ABSTRACT:
The advancement of internet has had a profound effect on the way business and people and authorities work and communicate. As cyber criminal offenses continue to develop at a substantial pace corporations have realized that there surely is need for security device which can provide and preserve safety of e-info.
This paper explores the ways of emerging requirements of the cyber forensics in order to curb the manace of cyber offense. It has emphasized the necessity of techno-legal types of procedures by giving in brief the historical advancements which took place associated with forensics and analyzing forensic tools. Further in this newspaper I have stated how the experts use his physical and mental tools in the investigation process and assortment of evidences relevant in the conditions.
This paper avers the intent of criminals and related crimes and the provisions interacting with the offences. Flowcharts have been used order to comprehend the procedures in the IT Act with the abuse recommended for different offences all together. Paper has considered word of the inadequacy of standard laws and regulations in combating problems of digital media. In the last part position in India has been collected by citing few case laws and understanding the period of advancement and poor situation in the reporting circumstances due to several other reasons with concluding remarks.
INTRODUCTION:
The term forensic was derived from consumption in the medical field. Forensic Drugs is a recognised discipline as far back as the 18th century. The computer industry has been taking computer forensic serious for some years now credited to embarrassing computer break-ins by hackers. Computer forensics is one of the largest growing professions of the 21st century. That is partly due to the growth of immoral and offensive activities that allows organizations and people to be vunerable to security threat. In today's scenario legal activities had a major thrust in cyber space such as cyber terrorism, internet scams, viruses, against the law downloads, falsification of document, child pornography, counterfeiting, gain scam, hacking etc. This resulted in the necessity for moral hackers and computer experts to help prosecute the perpetrators of these crimes. This is where the skills of an forensic expert come to be able to prevent the activities of offenders.
In the contemporary IT revolution and the detriments associated with it becomes even more significant as the idea of storing and control information at amazing rates of speed and across great distances has produced an environment where the mysteries of technology can propagate a clouded notion that contributes to too little trust and market self-confidence. Therefore has resulted in a tremendous upsurge in offences related to cyber world like data robbery, industrial espionage, worker misconduct, intellectual property fraud, hacking pornography etc. These unconventional crimes which involve huge use of it, require adequate measures to be studied by regulations enforcement organizations such as improvement of data retrieval system and the utilization of special equipment in criminal offenses detection operation, the introduction of hardware and software to provide effective data safeguard and carry out computer assisted unlawful intelligence, development of computer medaling methods to model crime situation to perform online detection evaluation and make current and tactical forecasts. With the technology innovating at such a rapid pace, the guidelines governing the use of cyber forensics to the areas of auditing, security and police are changing as well. Computer forensics has also been described as the autopsy of computer safe-keeping Medias for data. In a nutshell, Cyber forensics can be explained as the process of extracting information and data from computer safe-keeping devices and conferring its accuracy and reliability and dependablility. The challenging task in advance is of span of finding this data, collecting it, protecting it, and showing it in a way appropriate in a judge of rules.
BACKGROUND OF CYBER FORENSICS:
"Computer criminal offenses" or cyber offense refers to a misdeed involving the use of an computer. Cyber crimes can be divided into three major categories: cyber crimes against individuals, property and authorities. Cyber crimes against folks include transmission of child pornography, harassment with the use of a computer such as e-mail, and cyber stalking. Cyber offences against property include unauthorized computer trespassing through cyberspace, computer vandalism, transmitting of hazardous programs, and unauthorized ownership of computerized information. Hacking and cracking are among the gravest of this type of cyber crimes known to date. The creation and dissemination of damaging computer programs or trojans to personal computers is another kind of cyber offense against property. Software piracy is also a distinct kind of cyber crime against property. In the early 1980's, computer forensic tools were simple and mainly produced by government agencies like the U. S internal Revenue Service (IRS) and the Royal Canadian Mounted Authorities (RCMP) in Ottawa. A lot of the tools written then were in C dialect and assembly terms and weren't that popular. The term "Computer Forensics" was coined for the very first time in the first work out of the International Connection of Computer Exploration Specialists (IACIS) in Portland as the science which deals with the preservation, recognition, extraction and documents of computer proof and like any other forensic science, relates regulation and technology. However, it has been suggested that since the digital forensic practice can no longer be from the examination of normal storage marketing as forensic exam is now able to be conducted on devices such as routers, personal digital assistants(PDAs) and digital camera models, there's a need for a fresh definition.
Internationally recognized requirements in Information Security, like British Standard 7799, have emerged to promote good practices by setting up a proper mechanism for cyber forensics. The Convention on Cyber offense, Budapest was also created in 2001 which relates to the establishment of strategies whereby law enforcement agencies can buy orders requiring the preservation of data which usually may cause criminality and be vulnerable to devastation. This convention also prescribes for several provisions necessitating the retention of traffic data, requiring the development of data placed on a computer system, require ISPs to supply subscriber information, provide for search and seizure of computer data in the framework of a unlawful investigation, empower the interception of electronic digital communications, accumulate or require an ISP to accumulate real-time data and go this to a law enforcement agency.
TYPES OF COMPUTER FORENSIC TOOLS:
There are numerous complicated cases engaged regarding the use of electronic devices. In complex circumstances, forensic department may use electron microscopes and other complex equipments to retrieve information from machines that contain been destruction or formatted through specialized software's. Computer forensic tools can be categorised into two major categories particularly:
Hardware Forensic Tools : Hardware forensic tool varies and may range from simple, single purpose components to complete systems and server. There may be devises and tools which are of help for the investigation which comes under this category.
Software Forensic Tools: Software forensic tool can be categorized into command-line applications and other specialized applications. A few of these tools are made to perform single activity and thereafter range may vary.
WORKING OF FORENSIC TOOLS
Computer forensic tools are classified into five chief categories particularly:
a. Acquisition: Acquisition is known as the primary job in computer forensics investigation. The work done is basically making copies from the primary data. Both types of methods used for data copying in software acquisition are: physical copying of entire drive and logical copying of drive. Logical acquisition is more popular then physical because data attained can be read and examined easily and effortlessly.
b. Validation and Discrimination: The procedure involves making sure and keeping the integrity of the data acquired. The main purpose of data discrimination is to discriminate the suspicious data. The integrity of the data is compared with the original data. The techniques like Hashing, Filtering and Analyzing data file header etc come in as a useful way to make comparisons. Searching and checking file headers assists with improving and making sure data discrimination.
c. Extraction: Through extraction the data involved can be retrieved via recovery activity in a computing investigation. Sub-functions of removal used in inspection includes: Data viewing, Keyword searching, Decompressing, carving, Decrypting and Book-marking. The practice and command word over the work involved is very much required in this technique and undoubtedly a great deal of talent.
d. Reconstruction: Reconstruction necessary to recreate a suspect's drive and to show what took place during the offense or an occurrence. Copying of hard drive permits investigators to carry out their own acquisition, take ensure that you analysis the data. However, a graphic of an suspect's hard drive is to obtain the same make and model drive as the suspect's drive. Other functions of reconstructions are numerous like : Disk-to-disk copy, Image-to-disk duplicate, Partition-to-partition backup, Image-to-partition backup.
e. Reporting: The last step is the forensic disk analysis and assessment. The record is prepared after all of the evaluation and thereafter last report describing the step by step process undergone during the examination comes into existence.
WHY CYBER FORENSICS REQUIRED?
The development of cyber forensics is becoming necessary in the light of following factors :
a) The insufficient regular methods - The inadequacy in the procedural legislations has generated a procedural loophole in maintaining substantive responsibility. The procedural aspects are framed to build and establish responsibility and guilt but certain breakdowns in the procedural aspect has business lead to the deadlock in analysis. The original procedural methods working with finger marks, DNA, Screening and other blood lab tests are neither relevant nor ideal for and in the existing situation.
b) Shifting dimensions of crime- The usage of internet offences consists of crimes like hacking, pornography, personal privacy violations, spamming, identification theft, cyber terrorisms etc which includes imposed diverse selection of crime and criminals. To be able to curb the competition the criminal offenses and unlawful it is of outmost importance that one methods are essentially required for curbing the menace cyber criminal offense in a powerful manner.
c) Evaluation - An evaluation of the original offences and criminals with those of current methods has led to the observation that in IT being a significant in the IT environment, the guidelines of the evaluation being dynamics of the crime, support system has evolved the techniques of offense but certainly the variables remain the same in evaluating the facial skin of the crime, players in the offense etc. Thus, the statutory as well as the non statutory research machinery in the form of cyber forensic body is very much required.
d) Issues of jurisdiction- as an old saying - "protection is preferable to stop". The purposes of experts and tools of forensics are designed for preventing the criminal offenses rather then ready it to happen as there is absolutely no territorial boundaries of internet hence issue of jurisdiction problems are bound to come up as no-one remarks any particular occurrence which is conflicting to legal provisions.
CATEGORIZATION OF CYBER FORENSICS:
1. Computer Forensics- The primary goals of computer forensics will be the preservation, identification, extraction, documentation and interpretation of recovered computer data. It really is further split into:-
a) Disc Forensics- The procedure of acquiring and studying the data stored on some type of physical storage media and includes the recovery of hidden and removed data and document id, which is the procedure used to identify the individual who has generated a document or meaning.
b) Source Code Forensics- The process in computer forensics which can be used to find out software possession or software liability issues and is also not merely a review of the real source code.
2. Network Forensics- It includes gathering digital research sent out over large, complicated networks, which is transient in dynamics and not preserved with permanent storage media sent out across large-scale complicated networks. It is a far more challenging part of cyber forensics for the reason that it deals generally with process monitoring of network interconnected. It really is further split into :-
a) Email Forensics- It is the study of the source and content of electronic mail as evidence and includes the procedure of identifying the genuine sender and receiver of a message, the particular date and time it was directed, and where it was dispatched from. It really is an essential branch of network forensics as email is becoming one of the primary mediums of communication in the digital years, and vast levels of proof may be contained therein, whether in the body or enclosed within an attachment.
b) Inlayed Forensics- It handles the computer potato chips embedded in a variety of electronic tools etc. and continues to be along the way of progression.
LEGAL Construction IN INDIA:
In India, the emergence of IT Act, 2000 was detected after the United Nation General Assembly Quality, dated the 30th January, 1997 followed the Model Legislation on Electronic Business following the United Nations Commission on International Trade Legislations. The enactment emerged in as a first step towards regulations relating to e-commerce. The enactment arrived after considering UNICITRAL style of Legislations on e- commerce 1996.
Provisions in the Criminal Treatment Code, Indian Penal Code, Indian Research Function and Copyrights Serves have been amended so as to make regulations more strict. For coverage of personal data, the U. K. Data Security Act is needed has been analyzed in the light of earning necessary amendments. Each year there has been observations of steady increase in quantity of computer crime using its growth rate globally recorded in the range around 12 - 15 %. There is certainly need for preventive measures in neuro-scientific computer /data security.
The IT Take action, 2000 has amended the laws to be able to meet the problems posed by computer criminal offense such as:
Indian Penal Code, 1860
Indian Evidence Work, 1872
Reserve Loan provider of India, 1934
According to the IT Work, 2000 Chapter XI deals with computer offences or computer offences and provides for fines for these offences with separately. The nature of unlawful offences and punishments are given below.
SECTION
Nature Of Offences
Punishments
S. 65
Tampering with computer system
Source rules documents.
Imprisonment up to 3 years or with
Fine up to 2 lakhs or both.
S. 66 [2]
Hacking with computer system.
Imprisonment up to 3years or with
Fine up to 2lakhs or both.
S. 67
Publishing or transmitting obscene
Materials in electronic form.
Imprisonment up to 5yrs and fine
For 1st conviction. Imprisonment
Up to 10years and fine up to Rs 2 lakhs
For following conviction. .
S. 71
Misrepresentation or suppression
Of materials facts to controller or
Certifying authority to obtain digital
Signature certificate or even to obtain permit to concern certificates.
Imprisonment up to 2years or with a
fine up to at least one 1 lakh or both.
Up to 10years and fine up to Rs 2 lakhs.
S. 72
Breaching confidentiality of electronic
Documents to which one has access.
Imprisonment up to 2years or with
A fine upto 1 lakh or both.
S. 73
Publishing Digital Signatures Qualification with false particulars.
Imprisonment up to 2years or
With fine up to 2lakhs or both.
S. 74
Creating, publishing or making available an electronic Signature Certificate for any Deceptive or unlawful goal.
Imprisonment up to 2years or
with a fine up to 2 lakhs
Or both
S. 43
S. 44(a)
Damages to computer etc.
Failure to provide any document, coming back or report to the Controller or the Certifying Expert.
Compensation upto 1 crore
fine up to Rs. 1, 50, 000
S. 44(b)
Failure to furnish any go back or provide any information, books or other documents.
fine up to Rs. 5000
S. 44(c)
Failure to keep books of profile or records
fine up to Rs, 10, 000
S. 45
Contravention of any rules or regulations for which no charges is provided for.
fine up to Rs. 25, 000
There is a time when electric evidence has not been considered by the courts for the purposes of adjudication but since laws was approved in India to identify digital documents as admissible information in a Court docket of regulation with the required amendments designed to the Indian Proof Work, 1872 by the info Technology Function, 2000. The documents produced prior to the Courtroom as cyber facts as per the data Function may be split into two categories:-
I. "Primary Evidence"- The file itself should be produced to the Judge for the purposes of production of Principal documents. As these evidences are in the form of media there are either software in the words of the court or help is extracted from the experts for supporting the judges to be able to take certain evidences. Analogy is attracted from the non electronic documents and process is followed on a single lines for the demonstration of doc by the prosecution or the individual who gets the responsibility of making use of digital doc for representing his contentions. But also for the purposes of evaluating the legality of record and other technological aspects court may take the assistance of experts to research possible manipulations and loopholes in evidences.
II. "Secondary evidence"- Section 65 of the Indian Evidence Act, 1872 identifies the cases where secondary evidence relating to documents may be given before the court that your post-amendment by IT Action, 2000 has appended Section 65-A and 65-B to the Action. While referring to the agenda II to ITA, 2000, serial no. 9, we can observe that rules of rules provides that Section 65-A and 65-B are to be treated as self-determining sections. Section 65-A enjoins after the gatherings to demonstrate the details of electronic data relative to the provisions of Section 65-B (2) which lays down the conditions would have to be satisfied for the computer productivity to be considered as admissible information. Section 65B(2) contains some certifications which is to be provided by the person who's having lawful control over the utilization of the computer creating the said computer result and it is in this context that the responsibility of regulations Enforcement Regulators in India becomes onerous while collecting the evidence. Investigating agencies have to do a daunting task of investigate computer in large numbers that too with better caution so as to make it admissible in the court docket of rules under the conditions brought up under section 65 B of the Indian Data Act The standard of evidence should be real and complete according to the natural common legislations rules.
FUNCTIONS OF EXPERTS
Cyber forensic is more than the technical, organized inspection of the computer system which aid the legal process and helps in solving the puzzles coming in a talent and its material for information or supportive proof a civil wrong or a criminal act presenting prior to the court docket. Computer forensics is an elaborate process which where special expertise and tools are essential which works for the task that goes far beyond the standard data restoration, collection and safeguard and preservation techniques available to system support personnel and customers.
Task of experts can be labeled in the two categories of particularly physical activity and mental or logical job. Role of forensic experts are significant as the quantity of people involved in the case over a complex network, keeping keep tabs on through an in depth monitoring of exploration, overload of situations which makes monitoring individual situations makes investigation a daunting task.
Mostly and generally, role of computer forensics experts is to investigate and analysis data storage area devices and different other devices, these include but are not limited to hard drives, portable data devices USB Drives, External drives, Micro Drives and many more.
Firstly, to Identify sources of documentary or other digital data which are required in the form of tools and evidences for record of exploration. Second, to Preserve the data and Analyze it. This area requires great deal of hard work and correct finding and supervision. Reliability and and correctness is of best importance as there will not be any admissibility in the court of rules if there be any contingencies mounted on the case involved. The next phase in the inspection by professionals is to Present the findings prior to the court relative to the procedure adopted by regulations. Thus cyber forensics are done as per the standard adhered by the court of rules and must be techno-legal in nature.
Other areas of forensic expert is to create a knowledge about the suspects. Forensic experts must have the intelligence team which must think on the lines of suspects and develop the understanding on inadequate information to form the opinion close to the suspect which must have been considered in an identical situation. Complex knowledge and skills are highly required by the experts in order to curb the offence in case there is very small amount of critical data on hard drive or other device.
Electronic information collection
Experts have to gather Electronic evidence from a variety of sources. Facts can be gathered from three avenues of offender's network: at the place of work of the offender from where he originates the offence, on the server reached by the offender, and on the network that connects the two.
Clause (3) of Section 80 of the info Technology Act evidently suggests that the procedures of the Code of Offender Method, 1973 shall at the mercy of the provisions of this section, apply, as far as may be, in relation to any accessibility, search or arrest, made under this section. The cyber forensic can be involved with search and seizure so that indiscriminately evidences can be gathered which is relevant according to the provisions of Indian Proof Act. Information collection should be made with great precision and exactness. Original evidences have the higher evidentiary value hence there is a need to avoid any alteration in assortment of evidences during exploration. Documenting of information has to be done so that fragile electronic research can remain in original point out before any tainted alterations. Moreover specialized loopholes need to be taken care of carefully in forensic work and back-up must be done. Proper guidance must be kept during the connections with the offense scene and think.
CYBER FORENSICS
To investigate the existing and future express of cyber forensics.
To identify and analyse various tools and technology employed in computer forensics and means of recovering and analysing data to create indisputable evidence
Applying and observing forensics in the recovering of lost data
Current state of exploration of comp forensics.
Explaining the tools and technology employed in computer forensics
Ways to recover and analyse data to create indisputable evidence
Examination of recovered hard disk drive and lost data.
Extraction of lost data via technology and tools.
Compile and analyse retrieved data.
Production of last article can be allowed in legal proceedings.
Future of investigating future forensics
Technological development in computer forensics
Recovering of the lost data
Ways of analyzing data to create indiscriminate evidences in investigation.
Integration of tools and techno legal methods in forensics
CYBERCRIMES IN INDIA:
A latest figures of National Offences Record Bureau, 2005 provides clear indication of climb in cyber crime. Survey has indicated that there's been great deal of underreporting of cyber offences around fifty offences are reported to police out of five hundred that take place and maximum of one circumstance comes under the signed up journal of police. This clearly point out the variation in the strategy towards combating cyber crimes in India. 'Netizens' should be aware of the possible offences and should be careful about the intentions of the offenders. Underreporting is mainly due to the lack of recognition and fear of bad promotion and concern with bad reputation and standing society. However, this lack of orientation and awareness has increased the risk of perpetrators unlawful activities.
Therefore, with the view of increased cyber offences in the united states there exists ardent dependence on regulations enforcement companies and cyber cells which look after the welfare provisions to carefully analyse the problems and use cyber forensics in nailing the actions of criminal nature in the cyber worlds. Cyber forensic has great role to try out to be able to curb the menace of increasing statistics in scientific sector using computer experts. There has been a demand in the forensic sector in order to suppress the problems to cyber world hence it can only be said that in course of time the jurisprudence behind cyber forensic is in the advancement phase.
In case of R. K. Dalmia v Delhi Administration the Supreme Courtroom in conditions related to appropriation of hidden knowledge information and data fraud held that the term "property" can be used in the I. P. C in a much wider sense than the appearance "movable property". Judge further kept thatthere is no reason to restrict the meaning of the term "property" to moveable property only, when it is employed without any certification. Whether the offence defined in a specific section of IPC can be determined according of any particular kind of property, depends not on the interpretation of the term "property" but on the fact whether that particular kind of property can be at the mercy of the acts included in that section.
In the famous case of Mohd. Afzal v. Union of India which occurred on Dec. 13 2001, a laptop and other electric material were accumulated and was seized from the two terrorists involved in the attack. Investigative companies in Delhi has didn't trace out a lot of its contents, consequently it was referred to the Computer Forensics Section at Hyderabad for examining and retrieving information from the laptop. The forensic experts have with help of forensic tools busted the rules of the laptop which included several evidences that confirmed of the motives of the terrorists like the forged documents of the Ministry of Home that they used to get access to the Parliament House and the imitation ID cards with a Govt. of India emblem and seal.
The Two known conditions of cyber offense in respect of pornography are the Delhi Bal Bharati case and the Bombay case wherein two Swiss few used to power the slum children to come along with them for the purposes of taking obscene images. The Mumbai law enforcement officials later caught them. These conditions included hosting of websites formulated with prohibited press. Courts in there common sense has emphases on the need for forensics in probing the problem in great details.
In the situation of Suhas Katty v. State of Tamilnadu, , a person was convicted for criminal offenses which relates to posting of obscene, defamatory and frustrating subject matter group and forwarding email messages through a incorrect e-mail account opened up by the accused in the name of the sufferer under Section 67 of the info Technology Work, 2000 and under Section 467 & 509 of IPC for 24 months. The defendants counsel argued that the offending mails could have been given by the complainant herself to implicate the accused and also that the documentary data was not sustainable under Section 65B of the Indian Facts Act. However, forensic experts have probed the matter and with the assistance of a special mechanism called archival of the note, the origination of the obscene note was traced away and the real culprit was helped bring before the Judge of Rules.
CONCLUSION:
There is very fine differentiation in the traditional methods of offense and cyber criminal offense. The fine demarcation exist which causes the different procedure in introspection techniques. The demarcation highlights participation of the medium in situations of cyber offense. Crime can take place at any time while introspection the type of medium used not like the conventional crimes as there is a virtual cyber medium. It is almost impossible to eliminate criminal offense from cyber space but with due care and extreme care we can check them. Right up until date there is no such legislation which includes been successful in completely eliminating offense from the cyber space. Along with the change in technology and quick change in ideas it has become difficult to avoid the cyber offences to continue. However by further making applications and more stringent regulations we can check criminal offense. There is always a possibility to make sufficient changes in Information Technology Act to govern cyber offences and make it far better to overcome cyber criminal offense.
However, cyber forensics is an evolving art work and science which is in the stage of evolution which is not developed. With advent of new technologyies and procedural techniques transforming into different period at such a rapid pace, the trick information infrastructures, individual specialists and governments are facing troubles of protecting and preserving the info which have wider purposes. Latest information of cyber offense is the hacking done by the Chinese language hackers in procuring data from the Indian federal government data files. Because the technology in forensics is a lot developed that network forensics are used help of and course for transmitting data had been discovered. Though Chinese administration denied the allegations but forensic evidences has come to the save of Indian administration allegations.
Cyber forensics, in the field of has led to the new revolution in the filed of information security and specialists have better vision of finding auditing and preserving the evidences. New techniques and steps has designed the new level of procuring and investigating cyber crimes. Quite simply we can say that cyber forensics have added a fresh dimensions to the IT regulations and Other unlawful and substantive laws which has made the regulations more strict and stronger than before. Justice supervision has increased by the development of forensic sciences in electric media. Cyber security and is interdependent on cyber forensics for the e-governance and e-commerce projects. One confers the tas of obtaining the electronic base and other indicates the shortcomings in the security and plausible solutions to the security base. However due to the highly qualified skills there's been much issues in the cyber forensics. Person with the basic knowledge and expertise can be experienced in breaking the code and commit offences. Further series and procurement of offences is a challenging alone as the medium of transmitting data and device is delicate in itself. In addition the condition of demonstration of case before the courtroom is another hurdle for the forensic experts. It is very difficult to explain the duty and sophisticated and technological problems to the judge for adjudication purposes. Court docket is dependant after an experts thoughts and opinions regarding the consequent In what of Mr. R. K. Raghvan, a observed cyber forensic expert records "Complicated technology and ill-informed courts; highly-strung and argumentative experts frequently pitted against each other; and a variety of challenging and criminally important types of circumstance: this is the world of computer forensics in the era of high-technology crimes. "
Some of the arduous activity and ill-informed government and administration in the field of cyber legislation has resulted in grave short to arrive spotting cyber forensics which is developed in girl but falls short in Indian scenario. Forensics has not been developed yet to a certain level whereby the criminals are deterrent about the lawful restrictions which are framed and inspection which are completed in prosecution of criminals. Techno-legal knowledge had to be developed in light of appalling ignorance of the judiciary to understand an instance before it starts hearing the evidence.
The results which we have expected from it laws and regulations in India remains insufficient to repay the criminal component of its proceedings. Synthesis of laws should be done to do all round development against injury to a person and other legal entity and also provide prosecution with capacity to check out and punish at fault within it own ambit. International and countrywide treaties and convention should be designed so that across the world model of legislations can be described and any victimized country can have security.