के प्रनत
क्रूरता / िव्यमवहार /उपेिा िशामने वािा फोटो , ववडडयो , िेख आदि
17.CyberSquatting : अनाधिकृत िाभ प्राप्त करने के लिए प्रलसद्ि कम्पनी के
नाम से लमिता कोई डोमेन (वेबसाइट का url खरीिना )
18.Cyber Slurring : ककसी व्यक्तत ववशेष के बारे में इन्टरनेट पर अप्रनतक्ष्ित एवं
अवांछनीय दटपण्णी करना
4 January 2020 17
 Continue…

19.Phishing : नकिी वेबसाइट को ककसी असिी साईट की तरह प्रिलशमत कर िोके से

ककसी व्यक्तत का नाम, पासवडम , क्रेडडट काडम वववरण , बैंक खाता वववरण आदि
प्राप्त करना |
20.Social Engineering [ Human/ Computer/ Mobile based]: ककसी व्यक्तत को
मनोवैज्ञाननक तौर पर अपनी बातो पर िाकर ककसी व्यक्तत ववशेष या वास्त
ववशेष के बारे में गोपनीय सचना प्राप्त करना
21.Snooping : ककसी के व्यकनतगत या कम्पनी के डाटा का अनधिकृत प्रवेश
22.Spoofing: अपनी id के बजाय िसरे की फजी id उपयोग कर कायम करना
23.Spamming : अवांछनीय / ववज्ञापन सन्िे श को एक साथ कई बार भेजना
24.Trojan Attack/ Trojan Horse Attack : कंप्यट
ू र लसस्टम में िोके से िभामवनापण ू म
सॉफ्टवेर डािकर गप्त तरीके से सचना प्राप्त करना / कंप्यट ू र को नकसान
पहं चाना |
25.Typo Squatting / Web Jacking : चधचमत ब्ांड या कंपनी के url में हल्का पररवतमन
कर िोखा िे ने की ननयत से url बना िेना जैसे : google.com की जगह
gooogle.com बना िेना
26.Banking Frauds (Online banking, online shopping, bank cards ): बैंक / ववत्तीय
संस्थान में जमाकतामओ के िन को िोकािडी से ऑनिाइन सािनों के अवैि
उपयोग
27.Nigerian Scam : (नाइजेररयन घोटािा) वविे शो से बड़ी रकम लमिने का िोका
िे कर एडवांस टै तस / खचाम आदि का कहकर बैंक खाते में रकम जमा करवा िेन
4 January 2020 18
ा
 Continue…
28. Data Didling : डाटा को कंप्यट
ू र में डािने से पहिे बिि दिया जाता है क्जस से
डाटा की ककसी चीज की गणना में िोकािडी होती है एवं उसके बाि डाटा को
वापस बिि कर मूि रूप में कर दिया जाता क्जस से हे राफेरी पकड में नहीं आती
है
29. Forgery: जािसाजी : िस्तावेज़ , हस्तािर, बैंक नोट आदि की नक़िकक्रया
30.Job Frauds : नौकरी का झांसा िे कर पैसे फीस / खचाम आदि के रूप में पैसे की
मांग
31.Insurance Frauds: बबमा कंपनी से डाटा चराकर सम्बक्न्ित अधिकारी के रूप में
फोन करके बैंक खाता की डडटे ल्स प्राप्त कर , खाता हे क कर पैसा ननकािना
32.Refund Frauds : िन वापसी / इनकम टै तस ररफंड / ऑनिाइन शौवपंग ररफंड
आदि का िोका िे कर बैंक खाता की डडटे ल्स प्राप्त कर , खाता हे क कर पैसा
ननकािना
33.Lottery Frauds : अजनबी ईमेि , सचना या फोन करके िोटरी जीतने का भरोसा
दििाकर अडवांस टै तस / खचाम आदि का कहकर बैंक खाते में रकम जमा करवा
िेना
34.Salami Attack : ववत्तीय अपराि क्जसमे छोटी छोटी कई आधथमक कटौनतयो को
जोड़कर एक बड़ी रकम बना िी जाती है | ये आधथमक कटौनतया इतनी छोटी होती
ह क्जन्हें आसानी से पकड़ा अनदह जा सकता |
35.Virus dissemination : िभामवना पण ू म सॉफ्टवेर डाि कर , कंप्यट
ू र को नकसान
पहं चाना
4 January 2020 19
 Continue…
36.Cyber Terrorism : इन्टरनेट का उपयोग कर िमकी के माध्यम से
राजनैनतक / वैचाररक िाभ के उद्िे श्य से दहंसक एवं ववघटनात्मक वारिातों
को अंजाम िे ना
37.Morphing: फोटो या वीडडयो में धचत्रों को बििने की प्रकक्रया
38.Website defamation : अनाधिकृत रूप से वेबसाइट के द्र्शश्य स्वरुप को बिि
िे ना
39.Pharming : वेबसाइट के रकफक को नकिी वेबसाइट पर रान्सफर करना
40.Skimming : क्रेडडट / डेबबट काडम से बैंककंग जानकाररया स्कीमर उपकरण से
एकबत्रत करना
41.Data theft :डाटा चोरी
42.Identity Theft / Fake Id : िोखािडी या मनोरं जन के उद्िे श्य से पहचान
चोरी
43.Spyware / Espionage on protected system : संरक्षित प्रणालियों पर
संवेिनशीि जानकाररयों की जासूसी करना
44.Financial frauds :इन्टरनेट के माध्यम से िािच व ् झांसा िे कर ववत्तीय
िोकािडी करना
45.Root kit : कंप्यूटर सॉफ्टवेर का संग्रह ह सामान्य तौर पर अनमनत नहीं
होने वािे िेत्र में पहं चने में सिम होता है , अपने अक्स्तत्व को छपाने का
भी काम
4 January 2020 करता है 20
 Continue…
46.Zombi: इन्टरनेट के माध्यम से जड़ा हआ है तड कंप्यट ू र ककसी
वायरस या रोजन के उपयोग से है कर ककसी िरू स्थ िोकेशन से
उसका उपयोग कर ककसी अन्य कंप्यट ू र को नकसान पहचाये |
47.Stegnography : गप्त एवम अनत महत्वपूणम डाटा को सभी के लिए
उपिब्ि सािारण सच ू नाओ में नछपाकर बाहर भेजना
48.Sniffer : डाटा की मोननटररंग या पैकेट को एनािाय्ज करने के लिए
उपयोग में लिया गया छोटा प्रोग्राम
49.Buffer overflow : ककसी कंप्यूटर में उसकी िमता से अधिक कमांड
भेजकर उसे क्रेस कर दिया जाता है या वह फ्रीज हो जाता है |
50.Pegasus spyware : यह एक स्पाई वेयर है , इजरायि की एक
कंपनी NSO ग्रप द्वारा बनाया गया है , जो मोबाइि में लमस्स्ड
कॉि के द्वारा भी इंस्टाि हो जाता है , एवं उसके बाि है कर के
कमांड पर स्माटम फोन काम करता है |

4 January 2020 21
Background of IT Act 2000: legal mandate
•To provide legal recognition for transactions
carried out by means of electronic data
interchange.
•To provide a legal framework to mitigate and
check cyber crime.
•To give effect to the resolution no. 162 dated
30.01.1997 of the General Assembly of United
Nations to enact law in uniformity with Model
Law on Electronics Commerce adopted by UN
Commission on International Trade Law.
4 January 2020 22
 Offences under IT Act:
Sec. 43 :
• any person without permission of the owner or any other person
who is in charge of a computer, computer system or computer
network,-
(a)Accesses or secures access to such computer, computer system
or computer network [or computer resource];
(b)downloads, copies or extracts any data, computer data base or
information from computer resource*
(c)Introduces or causes to be introduced any computer contaminant
or computer virus into any of computer resource
(d)Damages any computer resources or any other programme
residing in such computer, computer system or computer
network;

23
4 January 2020
 Sec. 43 Continue:
(e)Disrupts any of computer resource or causes disruption of any
computer, computer system or computer network;
(f)Denies or causes the denial of access to any person authorized to
access any computer resource by any means;
(g)Provides any assistance to any person to facilitate access to
computer resource in contravention of the provisions of this Act;
(h) Charges the services availed to the account of another person by
tampering with or manipulating any computer resource;
(i) destroy, deletes or alters any information residing in a computer
resource or diminishes its value;
(j) steal, conceals, destroys or alters any computer source code used
with an intention to cause damage .

4 January 2020 24
Computer System: A device or collection of
devices, including Input & output devices
(excluding calculators which are not
programmable and) capable of being used in
conjunction with external files which contain
programm, instructions, data etc. and performs
logic, arithmetic, storage, retrieval,
communication control etc. functions .

Computer Resource:
Computer, Computer system, Computer
network, Data, Computer Database or Software.
Communication Devices: means cell phones, personal
digital assistance or combination of both or any other
devices used to communicate, send or transmit any
text, video, audio or image.
Computer Network: satellite, Microwave, terrestrial line
, wire, wireless etc. communication media.
Computer Database: means a computer representation
of information, knowledge, facts, concepts or
instruction in text audio, image, audio, video Network
Computer Source Code: means the listing of
programmes, computer commands, design and layout
and programme analysis of computer resource in any
form.
Section 2(i) in the Information Technology Act, 2000

Computer:
Electronic, magnetic, optical device or any
other high speed data processing device or
system which performs logical, arithmetic &
memory functions by manipulation of
electronic, magnetic or optical impulses which
includes input, output, processing, storage,
computer software, communication facilities.

1/4/2020 27
Section 2(a) in The Information Technology Act, 2000

(a) "access" with its grammatical

variations and cognate expressions, means
gaining entry into, instructing or
communicating with the logical,
arithmetical or memory function
resources of a computer, computer system
or computer network;

28
4 January 2020
Section 65: Tampering with Computer
Source Documents
Whoever knowingly or intentionally conceals,
destroys or alters or intentionally or knowingly
causes another to conceal, destroy or alter any
computer source code used for a computer,
computer programme, computer system or
computer network, when the computer source
code is required to be kept or maintained by law
for the time being in force, shall be punishable
with imprisonment up to three years, or with
fine which may extend up to two lakh rupees, or
with both.

4 January 2020 29
Section 66: Computer Related Offences
• If any person, dishonestly, or
fraudulently, does any act referred to
in section 43, he shall be punishable
with imprisonment for a term which
may extend to three years or with
fine which may extend to five lakh
rupees or with both.

4 January 2020 30
Section 66A: Punishment for sending offensive messages through
communication service, etc. [Struck down by Supreme court judgment
Shreya Singhal vs Union of India (2015)]

• Any person who sends, by means of a computer resource

or a communication device,-
a) any information that is grossly offensive or has
menacing character; or
b) which is false, but for the purpose of causing
annoyance, inconvenience, danger, obstruction, insult,
injury, criminal intimidation, enmity, hatred, or ill will,
c) any electronic mail or message for causing annoyance
or inconvenience or to deceive or to mislead the
addressee or recipient about the origin of such messages
shall be punishable with imprisonment for a term which
may extend to two three years and with fine.

31
4 January 2020
Section 66B: Punishment for dishonestly receiving
stolen computer resource or communication
device -
• Whoever dishonestly receives or retains any
stolen computer resource or communication
device knowing or having reason to believe
the same to be stolen computer resource or
communication device, shall be punished
with imprisonment of either description for a
term which may extend to three years or
with fine which may extend to rupees one
lakh or with both.
4 January 2020
32
Section 66C: Punishment for identity
theft
• Whoever, fraudulently or dishonestly make
use of the electronic signature, password or
any other unique identification feature of any
other person, shall be punished with
imprisonment of either description for a term
which may extend to three years and shall
also be liable to fine which may extend to
rupees one lakh.

4 January 2020 33
 Section 66D: Punishment for cheating by
personation by using computer resource
• Whoever, by means of any communication device
or computer resource cheats by personation, shall
be punished with imprisonment of either
description for a term which may extend to three
years and shall also be liable to fine which may
extend to one lakh rupees.

34
4 January 2020
Section 66E: Punishment for violation of
privacy -
• Whoever, intentionally or knowingly
captures, publishes or transmits the image of
a private area of any person without his or
her consent, under circumstances violating
the privacy of that person, shall be punished
with imprisonment which may extend to
three years or with fine not exceeding two
lakh rupees, or with both .

35
4 January 2020
 Section 66F. Punishment for cyber
terrorism
• with intent to threaten the unity, integrity, security
or sovereignty of India or to strike terror in the
people by –
(i) denial of access to any person authorized to
access computer resource; or
(ii) attempting to access a computer resource
without authorization or
(iii) introducing or causing to introduce any
computer contaminant.
Imprisonment for life
4 January 2020 36
 Section 67 Punishment for publishing or
transmitting obscene material in electronic
form
• Whoever publishes or transmits in the electronic
form, any material which is obscene(lascivious
or appeals to prurient interest), shall be
punished on first conviction with imprisonment
which may extend to three years and with fine
which may extend to five lakh rupees and in the
event of a second or subsequent conviction with
imprisonment, which may extend to five years
and/ or fine which may extend to ten lakh
rupees.

37
4 January 2020
Section 67 A Punishment for publishing or
transmitting of material containing sexually
explicit act, etc. in electronic form
• Whoever publishes or transmits in the
electronic form any material which contains
sexually explicit act or conduct shall be
punished on first conviction with
imprisonment up to 5 years and with fine
which may extend to 10 lakh rupees and in
the event of second or subsequent conviction
with imprisonment up to 7 years and also
with fine up to 10 lakh rupees.
4 January 2020 38
Section 67 B Punishment for publishing or
transmitting of material depicting children in
sexually explicit act, etc. in electronic form
Whoever,-
(a) publishes or transmits material in any electronic form which
depicts children engaged in sexually explicit act or conduct or
(b) creates text or digital images, collects, seeks, browses,
downloads, advertises, promotes, exchanges or distributes
material in any electronic form depicting children in obscene or
indecent or sexually explicit manner etc. or
(c) cultivates, entices or induces children to online relationship with
one or more children for and on sexually explicit act etc. on the
computer resource or
(d) facilitates abusing children online or
(e) records in any electronic form own abuse or that of others
pertaining to sexually explicit act etc. with children,
Up to 5 years imprisonment or fine up to 10 lakh or both.

39
4 January 2020
Section 67C: Preservation and Retention of
information by intermediaries
(1) Intermediary shall preserve and retain such
information as may be specified for such
duration (90 days as per rule 4 of IR 2011) and
in such manner and format as the Central
Government may prescribe.
(2) Any intermediary who intentionally or
knowingly contravenes the provisions of sub
section (1) shall be punished with an
imprisonment for a term which may extend to
three years and shall also be liable to fine.

4 January 2020 40
Section 68: Power of Controller to give
directions-
1) The Controller may, by order, direct a Certifying
Authority or any employee of such Authority to take
such measures or cease carrying on such activities as
specified in the order if those are necessary to ensure
compliance with the provisions of this Act, rules or
any regulations made there under.
2) Any person who intentionally or knowingly fails to
comply with any order under sub-section (1) shall be
guilty of an offence and shall be liable on conviction
to imprisonment for a term not exceeding two years
or to a fine not exceeding one lakh rupees or to both.

41
4 January 2020
 Section 69 Powers to issue directions for interception
or monitoring or decryption of any information
through any computer resource-
• (1) Where the Central Government or a State Government or any
of its officer specially authorized by the Central Government or the
State Government, as the case may be, in this behalf may, if is
satisfied that it is necessary or expedient to do i) in the interest of
the sovereignty or ii) integrity of India or iii) defense of India or, iv)
security of the State or, v) friendly relations with foreign States or
vi) public order or vii) for preventing incitement to the commission
of any cognizable offence relating to above or viii) for investigation
of any offence, for reasons to be recorded in writing, by order,
direct any agency of the appropriate Government to intercept,
monitor or decrypt any information transmitted received or stored
through any computer resource.

4 January 2020
42
 Section 69 continue
(3) The intermediary or person incharge of the
computer resource when called upon shall extend
all facilities and technical assistance to access to
the computer resource, intercept, monitor or
decrypt information or provide information stored
in computer resource.
(4) The intermediary or person incharge of the
computer resource who fails to assist the agency
authorized above shall be punished with
imprisonment up to 7 years and also with fine.

4 January 2020 43
Intermediary: any particular electronic
records, means any person who on behalf
of another person receives, stores or
transmits that record or provides any
service with respect to that record and
includes telecom service provider,
network service providers, internet
service providers, webhosting service
providers

1/4/2020 44
Section 69 A Power to issue directions for blocking for
public access of any information-
(1) Where the Central Government or any of its officer specially
authorized by it in this behalf is satisfied that it is necessary or
expedient so to do in the i) interest of sovereignty and integrity
of India, ii) defense of India, iii) security of the State or iv)
friendly relations with foreign states or v) public order or vi) for
preventing incitement to the commission of any cognizable
offence relating to above, it may for reasons to be recorded in
writing, by order direct any agency of the Government or
intermediary to block access by the public any information
generated, transmitted, received, stored or hosted in any
computer resource.
(3) The intermediary who fails to comply with the direction issued
under sub-section (1) shall be punished with an imprisonment
for a term which may extend to seven years and also be liable to
fine.
45
4 January 2020
Section 71: Penalty for misrepresentation
Whoever makes any misrepresentation to, or
suppresses any material fact from, the
Controller or the Certifying Authority for
obtaining any license or Electronic Signature
Certificate, as the case may be, shall be
punished with imprisonment for a term
which may extend to two years, or with fine
which may extend to one lakh rupees, or
with both.

4 January 2020
46
Section 72 : Breach of confidentiality and
privacy
• Any person who, in pursuant of any of the
powers conferred under this Act, has secured
access to any electronic record, book, register,
correspondence, information, document or
other material without consent of the person
concerned discloses such electronic record,
book, register, correspondence, information,
document or other material to any other person
shall be punished with imprisonment for a term
which may extend to two years, or with fine
which may extend to one lakh rupees, or with
both.
4 January 2020 47
Section 72 A: Punishment for Disclosure of
information in breach of lawful contract
• Any person including an intermediary who, while
providing services under the terms of lawful contract,
has secured access to any material containing
personal information about another person, with the
intent to cause or knowing that he is likely to cause
wrongful loss or wrongful gain discloses, without the
consent of the person concerned, or in breach of a
lawful contract, such material to any other person
shall be punished with imprisonment for a term
which may extend to three years, or with a fine which
may extend to five lakh rupees, or with both.

48
4 January 2020
Section 73: Penalty for publishing electronic
Signature Certificate false in certain particulars

(1) No person shall publish a Electronic Signature

Certificate or otherwise make it available to any other
person with the knowledge that -
(a) the Certifying Authority listed in the certificate
has not issued it; or
(b) the subscriber listed in the certificate has not
accepted it; or
(c) the certificate has been revoked or suspended,
(2) Any person who contravenes the provisions of sub-
section (1) shall be punished with imprisonment up to
2 years, or with fine up to 1 lakh rupees, or with both.

4 January 2020 49
Section 74: Publication for fraudulent purpose-

Whoever knowingly creates, publishes

or otherwise makes available a
Electronic Signature Certificate for any
fraudulent or unlawful purpose shall be
punished with imprisonment for a term
up to 2 years, or with fine up to 1 lakh
rupees, or with both.

4 January 2020 50
Section 78: Power to investigate
offences
Notwithstanding anything contained in
the Code of Criminal Procedure, 1973, a
police officer not below the rank of
Inspector shall investigate any offence
under this Act.

4 January 2020 51
Section 80: Power of Police Officer and
Other Officers to Enter, Search, etc.
Any police officer, not below the rank of a
Inspector or any other officer of the Central
Government or a State Government
authorized by the Central Government in this
behalf may enter any public place and search
and arrest without warrant any person found
therein who is reasonably suspected of
having committed or of committing or of
being about to commit any offence under
this Act
4 January 2020 52
Section 84 B: Punishment for
abetment of offences
• Whoever abets any offence shall, if the act
abetted is committed in consequence of the
abatement, and no express provision is
made by this act for the punishment of such
abetment, be punished with the punishment
provided for the offence under this act.

4 January 2020 53
 Section 84 C: Punishment for attempt
to commit offences
• Whoever attempts to commit an offence punishable
by this act or causes such an offence to be
committed, and in such an attempt does any act
towards the commission of the offence, shall, where
no express provision is made for the punishment
such attempt, be punished with imprisonment of any
description provided for the offence for a term up to
one-half of longest term of imprisonment provided
for that offence or with such fine as is provided for
the offence, or with both.

4 January 2020 54
 Section 85: Offences by Companies
(1) Every person who, at the time the contravention was
committed, was in charge of, and was responsible to,
the company for the conduct of business of the
company as well as the company, shall be guilty of the
contravention and shall be liable to be proceeded
against and punished accordingly:
Provided that nothing contained in this sub-section
shall render any such person liable to punishment if
he proves that the contravention took place without
his knowledge or that he exercised all due diligence to
prevent such contravention.

4 January 2020 55
(2) Where a contravention of any of the
provisions of this Act has been committed by a
company and it is proved that the contravention
has taken place with the consent or connivance
of, or is attributable to any neglect on the part
of, any director, manager, secretary or other
officer of the company, such director, manager,
secretary or other officer shall also be deemed
to be guilty of the contravention and shall be
liable to be proceeded against and punished
accordingly.
4 January 2020 56
 Legal mandate to protect sensitive personal data or
information in computer resource
Section 43A: Compensation for failure to protect data

• Where a body corporate, possessing, dealing or

handling any sensitive personal data or
information in a computer resource which it owns,
controls or operates, is negligent in implementing
and maintaining reasonable security practices and
procedures and thereby causes wrongful loss or
wrongful gain to any person, such body corporate
shall be liable to pay damages by way of
compensation, to the person so affected.
4 January 2020 57
 Data Protection (Security)
43A. Compensation for failure to protect data
• Explanation: For the purposes of this section
• (i) "Body corporate" means any company and includes a firm, sole
proprietorship or other association of individuals engaged in commercial or
professional activities
• (ii) “Reasonable security practices and procedures" means
security practices and procedures designed to protect such information from
unauthorized access, damage, use, modification, disclosure or impairment, as
may be specified in an agreement between the parties or as may be specified
in any law for the time being in force[The Information
Technology(Reasonable Security Practices and procedures & Sensitive
personal data or information ) Rules 2011]
• (iii) "Sensitive personal data or information" means such
personal information as may be prescribed by the Central Government
[Rule 3 Reasonable Security Practices and procedures & Sensitive personal
data or information ) Rules 2011 ]

4 January 2020 58
 Sensitive personal data or information
• Rule 3 of IT (RSPPSPDI) Rules,2011:
1. Password;
2. Financial Information such as Bank Account or credit card
or debit card or other payment instrument details ;
3. Physical, physiological and mental health condition;
4. Sexual Orientation;
5. Medical records and history ;
6. Biometric Information ;
7. Any detail relating to the above clauses
8. Any of the information received under above clauses

4 January 2020 59
Rule 4
• The body corporate who collects,
receives, stores, deals or handle
information,
• shall provide a privacy policy for
handling of or dealing in sensitive
personal data which
• shall be published on website of
body corporate.
4 January 2020 60
 Rule 5
• Collection of information : (1) Body corporate or any
person on its behalf shall obtain consent in writing
through letter or Fax or email from the provider of the
sensitive personal data or information regarding
purpose of usage before collection of such information.
• (2) Body corporate or any person on its behalf shall not
collect sensitive personal data or information unless —
(a) the information is collected for a lawful purpose
connected with a function or activity of the body
corporate or any person on its behalf; and
(b) the collection of the sensitive personal data or
information is considered necessary for that purpose.

4 January 2020 61
 Rule 6
• Disclosure of Information : (1) Disclosure of
sensitive personal data or information by body
corporate to any third party shall require prior
permission from the provider of such information,
who has provided such information under lawful
contract or otherwise, unless such disclosure has
been agreed to in the contract between the body
corporate and provider of information, or where
the disclosure is necessary for compliance of a
legal obligation:
4 January 2020 62
 Rule 7
• Transfer of Information : A body corporate or any
person on its behalf may transfer sensitive
personal data or information including any
information, to any other body corporate or a
person in India, or located in any other country,
that ensures the same level of data protection
that is adhered to by the body corporate as
provided for under these Rules. The transfer may
be allowed only if it is necessary for the
performance of the lawful contract between the
body corporate or any person on its behalf and
provider of information or where such person has
consented to data transfer.
4 January 2020 63
Rule 8 (1)
Reasonable Security Practices and Procedures
Body corporate shall be considered to have
complied with RSPP, if they have
implemented such security practices and
standards and have a information security
programme and information security policies
that contain managerial, technical,
operational and physical security measures
required for protection of information assets.

4 January 2020 64
 Rule 8 (2)
Reasonable Security Practices and Procedures
1. The International Standard IS/ISO/IEC 27001
one such standard referred above
2. COBIT (Control Objectives for Information and
Related Technologies)
3. ITIL (Information Technology Infrastructure
Library)
4. Cyber Security Framework

Reference: CERT In Guidelines

4 January 2020 65
Rule 8 (3)
Reasonable Security Practices and Procedures

Any industry association or an entity formed

by such an association, whose members are
self-regulating by following other than
IS/ISO/IEC codes of best practices for data
protection as per sub-rule(1), shall get its
codes of best practices duly approved and
notified by the Central Government for
effective implementation.

4 January 2020 66
 Rule 8 (4)
• implemented either IS/ISO/IEC 27001 standard or the
course of best practices as per sub rule (3) shall be
deemed to have complied with reasonable security
practices and procedures provided that such standard
have been audited on a regular basis by independent
auditor, duly approved by the government.
• The audit of RSPP shall be carried out by an auditor at
least once a year or as and when the body corporate
or a person on its behalf undertake significant
upgradation of its process and computer resource.

67
4 January 2020
Important ISMS Standards
1. ISO/ IEC (27001:2013 )Information security
management standard
2. ISO/ IEC 27002 (Information technology – Security
techniques – Code of practice for information
security controls)
3. Control Objectives for Information and Related
Technologies (COBIT)
4. Information Technology Infrastructure Library(ITIL)
5. Schedule II- IT Security Guidelines IT Act 2000

68
4 January 2020
ISO/IEC Standardization
• International Standardization for
organization(ISO)
• International Electrotechnical commission
(IEC)
• ISO & IEC established a joint technical
commission (ISO/IEC JTC)
• ISO/IEC JTC prepared ISO/IEC (27001:2013) for
the information security management
system(ISMS)
4 January 2020 69
International Standardization
ISMS(ISO/IEC 27001:2013)
• 114 IT Security Controls
• Requirements: Information Security Policies-
1. Identification, Asset Management & Disposal ,Acceptable Use
(including Software) Policy
2. E-Mail, Information Transfer & Social Media Policy
3. HR Policy
4. Business Continuity and Backup Policy
5. Clear Screen & Clear Desk Policy
6. Network, Internet, Wi-Fi, LAN, Access Control, Server Room & Log
Policy
7. Data Security and Cryptography Policy (including Data Centers)
8. Privacy Policy
9. CCTV Policy
10. Password Policy
11. Mobile device and Teleworking

4 January 2020 70
ISMS(ISO/IEC 27001:2013) Controls
Control no. Control Objectives
A.5 Information Security Policies
A.6 Organization Information Security
A.7 Human Resource Security
A.8 Asset Management
A.9 Access Control
A.10 Cryptography
A.11 Physical & Environmental Security
A.12 Operational Security
A.13 Communication Security
A.14 System Acquisition, Development and Maintenance
A.15 Supplier Relationship
4 January 2020 71
ISMS(ISO/IEC 27001:2013) Controls
Control no. Control Objective
A.16 Information Security Incident Management
A.17 Information Security Aspects of Business Continuity Management
A.18 Compliances

4 January 2020 72
 General Data Protection Regulation
(GDPR)
• The European Union (EU) Parliament approved the
“General Data Protection Regulation (GDPR)” on April 14,
2016 enforceable on May 25, 2018.
• This legal mandate is applicable to
i) All data controller or processor established in EU,
ii) Processes and monitors personal data of individuals
who are in EU and
iii) To data controller or processor who are established
outside EU where law of any one of EU countries apply.
• Penalty for non compliance is fines up to 20 Million
EURO, or up to 4 % of the total worldwide annual
turnover of the preceding financial year, whichever is
higher. but there are no criminal proceedings and
provision of imprisonment.
4 January 2020 73
Personal Data Protection Bill, 2018
• The Government of India also found that the
present legal mandate to protect the data
(Section 43A) is insufficient and not
compatible with the present IT Security
scenario.
• The Central Government has drafted a Bill on
‘Personal Data Protection’ on which Justice
BN Shri Krishna Committee has recently
submitted a report to IT Minister.
74
4 January 2020
Personal Data as per Personal Data
Protection Bill, 2018
• Data about or relating to a natural person who is
i) Directly or indirectly identifiable,
ii) having regard to any characteristic,
iii) trait,
iv) attribute or
v) any other feature of the identity
• of such natural person, or any combination of
such features, or any combination of such
features with any other information;

4 January 2020 75
Sensitive Personal Data as per
Personal Data Protection Bill, 2018
(i) Passwords;
(ii) Financial data;
(iii) Health data;
(iv) Official identifier;
(v) Sex life;
(vi) Sexual orientation;
(vii) Biometric data;
(viii) Genetic data;
(ix) Transgender status;
(x) Intersex status;
(xi) Caste or Tribe;
(xii) Religious or political belief or affiliation; or
(xiii) Any other category of data specified by the Authority under
section 22.
4 January 2020 76
Personal Data Protection Bill, 2018
Penalty
• The Central Government has drafted a Bill on
‘Personal Data Protection’ on which Justice BN Shri
Krishna Committee has recently submitted a report to
IT Minister.
• On the contravention of obligation under Sec. 32,
33,35,36 & 38(2) the penalty is five crore rupees or
two percent of its total worldwide turnover of the
preceding financial year, whichever is higher, and
• For the non compliance of obligation under chapter
II, III, IV, V & Sec. 31,41 the penalty is up to fifteen
crore rupees or four percent of its total worldwide
turnover of the preceding financial year, whichever
is higher .
•4 January 2020 77
Personal Data Protection Bill, 2018
Punishment
• In addition to this, if a person
knowingly and intentionally or
recklessly obtains, transfers, discloses,
sells, or offers to sell Personal Data/
Sensitive Personal Data, he is
punishable with imprisonment up to
3/ 5 years or shall be liable to a fine up
to rupees 2 lakhs/ 3lakhs or both.
78
4 January 2020
Data audits as per Personal Protection
Bill, 2018 (Section 35)
• The Data Fiduciary shall have its policies and
conduct its processing of personal data
audited annually by an independent data
auditor.
• The data auditor will evaluate the compliance
of the data fiduciary with the provisions of
this act.

4 January 2020 79
Digital Evidence and its
admissibility in Investigation
Information as an evidence
1. Evidence of Relevant Facts (Chapter II )
2. Oral evidence (Chapter IV- Section 59 & 60)
3. Documentary evidence (Chapter V)
4. Primary evidence (Section 62)
5. Secondary evidence (Section 63)
6. Proof of documents by primary evidence
(Section 64)
7. Secondary evidence (Section 65)

4 January 2020
81
Section 65B Indian Evidence Act (1)
a) Which is printed on a paper, stored, recorded or
b) Copied in optical or magnetic media
c) Produced by a computer
d) Shall be deemed to be also a document ,if the
conditions mentioned in this section are satisfied
e) In relation to the information and
f) Computer in question and
g) Shall be admissible in any proceedings, without
further proof or production of the original
h) As evidence of any contents of the original or of any
fact stated therein of which direct evidence would
be admissible
Section 65B(2)
a) The computer from which the record is generated
was regularly used to store or process information
in respect of activity regularly carried on by a
person having lawful control over the period and
relates to the period over which the computer was
regularly used;
b)Information was fed in computer in the ordinary
course of the activities of the person having lawful
control over the computer.
c)The computer was operating properly, and if not,
was not such as to affect the electronics record or its
accuracy.
d) Information reproduced is such as is fed into
computer in the ordinary course of activity.
Section 65B(3)
The following computers shall constitute as single
computer

a) By a combination of computers operating over that

period; or
b) By different computers operating in succession over
that period ,or
c) By different combination of computers operating in
succession over that period ; or
d) In whatever order of one or more computers and
one or more combinations of computers
Section 65B(4)
Regarding the person who can issue the certificate and
contents of certificate, it provides the certificate doing
any of the following things:

a) Identifying the electronic record containing the

statement and describing the manner in which it
was produced;
b) Giving the particulars of device
c) Dealing with any of the matters to which the
conditions mentioned in sub-section (2) relate,
And purporting to be signed by a person
 occupying a responsible official position in
relation to the operation of the relevant device
or
 The management of the relevant activities
(whichever is appropriate) shall be evidence of
any matter stated in the certificate; and
 For the purposes of this sub-section it shall be
sufficient for a matter to be stated to the best of
the knowledge and belief of the person stating
it.
Section 65B(5)
(a) Information shall be taken to be supplied to a computer if it is
supplied thereto in any appropriate form and whether it is so
supplied directly or (with or without human intervention) by
means of any appropriate equipment;
(b) Whether in the course of activities carried on by any official
information is supplied with a view to its being stored or
processed for the purposes of those activities by a computer
operated otherwise than in the course of those activities, that
information, if duly supplied to that computer, shall be taken
to be supplied to it in the course of those activities;
(c) A computer output shall be taken to have been produced by
a computer whether it was produced by it directly or (with or
without human intervention) by means of any appropriate
equipment.
4 January 2020 87
 Anvar P.V vs P.K.Basheer & Ors on 18
September, 2014
• Interpreting Section 65B (4), the three-judge
bench of Justice RM Lodha, Justice Kurian
Joseph and Justice Rohinton Nariman in
Anvar’s case held that an electronic record is
inadmissible in evidence without the
certification as provided therein.

4 January 2020 88
 Shafhi Mohammad vs The State Of Himachal
Pradesh on 30 January, 2018
In The Supreme Court Of India
• Thus, requirement of certificate under Section
65B(h) is not always mandatory. Accordingly, we
clarify the legal position on the subject on the
admissibility of the electronic evidence,
especially by a party who is not in possession of
device from which the document is produced.
Such party cannot be required to produce
certificate under Section 65B(4) of the Evidence
Act. The applicability of requirement of
certificate being procedural can be relaxed by
Court wherever interest of justice so justifies.

4 January 2020 89
Jurisdiction and Territorial
Competencies
Sec. 13: Time & place of despatch and
receipt of electronic records
(1) Save as otherwise agreed to between the
originator and the addressee , the despatch
of an electronic record occurs when it enters
a computer resource outside the control of
the originator.
(2) Save as otherwise agreed between the
originator and the addressee, the time of
receipt of an electronic record shall be
determined as follows, namely: -

4 January 2020 91
Sec. 13: Continue
(a) If the addressee has designated a computer
resource for the purpose of receiving electronic
records,-
(i) receipt occurs at the time when the electronic
record enters the designated computer
resource; or
(ii) If the electronic record is sent to a computer
resource of the addressee that is not the
designated computer resource, receipt occurs at
the time when the electronic record is retrieved
by the addressee.

4 January 2020 92
Sec. 13: Continue
(b) If the addressee has not designated a
computer resource along with, specified
timing, if any, receipt occurs when the
electronic enters the computer resource of
the addressee.

4 January 2020 93
Sec. 13: Continue
(3) Save as otherwise agreed to between the
originator and the addressee, an electronic
record is deemed to be despatched at the
place where the originator has his place of
business , and is deemed to be received at
the place where the addressee has his place
of business.

4 January 2020 94
Sec. 13: Continue
• (4) The provisions of sub-section (2) shall
apply notwithstanding that the place where
the computer resource is located may be
different from the place where the electronic
record is deemed to have been received
under sub-section (3).
Sec. 13: Continue
(5)For the purposes of this section –
(a) if the originator or the addressee has more than one
place of business, the principal place of business
shall be the place of business;
(b) if the originator or the addressee does not have a
place of business, his usual place of residence shall
be deemed to be the place of business;
(c)"Usual Place of Residence", in relation to a body
corporate, means the place where it is registered.
 Cyber Forensics
• Cyber forensics also called Computer forensics
or Forensics computing is a scientific process of
cyber investigation which deals with the
identification/search, extraction/seizure,
preservation, analysis, interpretation,
documentation and presentation of digital/
computer evidence through reviewed
techniques, procedure and well tested tools, in
a manner that is legally acceptable or
admissible in court of law.
 Electronic evidence
Electronic evidence is defined as information
and data of value to an investigation that is
stored on, received or transmitted by an
Electronic device.
Types of Evidence available in digital devices

1. Conventional
2. Digital
i) Volatile (It is computer storage that only
maintains its data while the device is
powered).
ii) Non-volatile (non-volatile storage is a type of
computer memory that can retrieve stored
information even after having been power
cycled).
Identify Digital Evidences
 Evolution of Electronic Evidence
1984, the FBI began to use computer
evidence
In 1991, a new term; "Computer Forensics"
was introduced.
In India IT Act 2000. On 17th October 2000,
ITA 2000 was notified and along with it the
Indian Evidence Act 1872 got amended with
several new sections being added to address
the issue of Electronic Evidence.
 Electronic evidence
Electronic evidence is defined as information
and data of value to an investigation that is
stored on, received or transmitted by an
Electronic device.
Characteristics of Electronic Evidence
• Is virtual in nature
• Is easily altered
• Requires precautions to prevent alteration
• Requires special tools and equipment
• Requires specialized training
• Requires expert testimony
 Where is Electronic Evidence?
 Any kind of storage device – CD’s, DVD’s, floppy disks,
hard drives, external drives, SD cards, SIM cards, Cell
phone memory , RAM , Cloud storage etc.
 Digital devices: Desktop, Laptop, tablet, Smart phone,
Electronic camera, Fax machines, Biometric thumb
machines, answering machines, cordless phones,
pagers, caller-ID, scanners, printers and copiers
 CCTV DVR (Digital video recorder)
 Website data, email, social media content, mobile
applications, chat, search activities
 Call data record (CDR), IPDR (IP Detail Record)
A computing device have
SMPS (Switched Mode Power Supply)
 Power Cable
 Network Cable
 Mother Board
 Hard Disk
 RAM
 Buses (To Connect Peripherals)
 Wired or Wireless N/w card
 Input and Output Devices
 External Memory Devices
SMPS [Switched Mode Power Supply]

Generates
and provides
+12V, +5V or
3.3V power
supplies

No Evidence

106
RAM
(Random Access Memory)

Evidence ** 107
Mother Board

Evidence **
108
Ports
• Facilitate data/power transfer between computers & peripherals. Depending upon
the speed of data transport, ports are :
– Serial/Com - serially, [bit by bit] 5 Kbps
– Parallel [byte by byte] 50-200 Kbps
– USB Ports [6- 12 Mbps USB 1]
– [USB2 -480 Mbps, USB3 – 4.8 Gbps]

– Fire Wire Ports [400/800 Mbps]

– eSata Port – 6 Gbps

Conventional Evidence
109
Fire wire/USB/eSata

Conventional
Evidence

110
CPU

Central Processing Unit

No Evidence

111111
112
Input Devices

Conventional Evidence
113
Output Devices
– CRT- Cathode Ray Tube Display
– LCD - Liquid Crystal Display
– TFT- Thin Film Transistor Display
– LED – Light Emitting Diode Display
– Printers – Inkjet, Laser jet,
Thermal, Copier*
Conventional Evidence

114
Storage Media Devices

Semi-
Magnetic Optic
conductor

115
 Magnetic Media

• Magnetic Media uses orientation of magnetized particles on

an oxide-based surface to encode bits.

Evidence
116
Floppy Disk

Evidence

117
 Optic Media

Optic Media creates transparent or opaque spots on a

polycarbonate material to encode bits

Evidence

118
 Semiconductor Media Devices

– uses a non-volatile transistor memory array to store bits

– Pen drive, SD(Secure DATA Card), Micro SD Card, External Hard Disk

Evidence
119
Personal Data Assistants (PDA), Digital
Cameras, MP3 Players

Evidence
120120
Designer Storage Devices

121
 Networking Components
• Network Interface Cards (NIC)
Wired or Wireless
• Networking Cables

Conventional Evidence 124124

New Technology Computers
(Computer without CPU cabinets)
Mobile Phone / Smart Phone
 IOT Devices
• Smart Appliances: Speakers, home assistants
(e.g. Amazon Alexa, Google Home), kitchen
appliances, Smart TVs, etc.
• Smart Home Systems: Doorbells, thermostats,
lighting, security cameras (CCTV), etc.
• Wearable Items: Health trackers (e.g. FitBit),
medical devices (e.g. pacemakers), sleep
trackers, eye glasses, watches, panic buttons,
mood sensors, clothing, etc.
Information Source in Social media/
Email / Website/ Cloud Storage
• Facebook
Facebook Account ID (User account, Page, Group) / Account URL / Post
ID
• Twitter
Twitter Handle/ URL
• Whatsapp
Whatsapp phone no.
• Instagram
Instagram ID/ URL
• YouTube
Email ID, Channel Name, Link of Video
• E-Mail
Email addresses, Email Header, Message ID of Mail
• Website
Website URL, User Accounts
• Cloud Storage
Account lD like apple ID, Google drive (mail id), dropbox (user account)
 Google
• Google knows you better than you know
yourself!
• Google does not forget
• Google does not delete
• Lots of Google Products & Services only on a
single mail id, like G-Mail, YouTube, Photos,
Calendar, Android account, Spreadsheet,
Google drive, Google Map etc.
 Google My Activity
www.myactivity.google.com
• Activity controls
• Web & App Activity
• Location History
• Device Information
• Voice & Audio Activity
• YouTube Search History
• YouTube Watch History
 Hash values for integrity of digital evidences
• Hash values are similar like fingerprints for files.
• Way to represent a piece of Electronic data with a unique
numerical value ‘Hash Value’ by applying a mathematical
algorithm to the data.
• It maintains the integrity of electronic evidences.
• Two files with exactly the same bit patterns should hash to
the same value using the same hashing algorithm.
• Two algorithms are currently widely used to produce hash
values: the MD5 and SHA1 algorithms.
• MD5:464668D58274A7840E264E8739884247
• SHA-1:4698215F643BECFF6C6F3D2BF447ACE0C067149E