Cyber Crime Investigation
Cyber Crime Investigation
Cyber Crime Investigation
2 12/7/21
Possible reliefs to a cybercrime victim-
strategy adoption
A victim of cybercrime needs to immediately report the matter to his
local police station and to the nearest cybercrime cell
Depending on the nature of crime there may be civil and criminal
remedies.
In civil remedies , injunction and restraint orders may be sought,
together with damages, delivery up of infringing matter and/or account
for profits.
In criminal remedies, a cybercrime case will be registered by police if
the offence is cognisable and if the same is non cognisable, a complaint
should be filed with metropolitan magistrate
For certain offences, both civil and criminal remedies may be available
to the victim
Contents of charge
(2) For the purposes of sub-section (1), the Director of the Indian Computer
Emergency Response Team may call for information pertaining to cyber
security from the service providers, intermediaries or any other person.
By virtue of provision of Section 65A, the contents of electronic records may be proved
in evidence by parties in accordance with provision of 65B.
Held- Sub section (1) of section 65B makes admissible as a document, paper print out of
electronic records stored in optical or magnetic media produced by a computer subject to
fulfillment of conditions specified in subsection 2 of Section 65B .
a) The computer from which the record is generated was regularly used to store or process
information in respect of activity regularly carried on by person having lawful control
over the period, and relates to the period over which the computer was regularly used.
b) Information was fed in the computer in the ordinary course of the activities of the person
having lawful control over the computer.
c) The computer was operating properly, and if not, was not such as to affect the electronic
record or its accuracy.
d) Information reproduced is such as is fed into computer in the ordinary course of activity.
State v Mohd Afzal, 2003 (7) AD (Delhi)1
Initial response
Assessment
Acquisition
Authentication
Analysis
Articulation
Identifying
Preserving
Analysing
Presenting evidence in a legally
admissible manner
Existing Files
Deleted Files
Logs
Special system files (registry etc.)
Email archives, printer spools
Administrative settings
Internet History
Chat archives
Misnamed Files
Encrypted Files / Password Protected files etc.
Tools required:
- Evidence notebook
- Tamper evident labels
- Permanent ink pen
- Camera
Document the following:
- Who reported the incident along with critical date and times
- Details leading up to formal investigation
- Names of all people conducting investigation
- Establish and maintain detailed ‘activity log’
FTK is developed by
Access Data Corporation
(USA); it enables law
enforcement and corporate
security professionals to
perform complete and in-
depth computer forensic
analysis.
42
Dr. Tabrez ahmad, www.site.technolexindia.com, Main Window of FTK
12/7/21
http://technolexindia.blogspot.com
TYPICAL TOOLS
EMAIL TRACER
TRUEBACK
CYBERCHECK
MANUAL
AS A PRE-EMPTIVE TOOL
EMAIL TRACING SERVICE
Users can submit their tracing task to Email Tracer
through web.
Tracing IP Address upto city level (non-spoofed)
Detection of spoofed mail
Detailed report
TRUEBACK
FEATURES OF TRUE BACK
DOS application with event based Windowing
System.
Self-integrity check.
Minimum system configuration check.
Extraction of system information
Three modes of operation:
- Seize
- Acquire
- Seize and Acquire
CYBER CHECK
Cyber Check Suites:
INTERNET
GRID
GRID SERVER
FSL CBI
INTERNET
GRID
GRID SERVER
CBI
2. SERVER FSL
RECEIVES AND
DISTRIBUTES TO POLICE CRIME CELL
GRID CLIENTS
73
MULTI DIMENSIONAL CHALLENGES
TECHNICAL
Ubiquity Of Computers
Crimes Occur In All Jurisdictions
Training Law Enforcement Agencies Becomes a
Challenge
Technology Revolution Leads To Newer Systems, Devices
Etc..