This article has been written by Yatharth Chauhan, pursuing the Diploma in Cyber Law, FinTech Regulations and Technology Contracts from LawSikho. The article has been edited by Prashant Baviskar (Associate, LawSikho) and Smriti Katiyar (Associate, LawSikho).

Introduction

With the advancement of technology, man has become heavily reliant on the Internet to fulfil all of his requirements. The internet has allowed man to quickly access anything from a single location. The internet is used in practically every aspect of life. As the internet and its associated advantages have gained currency, so has the notion of cybercrime. Millions of users’ personal details have been taken as a result of cybercrime in recent years, posing a serious hazard to web users. Cybercriminals are very adept and difficult to locate on the public and dark web as well. There is no specific definition of “cybercrime” in any legislation or guideline.  The term “cyber” refers to computers, information technology, the internet, and the digital world. Cybercrime is a crime that requires the application of a computer, mobile or any other gadget. Computer crime is another term for cybercrime. The computer could be used either as an object to attack other devices such as Hacking, SQL Injection, Distributed Denial-of-service attack, etc. or as a tool to further real-world based crime such as infringement of Intellectual Property Rights, Child pornography, financial frauds, etc. Cybercrime can be perpetrated by individuals or organisations with modest technical understanding, as well as highly organised global criminal networks which include competent coders.

Cybercrime investigation is the tracking down of the perpetrators of the digital crime and acquiring further information about their true objectives by investigating, assessing, and retrieving important forensic digital evidence from the attacked network, which might be the Internet or a local area network. Computer science specialists that are conversant with not just software, file systems, and operating systems, but also networks and hardware, are required for cybercrime investigations. They must be competent enough to figure out how these components interact in order to acquire a complete view of what happened, why it occurred, when it occurred, who committed it, and how people can safeguard themselves from future cyber assaults. 

Categories of cybercrime

Individual, property, and government are the three major categories in which cybercrime may be classified.

1. Property– This is analogous to an actual scenario in which a criminal gains unauthorised access to a person’s bank or credit card information. The hacker takes the user’s bank account information in order to obtain access to cash, make online transactions, or launch phishing schemes to trick individuals into handing over their confidential information. They might even employ malicious programs to get access to a website containing sensitive data. There are several offences that have an impact on a person’s property such as cybersquatting, cyber vandalism, disseminating viruses, infringement of Intellectual Property Rights, etc.
2. Government- Cyber terrorism is a type of crime committed against the government. It covers cyber warfare, cyber terrorism, pirated software, etc. 
3. Individual- This kind of crime has the most immediate impact on individuals. It basically includes cyber-stalking, cracking, defamation, e-mail and SMS spoofing, child pornography, hacking, etc. 

Methods for investigating cybercrime

The majority of digital crimes are amenable to several standard investigating approaches. Some of these are as follows:

1. Assessing the background- When dealing with the cybercrime complaint, creating and establishing the crime’s backdrop using known facts can assist investigators to establish a basic framework for determining what they’re up against and how much data they have.
2. Getting as much information as possible- Obtaining as much information as possible about the event is one of the most crucial tasks on the part of the cybersecurity investigator. Was it a computer-assisted assault or a human-targeted assault? What is the extent and magnitude of the problem? What kind of cybercrime was perpetrated? What proof is there, and where can it be discovered?

Ethical hackers use a variety of methods and technologies to gather vital information and information about locations as well as data gathering software to advance their agenda. The following are some of the most popular strategies for acquiring information:

1. Social Engineering: It means taking the advantage of human weaknesses so as to obtain permission to the confidential information and network. The inherent absence of a cybersecurity environment contributes to social engineering assaults being one of the deadly forms of network vulnerabilities. Major social Engineering includes phishing, whaling, vishing, Baiting, spear-phishing, pretexting, etc. Hackers commonly use phishing emails and other identical strategies to target businesses, therefore, staff must be reinforced. Employees can access the system and networks of the company therefore they play a significant role in guaranteeing the company’s strength in the face of attacks. When it comes to cybersecurity, the company’s security management is heavily influenced by working culture. Developing a cybersecurity environment in the organization takes more than setting boundaries with no rationale and reminding employees to change their passwords regularly. Employees are not intentionally endangering the company. They indeed require direction and instruction in order to prevent various forms of cybercrime. That is why businesses must endeavour to improve their data security. This entails addressing and raising the awareness of the employees about the cyberattacks and their repercussions and developing and implementing strong cybersecurity rules that are simple to integrate into their everyday work routines. 
2. Social Networking– when approaching specific people, Twitter, LinkedIn, and other social media sites are valuable platforms to get information for constructing a profile.
3. Names of the Domain– These are basically enrolled by Institutions, governments, public and commercial entities, as well as individuals. Domain names can be used to find confidential information, connected domains, services, and innovations.
4. Search Engines- Web Crawlers may be used to gather data on any subject. For cybersecurity experts, Google Dorking, often known as Google hacking, is a great tool. Google is a search engine used by the common person to locate information, photos, movies, etc.  In the field of information security, however, Google is a powerful hacking device. Although Google cannot actively hack websites, it does have web-crawling skills. Google Dorking is a technique of leveraging Google’s inherent search engine abilities to locate insecure web applications. Cache, Allintext, Allintitle, Allinurl, Inurl, Intitle, etc. are well-known dorks. 

3. Locating the author– To locate the perpetrators behind the cyber assault, private and public organisations collaborate with ISPs and networking firms to obtain vital log data about their linkages, as well as historical services and websites accessed during the period they were linked.
4. Digital forensic- It entails examining the primary data, hard discs, file systems, caching systems, RAM memory, and other sources. The investigator, when a forensic examination commences, will search for fingerprints in the file system, network, emails, internet history, and other areas.

Forensic tools for cybercrime investigation 

Based on the methods one is employing and the stage they are at, cybercrime investigation tools might offer a wide range of features. Some of the major forensic tools are as follows:

1. SIFT Workstation– SIFT is a suite of forensic tools designed to assist emergency teams and forensic investigators in analysing digital forensic material across many platforms. FAT 12/16/32, NTFS, HFS+, EXT2/3/4, UFS1/2v, vmdk, swap, RAM dta, and RAW data are among the file systems it handles.
2. Sleuth Kit– The Sleuth Kit is a set of forensic tools for Unix and Windows that aids investigators in examining disk images and retrieving files from them.
3. X-ways forensics– For Windows-oriented operating systems, it is one of the most comprehensive forensic tools available. It is extremely convenient, allowing one to operate it on a memory card and transfer it effortlessly across computers.
4. CAINE– It is a whole Linux distro for digital forensic investigation, not only a cybercrime investigation programme. It can retrieve information from a multitude of operating systems, including Linux, Unix, and Windows.
5. ProDiscover Forensic– It is equipped to undertake any forensic investigation. It assists researchers in swiftly locating files, gathering, processing, preserving, and scrutinizing data, as well as generating the statement of evidence. 
6. Oxygen Forensic Detective– It is one of the greatest multi-platform forensic tools for cybersecurity experts and forensic specialists to access all important information in one location. One can swiftly extract data from a variety of smartphones, drones, and computer operating systems using Oxygen Forensic Detective.
7. Bulk Extractor-It is a popular tool for obtaining vital data from digital evidence. It is not only used to retrieve the information, but also to analyse and gather it. One of its most useful features is that it works flawlessly with practically every OS platform, like Linux, Unix, Mac, and Windows.
8. Exif– It can read, write, and alter metadata from a wide range of media assets, such as images and movies. It permits you to save the findings in text or simple Html form.
9. Surface Browser– It is the ideal tool for discovering a firm’s whole online infrastructure and extracting useful intelligence information from DNS records, domains, information, and much more.

Conclusion

Cybercriminals have gained control over the network in the present technological world. The majority of users are totally unconcerned about the possibility of being attacked, and they seldom change their passwords. As a result, a large number of individuals are vulnerable to cybercrime, thus it is critical to educate oneself. In today’s environment, one must be alert and vigilant since one can never realize when one can become a victim. 

Cybercrime investigation is a difficult science to master. To enter the cybercrime scene efficiently and profitably, one would need the correct information paired with a variety of approaches and instruments. After they have gathered all of this information, they would be able to correctly examine the information, research the underlying reason, and discover the perpetrators of various sorts of cybercrime. Therefore, we must make certain that our systems are as safe as possible.

References 

1. https://securitytrails.com/blog/cyber-crime-investigation
2. https://www.infosecawareness.in/cyber-laws-of-india
3. https://www.pandasecurity.com/en/mediacenter/panda-security/types-of-cybercrime/
4. https://cybersecurityguide.org/careers/cyber-crime-investigator/
5. https://www.business-standard.com/article/technology/the-face-of-indian-cyber-law-in-2013-113123000441_1.html

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.