Professional Documents
Culture Documents
FORENSICS
A brief overview
By
1. Mubin Khan
2. Amruta Naik
Under valuable guidance of
(Prof.)Dr. Shahista Inamdar
Introduction to Cyber crime
• Computer or Computer networks are used as a tool or a target or a place of Criminal
activity
• First recorded Cyber Crime in the world-1820-France.
• In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom.
This device allowed the repetition of a series of steps in the weaving of special fabrics.
This resulted in a fear amongst Jacquard's employees that their traditional employment
and livelihood were being threatened. They committed acts of sabotage to discourage
Jacquard from further use of the new technology. This is the first recorded cyber crime!
• Unauthorized access to Computer systems, data destruction, data alteration,IP theft etc.
• It is becoming a global organized crime.
How it differs from other crimes?
• Easy to learn
• Requires few resources
• Can be committed from anywhere in the world.
• Different laws in different countries. For eg. betting , lotteries are legal
in many countries.
• Criminals are not easily traceable as physical presence is not required.
• International access over World wide web.
Types of Cyber crime
• Hacking
• Phishing
• Software Piracy
• Cyber stalking
• Denial of service
• Financial Crimes/Hawala
• IP crimes
• Forgery
Why Cybercrime threat looms India?
• 2nd Largest population in the world
• Highest number of young people in the age group of 18-45 years
• Largest unemployment
• Cheapest Internet in the world
• Large use of Online platforms
• Increase of Social media platforms
• Internet connections growing at approximately 30% per annum
International Legislations for Cybercrimes
• OECD
1.1983-Research in Criminal Law Problems of Computer related crimes
2.1992-Guidelines for security of information systems
• G8
1997-Subgroup of High tech crime
• OAS
1999-Established a group of Government experts on Cyber crime
• APEC
2002-Commitment to enact a comprehensive set of laws relating to Cyber Security
and Cyber Crime.
Forensic Science
• The term ‘Forensic’ is derived from the Latin word ‘forensis/’ which
means belonging to courts of justice or to public discussion and
debate.
• Forensic Sciences can be defined broadly as that Scientific discipline
which is directed to the recognition,identification,individualization and
evaluation of physical evidence by the application of principles and
methods of natural sciences for the purpose of administration of
Criminal justice.
• Criminalistics is another synonymous term which is commonly used in
U.S.A.
Computer Forensics
• Computer forensics (also known as computer forensic science is a branch
of digital forensic science pertaining to evidence found in computers and
digital storage media.
• The goal of computer forensics is to examine digital media in a forensically
sound manner with the aim of identifying, preserving, recovering,
analyzing and presenting facts and opinions about the digital information.
• Although it is most often associated with the investigation of a wide
variety of computer crime, computer forensics may also be used in civil
proceedings. The discipline involves similar techniques and principles
to data recovery, but with additional guidelines and practices designed to
create a legal audit trail.
Advantages of Cyber Forensic
• The ability to reduce or even eliminate sampling risk – This is the biggest advantage of
forensic accountants over the external auditors.
• The comparison of relevant types of data from different systems or sources to show a
more complete picture
• The ability to easily trend relevant data over periods of time; fluctuations in trending
lines can be analyzed further for false positives and potential risk factors
• The quick identification and extraction of certain risk criteria from the entire data
population for further analysis
• The testing for effectiveness of the control environment and policies in place by
identifying attributes that violate rules
• The identifying trends of which company personnel, consultants and forensic
accountants were unaware.
Importance of Cyber Forensics
• Technology combined with forensic paves the way for quicker investigations and
accurate results.
• Cyber forensics helps in collecting important digital evidence to trace the criminal.
• Electronic equipment stores massive amounts of data that a normal person fails to
see. For example: in a smart house, for every word we speak, actions performed by
smart devices, collect huge data which is crucial in cyber forensics.
• It is also helpful for innocent people to prove their innocence via the evidence
collected online.
• It is not only used to solve digital crimes but also used to solve real-world crimes like
theft cases, murder, etc.
• Businesses are equally benefitted from cyber forensics in tracking system breaches and
finding the attackers.
How Cyber Forensic experts work?
• Identification: The first step of cyber forensics experts are to identify what evidence is
present, where it is stored, and in which format it is stored.
• Preservation: After identifying the data the next step is to safely preserve the data and not
allow other people to use that device so that no one can tamper data.
• Analysis: After getting the data, the next step is to analyze the data or system. Here the
expert recovers the deleted files and verifies the recovered data and finds the evidence that
the criminal tried to erase by deleting secret files. This process might take several iterations
to reach the final conclusion.
• Documentation: Now after analyzing data a record is created. This record contains all the
recovered and available(not deleted) data which helps in recreating the crime scene and
reviewing it.
• Presentation: This is the final step in which the analyzed data is presented in front of the
court to solve cases.
Types of Cyber Forensics
• Network forensics: This involves monitoring and analyzing the network traffic to and from the criminal’s
network. The tools used here are network intrusion detection systems and other automated tools.
• Email forensics: In this type of forensics, the experts check the email of the criminal and recover
deleted email threads to extract out crucial information related to the case.
• Malware forensics: This branch of forensics involves hacking related crimes. Here, the forensics expert
examines the malware, trojans to identify the hacker involved behind this.
• Memory forensics: This branch of forensics deals with collecting data from the memory(like cache,
RAM, etc.) in raw and then retrieve information from that data.
• Mobile Phone forensics: This branch of forensics generally deals with mobile phones. They examine and
analyze data from the mobile phone.
• Database forensics: This branch of forensics examines and analyzes the data from databases and their
related metadata.
• Disk forensics: This branch of forensics extracts data from storage media by searching modified, active,
or deleted files.
Techniques that cyber forensic investigators use
1. In section 3,—
(a) In the definition of "Evidence", for the words "all documents produced for the inspection of
the Court", the words "all documents including electronic records produced for the inspection
of the Court" have been substituted;
(b) after the definition of "India", the following have been inserted, namely:— 'the expressions
"Certifying Authority", "digital signature", "Digital Signature Certificate", "electronic form",
"electronic records", "information", "secure electronic record", "secure digital signature" and
"subscriber" with the meanings respectively assigned to them in the Information Technology
Act, 2000. '
Continued….
2. In section 17, for the words "oral or documentary,", the words "oral or documentary or contained in
electronic form" have been substituted.
3. After section 22, section 22A has been inserted which says that “Oral admissions as to the contents of
electronic records are not relevant, unless the genuineness of the electronic record produced is in
question.".
4. In section 34, for the words "Entries in the books of account", the words "Entries in the books of account,
including those maintained in an electronic form" have been substituted.
5. In section 35, for the word "record", in both the places where it occurs, the words "record or an electronic
record" have been substituted.
6. For section 39, the following section has been substituted, namely: —
What evidence to be given when statement forms part of a conversation, document, electronic record, book
or series of letters or papers.
Continued….
7 After section 47, section 47A has been inserted, which talks about, Opinion as to digital signature where
relevant.
8. In section 59, for the words "contents of documents" the words "contents of documents or electronic
records" have been substituted.
9. After section 65, section 65A and 65B have been added laying down the provisions about Admissibility of
electronic records.
10. After section 67, section 67A has been inserted, which talks about Proof as to digital signature.
11. After section 73, section 73A has been added which talks about Proof as to verification of digital signature.
Continued….
• 12. After section 81, section 81A has been added which talks about Presumption as to Gazettes in electronic
forms.
• 13. After section 85, the following sections have been inserted, namely: —
i) 85A which talks about Presumption as to electronic agreements
ii) 85B which talks about Presumption as to electronic records and digital signatures.
iii) 85C which talks about Presumption as to Digital Signature Certificates.
14. After section 88, section 88A has been inserted which talks about Presumption as to electronic messages.
•
15. After section 90, section 90A has been added which talks about Presumption as to electronic records five
years old.
•
16. For section 131, the following section has been substituted, namely: — Production of documents or
electronic records which another person, having possession, could refuse to produce.
Cyber Crimes-Pornography
• ‘Obscenity’ means sexual act or language which shocks people or offends
them. When obscenity is committed via the internet it is termed as “cyber
obscenity”
• Cyber obscenity is a trading of sexually expressive materials within cyber
space. Legally cyber obscenity is also termed as ‘pornography’
• According to the honourable Supreme court of India- “ Obscenity has a
tendency to deprave and corrupt those, whose minds are open to such
immoral influence”.
• Pornography includes pornographic magazines produced using the internet
and the internet transmit pornographic pictures, videos, writing, etc.
Cyber Crime-Pornography In India
• Cyber crime is increasing dreadfully in India and according to Indian courts
‘common law approach of dispute resolution has been adopted. Various cases
were filed in India in recent time which are related to cyber obscenity. For eg.
“BOYS LOCKER ROOM” case in which the accused used to have indecent
conversation in the group and had shared obscene pictures of girls.
• Similarly, there is a group named “GIRLS LOCKER ROOM” where girls have been
accused of similar obscene comments and conversations.
• In India, where the society is in flux and as people are modifying themselves,
there are certain groups of people who still believe that advertisements related
to spreading awareness of the use of ‘sanitary pads’ and ‘condoms’ publically are
somewhat vulgar. It is very important that people understand its true meaning.
Laws relating to Obscenity and Pornography
in India
Sections related to obscenity under India Penal Code,1860
• Section 292 states that whoever sells, lets to hire, imports or exports any obscene object or whoever takes part in
such business or advertisement of any such object, etc shall be punished with imprisonment and fine.
• Section 293 states that whoever sells, lets to hire, distributes, exhibit or circulate to any person under the age of 20
years, any such obscene object, shall be punished with imprisonment.
• Section 294 states that whoever does any obscene act in any public place or sings, recites or utters any obscene
song, near a public place , shall be punished.
Under Indian Constitution
• The freedom of expression guaranteed under Article 19(1) (a) is subject to some reasonable state restrictions in the
interest of decency or morality. So, it is clear from this Article that no one can do anything in lieu of their
fundamental right guaranteed under Article 19 of Indian constitution. Though the people of India have fundamental
right to Freedom of Speech and Expression, they cannot blindly do any act which is likely to cause obscenity.
Information Technology Act,2000
• Cyber law also provide some relief to cyber obscenity or pornography. Section67 of the act lays down that obscenity
is an offence when it is published or transmitted or caused to be published in any electronic form.
Continued….
The Indecent Representation of Women Act,1986.
• Sec 2(c) of the act defines indecent representation of women. This act also
prohibits publication, sale, etc. containing indecent representation of women
and publication or sending by post or figuring in any form containing indecent
representation of women.
• Sec 6 describes the punishment for contravention of any of the provision of this
act.