Cyber Crime Investigation and Cyber forensic

Cyber Crime Investigation and Forensics

1

A PROJECT REPORT

ON

CYBER CRIME INVESTIGATION AND FORENSICS

Contents:

CYBER CRIME INVESTATION ------------------------------------------------------------------4--31

What Is Cyber Crime---------------------------------------------------------------------------4--4

Examples Include---------------------------------------------------------------------------4

Definition------------------------------------------------------------------------------------4

Reasons For Cyber Crime---------------------------------------------------------------------4--5

Capacity To Store Data In Comparatively Small Space-------------------------------5

Easy To Access------------------------------------------------------------------------------5

Complex--------------------------------------------------------------------------------------5

Negligence-----------------------------------------------------------------------------------5

Loss Of Evidence---------------------------------------------------------------------------5

Cyber Criminals---------------------------------------------------------------------------------5--6

Children And Adolescents Between The Age Group Of 6 – 18 Years --------------6

Organized Hackers--------------------------------------------------------------------------6

Professional Hackers / Crackers ----------------------------------------------------------6

Discontented Employees-------------------------------------------------------------------6

Mode And Manner Of Committing Cyber Crime----------------------------------------6--8

Unauthorized Access To Computer Systems Or Networks / Hacking---------------6


2

Theft Of Information Contained In Electronic Form-----------------------------------7

Email Bombing------------------------------------------------------------------------------7

Data Diddling--------------------------------------------------------------------------------7

Salami Attacks-------------------------------------------------------------------------------7

Denial Of Service Attack-------------------------------------------------------------------7

Virus / Worm Attacks----------------------------------------------------------------------7

Logic Bombs---------------------------------------------------------------------------------8

Trojan Attacks-------------------------------------------------------------------------------8

Internet Time Thefts------------------------------------------------------------------------8

Web Jacking---------------------------------------------------------------------------------8

Understand The Fundamentals---------------------------------------------------------------9--9

Classification Of Cyber Crime--------------------------------------------------------------9--10

Computer As Target------------------------------------------------------------------------9

Computer As An Instrumentality---------------------------------------------------------9

Computer As An Incidental Or Other Crime-------------------------------------------10

Crime Associated With The Prevalence Of Computers------------------------------10

Why Learn About Cyber Crime----------------------------------------------------------10--10

Types Of Cyber Crime----------------------------------------------------------------------10--14

Email Related Crime------------------------------------------------------------------------14--14

Case Studies-----------------------------------------------------------------------------------15--20

Case No.1------------------------------------------------------------------------------15--16

Case No.2------------------------------------------------------------------------------17--18

Case No.3-----------------------------------------------------------------------------------19

Case No.4-----------------------------------------------------------------------------------20

Characteristics Of Computer Crime-----------------------------------------------------21--21

Prevention Of Cyber Crime----------------------------------------------------------------21--22

Questionnaire ---------------------------------------------------------------------------------23--25

Relevance Of Evidence----------------------------------------------------------------------26--26

Indian Evidence Act (Amended)----------------------------------------------------------26--26

When Oral Admission As To Contents Of Electronic Records Are Relevant—26--27


3

Opinion As To Digital Signature Where Relevant-------------------------------------27--27

Proof As To Digital Signature-------------------------------------------------------------27--27

Proof As To Verification Of Digital Signature-----------------------------------------27--27

Admissibility Of Electronic Records-----------------------------------------------------27--28

Presumption As To Electronic Records And Digital Signatures-------------------28--28

Presumption As To Electronic Messages------------------------------------------------28--29

Presumption As To Electronic Records Five Years Old-----------------------------29--29

Recent Amendments-------------------------------------------------------------------------29--29

Important Amendments To IT Act-------------------------------------------------------29--30

Cyber Terrorism Is Defined In Section 66F--------------------------------------------30--31

Important Amendments To IPC----------------------------------------------------------31--31

Important Amendments To CRPC-------------------------------------------------------32--32

Our Analysis-----------------------------------------------------------------------------------32--32

Conclusion-------------------------------------------------------------------------------------32--32

Establishment of PUNE cyber cell--------------------------------------------------------33--33

FORENSICS-------------------------------------------------------------------------------------------34--39

What Is Cyber Forensics--------------------------------------------------------------------34--34

Different Type’s Of Storage Media-------------------------------------------------------35--35

Electronic Evidence Precautions----------------------------------------------------------35--35

Computer Forensics-------------------------------------------------------------------------36--36

Electronic Evidence Considerations------------------------------------------------------36--36

Incident Response----------------------------------------------------------------------------36--36

Collecting Volatile Data---------------------------------------------------------------------37--37

Imaging Electronic Media (Evidence)----------------------------------------------------37--37

Forensic Analysis-----------------------------------------------------------------------------37--37

Reasons for Evidence------------------------------------------------------------------------37--38

Evidence Processing Guidelines-----------------------------------------------------------38--39

Conclusion-------------------------------------------------------------------------------------39--39


4

What is Cyber crime?

Criminal activity that utilizes as element of a computer or computer network.

Cyber crime is the latest and perhaps the most complicated problem in the cyber world.

Cyber crime may be said to be those species, of which, genus is the conventional crime, and

where either the computer is an object or subject of the conduct constituting crime” Crime is

a social and economic phenomenon and is as old as the human society. Crime is a legal

concept and has the sanction of the law. Crime or an offence is “a legal wrong that can be

followed by criminal proceedings which may result into punishment.”

A crime may be said to be any conduct accompanied by act or omission prohibited by law

and consequential breach of which is visited by penal consequences

Examples Include:

Cyber-extortion

Information theft

Fraud

Identity theft

Exploitation of children

Intellectual property theft

Phishing and Vishing

Definition:

Any criminal activity that uses a computer either as an instrumentality, target or a means for

perpetuating further crimes comes within the ambit of cyber crime”

“ unlawful acts wherein the computer is either a tool or target or both”

“Illegal computer-mediated activities that can be conducted through global electronic

networks”

Reasons For Cyber Crime:

Hart in his work “The Concept of Law” has said ‘human beings are vulnerable so rule of law

is required to protect them’. Applying this to the cyberspace we may say that computers are

vulnerable so rule of law is required to protect and safeguard them against cyber crime. The

reasons for the vulnerability of computers may be said to be:


5

1. Capacity to store data in comparatively small space-

The computer has unique characteristic of storing data in a very small space. This affords

to remove or derive information either through physical or virtual medium makes it much

easier.

2. Easy to access-

The problem encountered in guarding a computer system from unauthorised access is that

there is every possibility of breach not due to human error but due to the complex

technology. By secretly implanted logic bomb, key loggers that can steal access codes,

advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass

firewalls can be utilized to get past many a security system.

3. Complex-

The computers work on operating systems and these operating systems in turn are

composed of millions of codes. Human mind is fallible and it is not possible that there

might not be a lapse at any stage. The cyber criminals take advantage of these lacunas

and penetrate into the computer system.

4. Negligence-

Negligence is very closely connected with human conduct. It is therefore very probable

that while protecting the computer system there might be any negligence, which in turn

provides a cyber criminal to gain access and control over the computer system.

5. Loss of evidence-

Loss of evidence is a very common & obvious problem as all the data are routinely

destroyed. Further collection of data outside the territorial extent also paralyses this

system of crime investigation.

Cyber Criminals

The cyber criminals constitute of various groups/ category. This division may be justified on

the basis of the object that they have in their mind. The following are the category of cyber

criminals-


6

1. Children and adolescents between the age group of 6 – 18 years –

The simple reason for this type of delinquent behaviour pattern in children is seen mostly

due to the inquisitiveness to know and explore the things. Other cognate reason may be

to prove them to be outstanding amongst other children in their group. Further the

reasons may be psychological even. E.g. the BAL Bahrain (Delhi) case was the outcome

of harassment of the delinquent by his friends.

2. Organised hackers-

These kinds of hackers are mostly organised together to fulfil certain objective. The

reason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to

be one of the best quality hackers in the world. They mainly target the Indian government

sites with the purpose to fulfil their political objectives. Further the NASA as well as the

Microsoft sites is always under attack by the hackers.

3. Professional hackers / crackers –

Their work is motivated by the colour of money. These kinds of hackers are mostly

employed to hack the site of the rivals and get credible, reliable and valuable information.

Further they are van employed to crack the system of the employer basically as a measure

to make it safer by detecting the loopholes.

4. Discontented employees-

This group include those people who have been either sacked by their employer or are

dissatisfied with their employer. To avenge they normally hack the system of their

employee.

Mode and Manner of Committing Cyber Crime

1. Unauthorized access to computer systems or networks / Hacking-

This kind of offence is normally referred as hacking in the generic sense. However the

framers of the information technology act 2000 have no where used this term so to avoid

any confusion we would not interchangeably use the word hacking for ‘unauthorized

access’ as the latter has wide connotation.


7

2. Theft of information contained in electronic form-

This includes information stored in computer hard disks, removable storage media etc.

Theft may be either by appropriating the data physically or by tampering them through

the virtual medium.

3. Email bombing-

This kind of activity refers to sending large numbers of mail to the victim, which may be

an individual or a company or even mail servers there by ultimately resulting into

crashing.

4. Data diddling-

This kind of an attack involves altering raw data just before a computer processes it and

then changing it back after the processing is completed. The electricity board faced

similar problem of data diddling while the department was being computerised.

5. Salami attacks-

This kind of crime is normally prevalent in the financial institutions or for the purpose of

committing financial crimes. An important feature of this type of offence is that the

alteration is so small that it would normally go unnoticed. E.g. the Ziegler case wherein a

logic bomb was introduced in the bank’s system, which deducted 10 cents from every

account and deposited it in a particular account

6. Denial of Service attack-

The computer of the victim is flooded with more requests than it can handle which cause

it to crash. Distributed Denial of Service (DDOS) attack is also a type of denial of service

attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo.

7. Virus / worm attacks-

Viruses are programs that attach themselves to a computer or a file and then circulate

themselves to other files and to other computers on a network. They usually affect the

data on a computer, either by altering or deleting it. Worms, unlike viruses do not need

the host to attach themselves to. They merely make functional copies of themselves and

do this repeatedly till they eat up all the available space on a computer's memory. E.g.

love bug virus, which affected at least 5 % of the computers of the globe. The losses were

accounted to be $ 10 million. The world's most famous worm was the Internet worm let


8

loose on the Internet by Robert Morris sometime in 1988. Almost brought development

of Internet to a complete halt.

8. Logic bombs-

These are event dependent programs. This implies that these programs are created to do

something only when a certain event (known as a trigger event) occurs. E.g. even some

viruses may be termed logic bombs because they lie dormant all through the year and

become active only on a particular date (like the Chernobyl virus).

9. Trojan attacks-

This term has its origin in the word ‘Trojan horse’. In software field this means an

unauthorized programme, which passively gains control over another’s system by

representing itself as an authorised programme. The most common form of installing a

Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film

director in the U.S. while chatting. The cyber criminal through the web cam installed in

the computer obtained her nude photographs. He further harassed this lady.

10. Internet time thefts-

Normally in these kinds of thefts the Internet surfing hours of the victim are used up by

another person. This is done by gaining access to the login ID and the password. E.g.

Colonel Bajwa’s case- the Internet hours were used up by any other person. This was

perhaps one of the first reported cases related to cyber crime in India. However this case

made the police infamous as to their lack of understanding of the nature of cyber crime.

11. Web jacking-

This term is derived from the term hi-jacking. In these kinds of offences the hacker gains

access and control over the web site of another. He may even mutilate or change the

information on the site. This may be done for fulfilling political objectives or for money.

E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the

Pakistani hackers and some obscene matter was placed therein. Further the site of

Bombay crime branch was also web jacked. Another case of web jacking is that of the

‘gold fish’ case. In this case the site was hacked and the information pertaining to gold

fish was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus

web jacking is a process where by control over the site of another is made backed by

some consideration for it.


9

Understand the Fundamentals

Internet has offered us a much more convenient way to share information across time and

place.

Cyberspace also opened a new venue for criminal activities.

Cyber attacks

Distribution of illegal materials in cyberspace

Computer-mediated illegal communications within big crime groups or terrorists

Cyber crime has become one of the major security issues for the law enforcement

community.

The anonymity of cyberspace makes identity tracing a significant problem which hinders

investigations.

Classification of Cyber crime

1. Computer as Target

2. Computer as an instrumentality

3. Computer as an incidental or other crime

4. Crime associated with the prevalence of computers.

The above categories are not isolated compartments. Crime may often spill over from one

category to the other.

1. Computer As A Target Of A Crime

Physical damage,

Theft or destruction of information (data).

The spread of viruses, worms,

Software piracy, hacking etc.

A computer virus is a self-replicating computer program written to alter the way a

computer operates, without the permission or knowledge of the user

2. Computer as an instrumentality

This category include such crimes were either computers or their contents bare used in

furtherance of crime or those offences which are committed by manipulating contents of

computer systems. They could include sending e-mails, ransom notes or manipulating

computer contents for credit card frauds telecommunication frauds or theft.


10

3. Computer as incidental or other crime

This category includes conventional crimes, and with the advent of computer the criminal

have started using the technology as an aid for its perpetuation. They include use of

computers as an aid for drug trafficking, money laundering, child pornography etc

4. Crime associated with the prevalence of computers.

Copyright violation,

Software piracy,

Component theft etc.

Why Learn About Cyber Crime

Everybody is using Computers.

From white collar criminals to terrorist organizations And from Teenagers to Adults.

Conventional crimes like Forgery, extortion, kidnapping etc. Are being committed with

the help of computers.

New generation is growing up with computers.

Most Important - Monetary transactions are moving on to the Internet.

Types of Cyber Crime

Hacking

Denial Of Service Attack

Virus Dissemination

Software Piracy

Pornography

IRC Crime

Credit Card Fraud

Net Extortion

Phishing

Spoofing

Cyber Stalking

Cyber Defamation

Threatening

Salami Attack.


11

HACKING

Hacking in simple terms means illegal intrusion into a computer system without the

permission of the computer owner/user.

DENIAL OF SERVICE ATTACK

This is an act by the criminal, who floods the bandwidth of the victim's network or fills

his e-mail box with spam mail depriving him of the services he is entitled to access or

provide

VIRUS DISSEMINATION

Malicious software that attaches itself to other software% (virus, worms, Trojan Horse,

Time bomb, Logic Bomb, Rabbit and Bacterium are the malicious software)

SOFTWARE PIRACY

Theft of software through the illegal copying of genuine programs or the counterfeiting

and distribution of products intended to pass for the original. Retail revenue losses

worldwide is ever increasing due to this crime can be done in various ways End user

copying, Hard disk loading, Counterfeiting, Illegal downloads from the internet etc.

PORNOGRAPHY

Pornography is the first consistently successful e- commerce product. Deceptive

marketing tactics and mouse trapping technologies Pornography encourage customers to

access their websites. Anybody including children can log on to the internet and access

websites with pornographic contents with a click of a mouse. Publishing, transmitting any

material in electronic form which is lascivious or appeals to the prurient interest is an

offence under the provisions of section 67 of I.T. Act -2000.

IRC CRIME

Internet Relay Chat (IRC) servers have chat rooms in which people from anywhere the

world can come together and chat with each other Criminals use it for meeting co-

conspirators. Hackers use it for discussing their exploits I sharing the techniques

Pedophiles use chat rooms to allure small children Cyber Stalking - In order to harass a

woman her telephone number is given to others as if she wants to befriend males.


12

CREDIT CARD FRAUD

You simply have to type credit card number into www page of the vendor for online

transaction if electronic transactions are not secured the credit card numbers can be stolen

by the hackers who can misuse this card by impersonating the credit card owner.

Credit card skimmer


13

NET EXTORTION

Copying the company's confidential data in order to extort said company for huge amount

PHISHING

It is technique of pulling out confidential information from the bank/financial

institutional account holders by deceptive means

PHISHING EMAIL

From: *****Bank [mailto:support@****Bank.com]

Sent: 08 June 2004 03:25

To: India

Subject: Official information from ***** Bank

Dear valued ***** Bank Customer!

For security purposes your account has been

Randomly chosen for verification. To verify

Your account information we are asking you to

Provide us with all the data we are requesting.

Otherwise we will not be able to verify your identity

And access to your account will be denied. Please click

On the link below to get to the bank secure

Page and verify your account details. Thank you.

https://infinity.*****bank.co.in/Verify.jsp

****** Bank Limited

SPOOFING

Getting one computer on a network to pretend to have the identity of another computer,

usually one with special access privileges, so as to obtain access to the other computers

on the network.

CYBER STALKING

The Criminal follows the victim by sending emails, entering the chat rooms frequently.

CYBER DEFAMATION

The Criminal sends emails containing defamatory matters to all concerned of the victim

or post the defamatory matters on a website.


14

THREATENING

The Criminal sends threatening email or comes in contact in chat rooms with Victim.

(Any one disgruntled may do this against boss, friend or official)

SALAMI ATTACK

In such crime criminal makes insignificant changes in such a manner that such changes

would get unnoticed. Criminal makes such program that deducts small amount like Rs.

2.@0 per month from the account of all the customer of the Bank and deposit the same in

his account. In this case no account holder will approach the bank for such small amount

but criminal gains huge amount.

SALE OF NARCOTICS

Sale & Purchase through net. There are web site which offers sale and Shipment of

contrabands drugs. They may use the techniques of stenography for hiding the messages.

Email related crime

1. Email spoofing

2. Sending malicious codes through email

3. Email bombing

4. Sending threatening emails

5. Defamatory emails

6. Email frauds


15

Case Studies

Case No.1

Police Station – Vishrambaug (Emphasis)

G.R.N . 91/05 IPC No 467, 468, 471, 419, 420, 379, 34 with law of information &

Technology No. 66

Petitioner - Jay fin Robert Disuse

Criminals -

1) Ivan Samuel Thomas

2) Sheila’s Chanddrakant Burrower

3) Bijou Alexander

4) Siddhartha Mehta

5) Stephen Daniel

6) Marlin Fernandez

7) Prim john Phil poses

8) Soundharajan Jamaican

9) Jinee George

10) Stash Para

11) John Varghese

Incident- Date 25/1/2005 to 4/4/2005 time to time

Filed On 5/4/05 at 17:15

Evident Officer- Sanjay Judah Asst Police Commissioner (Fin & Cyber)

Crime Branch, Pune

Short Story- In the last week of March 2005, Vice Chairman of City Bank notified that

Rs.1,86,23,761(4,27,061 American Dollars) from some of the A/c holders of City Bank

of America have been transferred to various banks in Pune. The Above amount has not

been deposited in Pune Bank.


16

Finding- After the case has filed , the bank in which the amount has been transferred ,

those banks has to intimated in writing that if some one comes to enquire about deposit

of money in the particular bank amount to be intimated to Police immediately.

1. Accordingly Rupees Bank Rajendranagar branch, Pune reported that two person

came for the enquiry

2. Immediately sent a Police squad and two persons taken in custody. The name

were:-

Vim Samuel Thomas

Sheila’s Burrower

3. In the enquiry, Ivan Thomas was working in BPO Company in Pune named

Emphasis (This company runs a customer care centre to give service to the City

bank account holders in America). His other Colloquies Bijou Alexander,

Siddhartha Mehta, Stephen Daniel, Marlin Fernandez have procured ATM Cards

lose as well as their PIN codes Social Security Number and authorized E-mail Id

Of 5 Account holders of City Bank by doing Social Engineering . After that they

have transferred Rs.1 Cr 86 lace in various banks in Pune by using wire transfer’s

facility. This facility is being used to transfers the amount through internet. When

you go to City banks website, choose option wire transfer. Then put user ID &

password, automatic code is generated. This code is being sent to the authorized

E-mail Id of account holder. Then this code is sent to wire transfer page. Then

only the account is being accessed to the particular account holder.

4. All the hard disks of those cyber café from where the amount has been transferred

were ceased. Also the full information of E-mail Id from where automatic code

was taken with full header was noted.

5. The above criminal has opened fake accounts in various banks supporting proofs

have been taken from the banks.

The crime report has been submitted against criminals.

Result Waited.


17

Case No.2

Police station- Decca Gymkhana

G.R.N 199/07 IPC Code. 420, 467, 468, 34 with law of information & technology of 2000 cool

43, a, b, h 66 & 72

Petitioner- Sunil Marianna Made age 32 yrs occupation- service (Rise manager HDFC stargaze,

pane) Residential Address B-402 Uttamnagar, Pune-23

Criminal- Moil Laming Harkin Age-30 Residential Address- Ignore Rd near Vidyasagar High

school, Naphtha, Delhi

Native- Churchyard Poor Lama, at & Post Bethel, Manipur

Incident- 24/4/2007 between 15:45 to 16:00 at Rank Jewelers carve Rd, Pune.

Case filed- 24/04/07 at 23:00 hrs

Evident officer- Entail Shined Asst. Police Commissioner (Fin & cyber) crime Branch Pune.

Short Story- Criminal lady & her colloquies 1) Utahan 2)Nepali man 3) Lady named Mara all

together on 24/04/07 between 15:45 to 16:00 hrs at Rank Jewelers, Carve Rd Pane Purchased By

using HDFC Bank credit card, but this card belongs to Missoula Federal union, USA bank. This

was found through Risk monitoring system and also found that the card wad fakes. On the spot

lady was arrested, but her other colleagues ran away.

Finding- Lady Criminal was found with Chinese passport on the name of Talon Eyeing. On that

immigration stamps of Indonesia, Australia, Germany were found, criminal lady was found with

credit cards of five banks on Talon Eyeing.

1. Sent a letter to Aortal, Hutch, Idea & Tate to get the information of criminal’s mobile no

9967674094 & her colleagues mob no

2. Sent a letter to bank for getting information of credits cards holders

3. To verifying reality of passport consumer Chennai, Embassy Mumbai has been

approached by sending letter.

4. Take statements of Mosaic Palace, Shirted Rd Pane where criminals & her colleagues

were staying. And also taken the statements of manager & owner of Rank Jewelers.

5. Came to know though HDFC, HSBC and Standard Charted Bank that the criminal lady

holding the credit cards is of Missoula Federal Credit Union, USA.


18

6. Sent a letter to Police commissioner Chennai for information as the criminal passport was

emigration stamped by Chennai passport.

7. Sent a wireless to south Manipur Police to get address proof and character information.

8. Sent a Police squad to Delhi for searching for other criminals.

9. Regarding Passport, fax received from Embassy of china that concerned passport was

from Hong Kong Special Administrative region and wad expired on 10th Sep 2003.

10. Received Information from Manipur police by wireless is as below-

Lady Name- Neural Moil Hop kip

Occupation- Service in private company in Delhi Married with Sri Sensing, Resident Chore,

Sandspur

Marital Status- 2 Daughters. Etc

After sending criminal reports the court the criminal lady was punished by the court.


19

Case No- 3

Police Station - Yawed

G.R.N - 2/8/08 C B V 403419420

Applicant - Swap nil Deli Sail Age 30 Son 401/r

Balladic VadyanNagar Vadgensheri Pune 14

Accursed - Yogis Chowder Chennai

Applied on - on 25/3/08 Use of credit card stolen.

Enquiry Officer - Kristi Kumar Patel PSI

Short Story- Yogis has purchased Air tickets on 28/3/08 for Rs.18, 596.10.

Swap nil has City Bank credit card he take online accounts statements, he has seen on 24/4/08 at

a bill of Rs.18596.10 as a transaction done on 28/3/08 from Makemytripe.com & Airdeccan.com

Yogis has taken the tickets.

Enquiry- Used mail ID [email protected]

[email protected]

[email protected]

As like this Full IP Address needed.

1. To find out whose IP is This by Domain Tool get name Isaac Telecom India Put Ltd.

Sutra

2. Send Letter to Ibarra to enquire to whom this IP Address is Given Get Information Of IP

Address 123.201.56.193 is dynamic and given to Yogis Chowdery Chennai

3. Mobile use in No 9884214361, 9789943185 get details of this phones & phone calls from

Manager Airtal & Manager Hutch.

4. Visit to Chennai to find out Yogis.

5. Caught him at Chennai he deterrent he has done this crime.

mailto:[email protected]




20

Case No.4

Police Station- Koshered G.R.N 00107 BDV 509 information Security Act 5.67

Apply by - Miss Sanity Koshered Pane

Against - Miss Lisa and Pane

Happened on- Before 26/06/07 12:30

Recorded on- 28/06/07 5:00 PM

Short Story- Before 26/06/07 someone stolen password of email Id of Sanity & profile XYZ

Rout website and produce some very bad Exposition on website.

Director- Net Shined PSI

Enquiry- Send all database link Rout website prepared by Name on what date, Time , IP

Address to Google company by e-mail.Saniya get knowledge from friends that there is some bad

things on Rout by Lisa Cornello.Saniya before 3 to 4 weeks try to prepare new Account

[email protected]. On that website the bad topic is profiled again. Visited to sanity’s residence

checked her computer whiter there is any virus or not. Send Read notify to Sanity for stolen by

anybody her password at [email protected]. Read Information from Google 3/7/09.

Profile prepared by Sanity was as follows:-

E-mail Profile email Id [email protected]

IP Address 59.161.3.66 on 8/5/07 4IS GMT.

Secondary email Id LisaCornello@ yahoo.co.in

Trace out all information from above address.

Received following information from Yahoo on 14/5/09 at 9:36:14 [email protected]

and IP Address 219.64.160.136 has been prepared .On 5/5/07 3:36:4 [email protected]

Email ID and IP Address 59.169.3.66 prepared on 8/05/07

Let following information for Domain tools

File Number- 12345678

Name - Lisa

Phone - 122344568

Address- And Pane

Red on Lisa Residence makes all necessary Police Action. Story is Lisa & Sanity were friends

being affairs with Shoed. The Police ceased the Hard disk & CPU sent it to forensic lab.

Lisa was punished by 2 yrs prison & 2, 75,000 cash fine.







21

Characteristics of Computer Crime

Silent in Nature: Computer crime could be committed in privacy without reaching to

scene of crime physically i.e. any eye witnesses. There are no signs of physical violence

or struggle.

Global in character: No national borders. By sitting comfortably far away from the

country the entire economy of the country could be destroyed. As digital evidences are

fragile in nature one has to respond quickly.

Non existence of Physical Evidence: No physical evidence to indicate that crime has been

committed. Only on a closer look the trained person could find out the evidences which

are not in the traditional format but are in digital format.

Creates high Impact: Impact is severe and may be long term. It can damage the victim

system permanently. Loss of good will.

High Potential and Easy to Perpetrate: A software developer who did not get enough

money or good job would turn to criminal world for their survival. Therefore, the

computer crimes have a potential to increase. Hence organized mafia may enter into this

sector.

Prevention of Cyber Crime:

Prevention is always better than cure. It is always better to take certain precaution while

operating the net. A should make them his part of cyber life. Saileshkumar Zackary, technical

advisor and network security consultant to the Mumbai Police Cyber crime Cell, advocates the

5P mantra for online security: Precaution, Prevention, Protection, Preservation and Perseverance.

A bedizen should keep in mind the following things-

1. To prevent cyber stalking avoid disclosing any information pertaining toone. This is as good as disclosing your identity to strangers in publicplace.

2. Always avoid sending any photograph online particularly to strangers andchat friends as there have been incidents of misuse of the photographs.

3. Always use latest and up date anti virus software to guard against virusattacks.

4. Always keep back up volumes so that one may not suffer data loss in caseof virus contamination

5. Never send your credit card number to any site that is not secured, toguard against frauds.


22

6. Always keep a watch on the sites that your children are accessing toprevent any kind of harassment or depravation in children.

7. It is better to use a security programme that gives control over the cookiesand send information back to the site as leaving the cookies unguardedmight prove fatal.

8. Web site owners should watch traffic and check any irregularity on thesite. Putting host-based intrusion detection devices on servers may do this.

9. Use of firewalls may be beneficial.

10. Web servers running public sites must be physically separate protectedfrom internal corporate network.

Adjudication of a Cyber Crime - On the directions of the Bombay High Court the CentralGovernment has by a notification dated 25.03.03 has decided that the Secretary to theInformation Technology Department in each state by designation would be appointed asthe AO for each state.


23

QUESTIONNAIRE

QUESTIONNAIRE RELATED TO THE RECOMMENDATIONS FROM THE FOURTH

MEETING OF GOVERNMENTAL EXPERTS ON CYBER-CRIME

1. In which of the following areas does our country have existing cyber-crimelegislation in place?

a) IT act Cyber laws (e.g., laws prohibiting online identity theft, hacking,intrusion into computer systems, child pornography): Yes ___ No ___

If yes, please list and attach copies of all such legislation, preferably in electronicformat if possible:

65 – Code Modification

66 – Hacking

67 – Pornography

b) Procedural cyber-crime laws (e.g., authority to preserve and obtain electronicdata from third parties, including internet service providers; authority tointercept electronic communications; authority to search and seize electronicevidence): Yes ___ No ___


41 CRPC

42 CRPC

100 CRPC

78 – Search and seize

80 – All police rights.

c) Mutual legal assistance related to cyber-crime: Yes ___ No ___


They need only Technical help during case investigation.


24

2. Please identify whether the following forms and means (1) occur frequently, (2) occurinfrequently, or (3) have not occurred, by placing an “X” as appropriate in thefollowing table:

Forms andMeans ofCyber- Crime

OccurFrequently

OccurInfrequently

Has notOccurred

Online identitytheft (includingphasing andonline traffickingin false identityinformation)Hacking (illegalintrusion intocomputersystems; theft ofinformation fromcomputersystems)Malicious code(worms, viruses,malware and spyware)Illegalinterception ofcomputer data

Onlinecommission ofintellectualproperty crimesOnline traffickingin childpornography

Intentionaldamage tocomputer systemsor dataOthers


25

a) In addition, to the above, if there are any other forms and means of cyber-crime that have occurred (either frequently or infrequently) in our country,please identify them as well as the frequency with which they occur in thefollowing table.

Forms and Meansof Conduct

Occur Frequently Occur Infrequently

Cheating Threatening

Cyber Stalking

Credit card fraud

Copy Right

Source Code

3. Does our country have any concrete experiences with respect to strengthening therelationship between the authorities responsible for investigating and/or prosecuting cyber-crimes, and internet service providers that may be shared with other States as a best practicein this area? Yes No ___

If yes, please explain: ISP’s meeting, Bank models meeting cyber committeeregular basic interaction.

4. Has our country identified, created, or established a unit or entity specifically chargedwith directing and developing the investigation of cyber-crimes? Yes No

If yes, please provide the following information: CBI Crime cell, CID

The institution to which the unit/entity belongs: POLICE

The number of officers or investigators in the unit/entity: 4-5

If such a unit/entity has been created or established, are its functions dedicatedexclusively to the investigation of cyber-crimes? Yes No ___

If no, what other types of offenses or crimes is this unit/entity responsible forinvestigating and/or prosecuting?

5. Has our country identified, created, or established a unit or entity specifically charged withdirecting and developing the prosecution of cyber-crimes? Yes ___ No


26

Relevance of Evidence

Main purpose of investigation of any crime is to collect sufficient & legally admissible

evidence to ensure conviction of offenders.

Requirements of evidence in Cyber Crimes are not different but its nature has made

collection of Evidence a specialized job.

Evidence Act & rules already in existence were considered not sufficient; so IT Act, 2000

made extensive changes in Indian Evidence Act, 1872

Indian Evidence Act (Amended)

3. Evidence - "Evidence" means and includes:

All documents including electronic records produced in Court are called documentary

evidence.

“Electronic records” has the same meaning as assigned in IT Act,2000, i.e.:

image or sound stored, received or sent in an electronic form; or

micro film or computer generated micro fiche;

17. Admission defined - An admission is a statement, oral or documentary or contained in

electronic form which suggests any inference as to any fact in issue or relevant fact.

27. How much of information received from accused may be proved - When any fact is

discovered in consequence of information received from a person accused of any offence,

in the custody of a police officer, so much of such information, as relates distinctly to the

fact thereby discovered, may be proved.

When oral admission as to contents of electronic records is relevant:

22A. Oral admissions as to the contents of electronic records are not relevant, unless the

genuineness of the electronic record produced is in question.

59. Proof of facts by oral evidence - All facts, except the contents of documents or

electronic records, may be proved by oral evidence.

39. How much evidence to be given when statement forms part of electronic record:

When any statement of which evidence is given forms part of an electronic record, then


27

Evidence shall be given of so much and no more of the electronic record, as the Court

considers necessary in that particular case to the full understanding of the nature and

effect of the statement, and of the circumstances under which it was made.

Opinion as to digital signature where relevant.

47A. When the Court has to form an opinion as to the digital signature of any person, the

opinion of the Certifying Authority which has issued the Digital Signature Certificate is a

relevant fact.

Proof as to digital signature.

67A. Except in the case of a secure digital signature, if the digital signature of any

subscriber is alleged to have been affixed to an electronic record, the fact that such digital

signature is the digital signature of the subscriber must be proved.

Proof as to verification of digital signature.

73A. In order to ascertain whether a digital signature is that of the person by whom it

purports to have been affixed, the Court may direct-

That person or the Controller or the Certifying Authority to produce the Digital

Signature Certificate;

Any other person to apply the public key listed in the Digital Signature Certificate

and verify the digital signature purported to have been affixed by that person.

Admissibility of electronic records.

65B. (1) Any information contained in an electronic record which is printed on a paper,

stored, recorded or copied in optical or magnetic media produced by a computer shall be

deemed to be also a document, if certain conditions are satisfied.

It shall be admissible in any proceedings, without further proof or production of the

original, as evidence of any contents of the original or of any fact stated therein of

which direct evidence would be admissible.


28

65 B (2) The conditions are as following:

The computer output was produced during the period when it was used regularly to

store or process information for the purposes of any activities regularly carried on by

a person having lawful control over the computer;

During the said period, information of the kind contained in the electronic record or

of the kind from which the information so contained is derived was regularly fed into

the computer in the ordinary course of the said activities;

65(c) throughout the said period, computer was operating properly or, if not, then that

part of the period was not such as to affect the electronic record or the accuracy of its

contents

65(d) the information contained in the electronic record reproduced or is derived from

such information fed into the computer in the ordinary course of the said activities.

Presumption as to electronic agreements.

85A The Court shall presume that every electronic record purporting to be an agreement

containing the digital signatures of the parties was so concluded by affixing the digital

signature of the parties.

Presumption as to electronic records and digital signatures:

85B. (1) the Court shall presume that the secure electronic record has not been altered

since the specific point of time to which the secure status relates.

(2) In proceedings involving secure digital signature, the Court shall presume that the

secure digital signature is affixed by subscriber with the intention of signing or approving

the electronic record.

Presumption as to electronic messages:

88A. The Court may presume that an electronic message forwarded by the originator

through an electronic mail server to the address to whom the message purports to be

addressed corresponds with the message as fed into his computer for transmission;


29

But the Court shall not make any presumption as to the person by whom such message

was sent.

Presumption as to electronic records five years old.

90A. Where any electronic record, purporting or proved to be five years old, is produced

from any custody which the Court in the particular case considers proper, the Court may

presume that the digital signature which purports to be the digital signature of any

particular person was so affixed by him or any person authorized by him in this behalf.

Recent Amendments

The Information Technology (Amendment) Bill, 2008 (Bill No.96-F of 2008) was passed

by the Look Saba on 22-12-2008 and by the Raja Saba on 23-12-2008.

It received His Excellency President’s assent on 5th February, 2009.

The date, from which the amendments are to be applicable, is yet to be notified.

Important Amendments to ITS Act

In Section 43, two new offences added:

Destroying, deleting or altering information in a computer resource to diminish its

value.

Stealing, concealing or destroying any computer source code with intention to cause

damage.

Sec. 66 has been replaced providing that if any of the acts mentioned in Section 43 was

done dishonestly or fraudulently, it is punishable with 3 Years Imprisonment or Fine of

Rs.5.00 Lacs or with both.

A new Sec.66A is added providing for three years imprisonment and fine for sending:

Offensive or menacing information; or

False information for causing insult, injury, intimidation, hatred or ill-will; or

E-mail causing annoyance or to deceive or misled recipient about the origin of that e-

mail


30

Section 66B makes it an offence to dishonestly receive or retain any stolen computer

resource or communication device which is punishable with 3 years imprisonment or fine

unto Rs. 1.00 Lac.

Dishonest use of Electronic Signatures, password or identification feature invites

punishment up to 3 years and fine up to Rs. 1.00 Lac (Section 66C)

Impersonation with the help of computer or communication device will result in 3 years

imprisonment and fine unto Rs.1.00 Lac (Section 66D)

Violation of privacy by way of sending electronic visual images of private parts of body

is also punishable with 3 years’ imprisonment or fine unto Rs. 1.00 Lac. (Section 66E).

Cyber Terrorism is defined in Section 66F:

Whoever threatens the unity, integrity, security or sovereignty of India or strike terror in

people by:

Denying access to computer resource; or

access computer resource without authority; or

Introduce any computer contaminant

and causes death or destruction of property; or

Penetrates restricted computer resources or information affecting sovereignty, integrity,

friendly relations with foreign states, public order, decency, contempt of court,

defamation or to the advantage of foreign state or group of persons.

It is punishable with imprisonment unto life

Obscenity has been defined in new Section 67 punishable with imprisonment for 3 years

with fine unto Rs. 5.00 Lacs for first offence and imprisonment for 5 years with fine unto

Rs. 10.00 Lacs for subsequent offence.

Section 67A deals with publishing or transmitting sexually explicit material which is

punishable with 5 years imprisonment & fine unto 10.00 Laces for first offence and for

subsequent offence, imprisonment unto 7 years with fine unto 10.00 Lacs.

Child Pornography has been made a separate offence in Section 67B punishable with 5

years imprisonment & fine unto 10.00 Laces for first offence and for subsequent offence,

imprisonment unto 7 years with fine unto 10.00 Lacs.


31

Section 69 has been redrafted enabling Government agencies to intercept, monitor or

decrypt any electronic information with the help of subscribers, intermediary or person in

charge of computer resources.

Non-cooperation by any of the above invites imprisonment up to 7 years with fine.

69A: Government gets power to issue directions for blocking for public access of any

information through any computer resource.

An intermediary who fails to comply with directions in this regard shall be punished with

imprisonment up to 7 years with fine.

sss69B: For cyber security, Government may order any intermediary to allow access to

any computer resources and violation results in imprisonment up to 3 years with fine.

Sec.72A provides for punishment for disclosure of information in breach of lawful

contract extending up to 3 years or fine to the tune of Rs. 5.00 Lacs or with both.

Section 77: confiscation, compensation awarded or penalty imposed does not come in the

way of penalty, punishment or compensation under any other Act.

Compounding of offences with punishment up to 3 years allowed subject to the

conditions that accused has no previous conviction or the offence does not affect the

socio-economic conditions or it was not committed against a child or a woman.

Sec. 77B prescribes that notwithstanding CRPC:

Offence punishable with imprisonment of 3 years and above is cognizable.

Offence punishable with imprisonment up to 3 years is bail able.

Power to investigate Cyber Crimes has been now vested in Inspectors in place of Dy.S.P.

Office of Government Examiner of Electronic Evidence is to be established. (Section

79A).

Important Amendments to IPC

Jurisdiction is not bounded by Country’s boundaries if the target is a computer resource

located in India. Section 4(3)

Any act done anywhere in the world is an offence if the said act, if committed in India is

an offence. Explanation (a) to Section 4

Voluntary concealment of existence of a design by encryption or any other information

hiding tool is an offence.

The words ‘Digital Signatures” have been replaced with “Electronic signatures”.


32

Important Amendments to CRPC

Opinion of Examiner of Electronic Evidence has been made relevant. (Section 45A)

Examiner is to be treated as an Expert.

Examiner is too examined like any other expert from CFSL or other Labs.

Words ‘Digital Signature” is to be replaced by “Electronic Signature”.

Our Analysis

As we all have seen all the crimes done with the help of computer or technology,

Has become very serious issue now – days. And victim can be anybody a naïve person or even a

tech savvy personal can be a victim. So from above cyber crime conducted we can conclude the

to counter these crime the end user should be educated about these cyber crimes. And he/she

should be cautious in checking his/her e-mails, or when downloading files/ software. They

should even change their password after 45 days, and also set a strong password with

alphanumeric and special characters used in it, should never used the Administrator account if

not required. Always updated the Antivirus. Try keeping licence copy of the software used by

the user. Try to secure his/her network both LAN and wireless.

Conclusion:

Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the

cyber space. It is quite possible to check them. History is the witness that no legislation has

succeeded in totally eliminating crime from the globe. The only possible step is to make people

aware of their rights and duties (to report crime as a collective duty towards the society) and

further making the application of the laws more stringent to check crime. Undoubtedly the Act is

a historical step in the cyber world. Further I all together do not deny that there is a need to bring

changes in the Information Technology Act to make it more effective to combat cyber crime. I

would conclude with a word of caution for the pro-legislation school that it should be kept in

mind that the provisions of the cyber law are not made so stringent that it may retard the growth

of the industry and prove to be counter-productive.


33

Establishment of PUNE Cyber Cell

It was established on 1st July 2003, under this department there our following officers involved:

Police Commissioner

Two Asst. Police Commissioner

Two Sub Inspector

And ten constables in the team.

In the year 2008 there were 63 cases got registered. And between 2003-2008 total numbers of

cases registered with Police were 452.

Police Station under IT Act 2000

Year 2001 2002 2003 2004 2005 2006 2007 2008 2009 total

Total 03 04 09 06 10 10 13 08 09 72

In year 2008 the Cyber Crime Cell has solved 15 cases.

Cyber Crime Cell

Year 2003 2004 2005 2006 2007 2008 2009 Total

Total 05 30 32 79 99 207 92 544

Pune Cyber Lab

On 20th January Pune Cyber Lab was established with the collaboration Of NASSCOM, near

Shivaji Nagar in Pune. In this department there are 580 officers and 411 staffs in which members

of 76th Batch has been provided with cyber crime investigation training.

And 65 judges have attended the program/ training of cyber crime.


34

WHAT IS CYBER FORENSICS?

Cyber forensics discovery, analysis, and reconstruction of evidence extracted from any element

of computer systems, computer networks, computer media, and computer peripherals that allow

investigators to solve the crime.

Four Stages

Acquire

Authenticate

Analyze

Documentation


35

DIFFERENT TYPE’S OF STORAGE MEDIA

ELECTRONIC EVIDENCE PRECAUTIONS

Static Electricity

Magnetic Fields

Shock

Moisture


36

Computer Forensics:-

Computer forensics is a branch of forensic science pertaining to legal evidence found in

computers and digital storage mediums.

Computer forensics, also called cyber forensics, is the application of computer

investigation and analysis techniques to gather evidence suitable for presentation in a court of

law. The goal of computer forensic is to perform a structured investigation while maintaining a

documented chain of find out exactly what happened on a computer and who was responsible for

it.

Computer forensics experts investigate data storage devices, such as hard drives, USB

Drives, CD-ROMs, floppy disks, tape drives, etc., identifying sources of documentary or other

digital evidence, preserving and analyzing evidence, and presenting findings. Computer forensics

adheres to standards of evidence admissible in a court of law.

Electronic evidence considerations

Electronic evidence can be collected from a variety of sources. Within a company’s

network, evidence will be found in any form of technology that can be used to transmit or store

data. Evidence should be collected through three parts of an offender’s network: at the

workstation of the offender, on the server accessed by the offender, and on the network that

connects the both. Investigators can therefore use three different sources to confirm the data’s

origin.

Incident Response

An important part of computer forensics lies in the initial response to a computer crime. It

is at this point that the suspect computer and related devices are identified and prepared for the

forensic response. In a corporate environment, this is simply done by locating the perpetrator's

computer workstation and collecting a forensic image of the hard drive, and any related media.

In a criminal situation with a law enforcement response, the incident response involves the

proper serving of a search warrant and lawful collection of evidentiary media. While in some

corporate environments the computer is left behind, sometimes to give the impression that the

employee is not a targeted suspect, law enforcement will attempt to seize all computer related

material (bag and tag) and transfer it to a forensic laboratory for analysis.


37

Collecting Volatile Data

If the machine is still active, any intelligence which can be gained by examining the

applications currently open is recorded. If the machine is suspected of being used for illegal

communications, such as terrorist traffic, not all of this information may be stored on the hard

drive. If information stored solely in RAM is not recovered before powering down it may be lost.

This results in the need to collect volatile data from the computer at the onset of the response.

Imaging electronic media (evidence)

The process of creating an exact duplicate of the original evidenciary media is often

called Imaging. Using a standalone hard-drive duplicator or software imaging tools such as AIR,

the entire hard drive is completely duplicated. This is usually done at the sector level, making a

bit-stream copy of every part of the user-accessible areas of the hard drive which can physically

store data, rather than duplicating the file system. The original drive is then moved to secure

storage to prevent tampering. During imaging, a write protection device or application is

normally used to ensure that no information is introduced onto the evidentiary media during the

forensic process.

Forensic Analysis

All digital evidence must be analyzed to determine the type of information that is stored

upon it. For this purpose, specialty tools are used that can display information in a format useful

to investigators. Such forensic tools include: Brian Carrier's Sleuth Kit, Foremost and Smart. In

many investigations, numerous other tools are used to analyze specific portions of information.

Reasons for Evidence

Wide range of computer crimes and misuses

Non-Business Environment: evidence collected by Federal, State and local authorities for

crimes relating to:

Theft of trade secrets

Fraud


38

Extortion

Industrial espionage

Position of pornography

SPAM investigations

Virus/Trojan distribution

Homicide investigations

Intellectual property breaches

Unauthorized use of personal information

Forgery

Perjury

Computer related crime and violations include a range of activities including:

o Business Environment:

Theft of or destruction of intellectual property

Unauthorized activity-

Tracking internet browsing habits

Reconstructing Events

Inferring intentions

Selling company bandwidth

Wrongful dismissal claims

Sexual harassment

Software Piracy

Evidence Processing Guidelines

New Technologies Inc. recommends following 16 steps in processing evidence

They offer training on properly handling each step

o Step 1: Shut down the computer

Considerations must be given to volatile information

Prevents remote access to machine and destruction of evidence (manual or

ant-forensic software)

o Step 2: Document the Hardware Configuration of The System


39

Note everything about the computer configuration

prior to re-locating

o Step 3: Transport the Computer System to A Secure Location

Do not leave the computer unattended unless it is locked in a secure

location

o Step 4: Make Bit Stream Backups of Hard Disks and Floppy Disks

o Step 5: Mathematically Authenticate Data on All Storage Devices

Must be able to prove that we did not alter

any of the evidence after the computer

came into our possession

o Step 6: Document the System Date and Time

o Step 7: Make a List of Key Search Words

o Step 8: Evaluate the Windows Swap File

o Step 9: Evaluate File Slack

File slack is a data storage area of which most computer users are

unaware; a source of significant security leakage.

o Step 10: Evaluate Unallocated Space (Erased Files)

o Step 11: Search Files, File Slack and Unallocated Space for Key Words

o Step 12: Document File Names, Dates and Times

o Step 13: Identify File, Program and Storage Anomalies

o Step 14: Evaluate Program Functionality

o Step 15: Document Our Findings

o Step 16: Retain Copies of Software Used

Conclusion

Forensics is an extremely valuable tool in the investigation of computer security

incidents.

Considerable legal issues arise when investigating computer systems.

Intrusion Detection might support Computer Forensics in the future, and vice versa.

Documents

Cyber Crime Investigation and Cyber forensic