With the advancement of technology, computers internet access has reached every nook and corner of our country. Anyone and everyone with a working network connection now has access to the treasure trove of information that is the internet. The internet has thus become the largest and richest source of information there ever was. With even more systematic and highly refined search engines being developed, getting information- even though it might be restricted- has become easier than it ever was. This brings us to the subject of Cyber crime detection.
Ways To Deal With Different Cyber Crime(s)
This increase in the availability of the internet has also seen a proportional rise in the amount as well as the magnitude of internet related crimes. These are known as Cyber Crimes. These crimes can broadly be categorized into two parts:
- Cyber Crime(s) where computers act as a means.
- Cyber Crime(s)where computers are the targets.
Thus a bank fraud crime where the internet was used to get credit card information of others will be treated as a cyber crime, whereas a crime where a person’s computer is hacked into or is physically attacked will also be termed as a cyber crime.
The investigation process of such crimes is usually not the same as other crimes, as the evidence is often in an intangible form.
Also, cyber crimes usually transgress geographical boundaries. With the increase in the domain of the internet, it is now possible for a person sitting in Colombia to hack into someone’s account in Afghanistan. Therefore, to combat Cyber Crime, the CBI has created a specialized structure. This includes:
- Cyber Crimes Research and Development Unit (CCRDU)
- Cyber Crime Investigation Cell (CCIC)
- Cyber Forensics Laboratory
- Network Monitoring Centre
Cyber Crimes Research and Development Unit
The Cyber Crimes Research and development unit has been given the responsibility of keeping track of the developments and changes that take place in this ever changing area. This involves-
- Ensuring cooperation and tie-ups with the State Police forces.
- Collection of information about cases of cyber crime(s) reported to the police for investigation.
- To find out about the follow up actions takes by the investigating officer in each case.
- It also ties up with software experts to locate and identify areas where the attention of the state police is required.
- It entails the collection of information relating to cases that happened in other countries and preparation of a monthly cyber Crime Digest.
Cyber Crime Investigation Cell
The CCIC was established in the month of September 1999. However, it came into action only from March 2000. It acts as a part of the economic offences division and has an all India jurisdiction.
Thus, it can investigate cyber crimes under the I-T Act 2000. It is also a round-the-clock Nodal Point of contact for Interpol to report Cyber Crime(s) in India and is also a member of “Cyber Crime Technology Information Network System” Japan.
Cyber Forensics Laboratory
The CFL was established in the month of November’2003 and it takes care of the following functions:
- Providing media analysis in support of the criminal investigations by CBI and other Law Enforcement Agencies.
- Providing on-site assistance for computer search and seizure- upon request.
- Providing consultation on investigations or activities in which media analysis is probable or occurring.
- Providing expert testimony.
- Providing adequate Research and Development in Cyber Forensics.
The information so collected is to be used as evidence in court.
Therefore, to ensure that such evidence is admissible, it should be ensured that all formalities are followed properly. This means that any document(s) is seized in a legal manner and the chain of custody is not broken. Furthermore, the analysis so made should be made on a copy of the image and not on the actual original media file.
The purpose of the final organ of the cyber crime(s) department is to police the internet to ensure that certain cyber crime(s) can be stopped before their commission. For this purpose, the Network Monitoring Center has been provided with a Network Monitoring Tool, developed by I.I.T. Kanpur. It is also used to allow similar tools to achieve such a purpose.
Procedure For Search And Seizure Of Digital Evidence In The Process Of Cyber Crime Detection
The first thing that an Investigating officer has to do while initiating the search for evidence regarding Cyber Crime(s) is to create an advance plan for the search.
Such plan should include-
- The places that the officer is required to carry out such search in.
- The list of suspected computers or computer networks that might be investigated for the purpose.
In most cases, forensic scientists of the Forensic Science Laboratory will always accompany the Investigating Officers but in those cases where this is not possible, information may be collected regarding the type, make, model, operating system, network architecture, type and location of data storage, remote access possibilities etc. which can further be passed on to the Forensic Experts. As that would help making necessary preparation to collect and preserve evidence.
The 2nd step involves taking control of the location.
It should be ensured that the person who has been accused or who is suspected to have a hand in the crime is not allowed to gain access to the system, either physically or through the internet.
This means ensuring that the system is not accessed through any sort of network sharing, wi-fi, lan, mobiles or any such device. The investigating officer needs to be really alert and should take the help of an expert to ensure that the system remains isolated from any attempt at accessing it.
The Third step involves taking necessary precautionary steps to ensure that the investigation goes on flawlessly.
Before conducting the search, the Investigator needs to decide whether to seize the data on site or seize hardware for examination at a Computer Forensic Laboratory.
While on-site data seizure has the advantage, that one does not have to transport much hardware, one may need services of a Computer Forensic Expert to download data for analysis and preserve data for presenting it in the Court. In case of any doubt, he should make use of a Computer Forensics Specialist at the scene to determine whether one needs to seize data or seize hardware.
In case, a specialist is not available, it is recommended that the Investigating Officer seizes everything.
There will be occasions where it will not be possible to remove the computer system physically, and data might have to be copied to a different drive. In these cases, the Investigator or expert must carry necessary media, software, and other specialized items, as well as special packing materials which can prevent loss of data as data of magnetic media, can be destroyed by dust, jerks and electrostatic environment.
For such circumstances, the investigator should always carry with him the following tools:
- Disks or Cartridges as these are the tools that can be used to store copies of files from the computer in case the hardware can not be removed.
- Labels to label various different evidence like cables- where they plug in- disks, the various parts of the computer. Write on the disks without harming it or destroying the data.
- Screwdrivers and other tools- used to dismantle the hardware- for seizure.
- Gloves to ensure that latent prints, if any, can be taken from disks or hardware without any confusion.
- Packing materials like rubber bands, tape, boxes, bubble wrap or paper bags should be used (because they have less static charge than plastic bags) to transport the evidence.
- Camera equipment to videotape and photograph the scene being investigated.
Once all these steps have been taken care of, the investigating officer is to document the way the system is set up and take the next steps.
- Labelling and photographing the entire set up beforehand to ensure that if required, the system can be dismantled and put back together easily.
- The Investigating officer should take photos of all the important angles and should ensure that all the parts are labelled correctly. He can take the help of a specialist for the same.
- He should the ensure that the system is powered down. This means that if the system is turned off, it should not be switched on as hackers and IT professionals often put destruct orders in the systems which activate, if the wrong password is put in or if a drive is missing.
Once the system has been powered down, the next step entails dismantling the system for transportation. Before transportation, though, it should be ensured that all the relevant documentation like the manuals and peripheral devices. Software manuals should be seized in particular and any side notes like passwords journals and all should also be seized.
The last step in the process is to protect the data and transport it safely. As mentioned above, the necessary tools should always be kept by the Investigating officer on his person. It should further be ensured that the system components are packaged safely and together before they can be sent to the Forensic Lab.
Simple things should be kept in mind like the fact that-
- Such systems should not be transported in the trunk of a police vehicle.
- It should be packed in a way which reduces vibrations that may shake a part loose.
- It should also be ensured that the computer is stored in a cool dry place which is away from anything that might emit electromagnetic signals.
- How to register complaint with Cyber police for Cyber Crime
- Indian Cyber law fake profile on Social Media
This is all about Cyber Crime Detection – Effective Steps Taken by CBI for now. Did you find this post useful? Comment Below your views. And don’t forget to Share!