Professional Documents
Culture Documents
Cyber Crime Investigation and Cyber Forensic
Cyber Crime Investigation and Cyber Forensic
Cyber Crime Investigation and Cyber Forensic
A PROJECT REPORT
ON
Contents:
1
Cyber Crime Investigation and Forensics
2
Cyber Crime Investigation and Forensics
FORENSICS-------------------------------------------------------------------------------------------34--39
3
Cyber Crime Investigation and Forensics
Definition:
Any criminal activity that uses a computer either as an instrumentality, target or a means for
perpetuating further crimes comes within the ambit of cyber crime”
“ unlawful acts wherein the computer is either a tool or target or both”
“Illegal computer-mediated activities that can be conducted through global electronic
networks”
4
Cyber Crime Investigation and Forensics
Cyber Criminals
The cyber criminals constitute of various groups/ category. This division may be justified on
the basis of the object that they have in their mind. The following are the category of cyber
criminals-
5
Cyber Crime Investigation and Forensics
6
Cyber Crime Investigation and Forensics
7
Cyber Crime Investigation and Forensics
loose on the Internet by Robert Morris sometime in 1988. Almost brought development
of Internet to a complete halt.
8. Logic bombs-
These are event dependent programs. This implies that these programs are created to do
something only when a certain event (known as a trigger event) occurs. E.g. even some
viruses may be termed logic bombs because they lie dormant all through the year and
become active only on a particular date (like the Chernobyl virus).
9. Trojan attacks-
This term has its origin in the word ‘Trojan horse’. In software field this means an
unauthorized programme, which passively gains control over another’s system by
representing itself as an authorised programme. The most common form of installing a
Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film
director in the U.S. while chatting. The cyber criminal through the web cam installed in
the computer obtained her nude photographs. He further harassed this lady.
10. Internet time thefts-
Normally in these kinds of thefts the Internet surfing hours of the victim are used up by
another person. This is done by gaining access to the login ID and the password. E.g.
Colonel Bajwa’s case- the Internet hours were used up by any other person. This was
perhaps one of the first reported cases related to cyber crime in India. However this case
made the police infamous as to their lack of understanding of the nature of cyber crime.
11. Web jacking-
This term is derived from the term hi-jacking. In these kinds of offences the hacker gains
access and control over the web site of another. He may even mutilate or change the
information on the site. This may be done for fulfilling political objectives or for money.
E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the
Pakistani hackers and some obscene matter was placed therein. Further the site of
Bombay crime branch was also web jacked. Another case of web jacking is that of the
‘gold fish’ case. In this case the site was hacked and the information pertaining to gold
fish was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus
web jacking is a process where by control over the site of another is made backed by
some consideration for it.
8
Cyber Crime Investigation and Forensics
9
Cyber Crime Investigation and Forensics
10
Cyber Crime Investigation and Forensics
HACKING
Hacking in simple terms means illegal intrusion into a computer system without the
permission of the computer owner/user.
DENIAL OF SERVICE ATTACK
This is an act by the criminal, who floods the bandwidth of the victim's network or fills
his e-mail box with spam mail depriving him of the services he is entitled to access or
provide
VIRUS DISSEMINATION
Malicious software that attaches itself to other software% (virus, worms, Trojan Horse,
Time bomb, Logic Bomb, Rabbit and Bacterium are the malicious software)
SOFTWARE PIRACY
Theft of software through the illegal copying of genuine programs or the counterfeiting
and distribution of products intended to pass for the original. Retail revenue losses
worldwide is ever increasing due to this crime can be done in various ways End user
copying, Hard disk loading, Counterfeiting, Illegal downloads from the internet etc.
PORNOGRAPHY
Pornography is the first consistently successful e- commerce product. Deceptive
marketing tactics and mouse trapping technologies Pornography encourage customers to
access their websites. Anybody including children can log on to the internet and access
websites with pornographic contents with a click of a mouse. Publishing, transmitting any
material in electronic form which is lascivious or appeals to the prurient interest is an
offence under the provisions of section 67 of I.T. Act -2000.
IRC CRIME
Internet Relay Chat (IRC) servers have chat rooms in which people from anywhere the
world can come together and chat with each other Criminals use it for meeting co-
conspirators. Hackers use it for discussing their exploits I sharing the techniques
Pedophiles use chat rooms to allure small children Cyber Stalking - In order to harass a
woman her telephone number is given to others as if she wants to befriend males.
11
Cyber Crime Investigation and Forensics
12
Cyber Crime Investigation and Forensics
NET EXTORTION
Copying the company's confidential data in order to extort said company for huge amount
PHISHING
It is technique of pulling out confidential information from the bank/financial
institutional account holders by deceptive means
PHISHING EMAIL
From: *****Bank [mailto:support@****Bank.com]
Sent: 08 June 2004 03:25
To: India
Subject: Official information from ***** Bank
Dear valued ***** Bank Customer!
For security purposes your account has been
Randomly chosen for verification. To verify
Your account information we are asking you to
Provide us with all the data we are requesting.
Otherwise we will not be able to verify your identity
And access to your account will be denied. Please click
On the link below to get to the bank secure
Page and verify your account details. Thank you.
https://infinity.*****bank.co.in/Verify.jsp
****** Bank Limited
SPOOFING
Getting one computer on a network to pretend to have the identity of another computer,
usually one with special access privileges, so as to obtain access to the other computers
on the network.
CYBER STALKING
The Criminal follows the victim by sending emails, entering the chat rooms frequently.
CYBER DEFAMATION
The Criminal sends emails containing defamatory matters to all concerned of the victim
or post the defamatory matters on a website.
13
Cyber Crime Investigation and Forensics
THREATENING
The Criminal sends threatening email or comes in contact in chat rooms with Victim.
(Any one disgruntled may do this against boss, friend or official)
SALAMI ATTACK
In such crime criminal makes insignificant changes in such a manner that such changes
would get unnoticed. Criminal makes such program that deducts small amount like Rs.
2.@0 per month from the account of all the customer of the Bank and deposit the same in
his account. In this case no account holder will approach the bank for such small amount
but criminal gains huge amount.
SALE OF NARCOTICS
Sale & Purchase through net. There are web site which offers sale and Shipment of
contrabands drugs. They may use the techniques of stenography for hiding the messages.
Email related crime
1. Email spoofing
2. Sending malicious codes through email
3. Email bombing
4. Sending threatening emails
5. Defamatory emails
6. Email frauds
14
Cyber Crime Investigation and Forensics
Case Studies
Case No.1
Police Station – Vishrambaug (Emphasis)
G.R.N . 91/05 IPC No 467, 468, 471, 419, 420, 379, 34 with law of information &
Technology No. 66
Petitioner - Jay fin Robert Disuse
Criminals -
1) Ivan Samuel Thomas
2) Sheila’s Chanddrakant Burrower
3) Bijou Alexander
4) Siddhartha Mehta
5) Stephen Daniel
6) Marlin Fernandez
7) Prim john Phil poses
8) Soundharajan Jamaican
9) Jinee George
10) Stash Para
11) John Varghese
Short Story- In the last week of March 2005, Vice Chairman of City Bank notified that
Rs.1,86,23,761(4,27,061 American Dollars) from some of the A/c holders of City Bank
of America have been transferred to various banks in Pune. The Above amount has not
been deposited in Pune Bank.
15
Cyber Crime Investigation and Forensics
Finding- After the case has filed , the bank in which the amount has been transferred ,
those banks has to intimated in writing that if some one comes to enquire about deposit
of money in the particular bank amount to be intimated to Police immediately.
1. Accordingly Rupees Bank Rajendranagar branch, Pune reported that two person
came for the enquiry
2. Immediately sent a Police squad and two persons taken in custody. The name
were:-
Vim Samuel Thomas
Sheila’s Burrower
3. In the enquiry, Ivan Thomas was working in BPO Company in Pune named
Emphasis (This company runs a customer care centre to give service to the City
bank account holders in America). His other Colloquies Bijou Alexander,
Siddhartha Mehta, Stephen Daniel, Marlin Fernandez have procured ATM Cards
lose as well as their PIN codes Social Security Number and authorized E-mail Id
Of 5 Account holders of City Bank by doing Social Engineering . After that they
have transferred Rs.1 Cr 86 lace in various banks in Pune by using wire transfer’s
facility. This facility is being used to transfers the amount through internet. When
you go to City banks website, choose option wire transfer. Then put user ID &
password, automatic code is generated. This code is being sent to the authorized
E-mail Id of account holder. Then this code is sent to wire transfer page. Then
only the account is being accessed to the particular account holder.
4. All the hard disks of those cyber café from where the amount has been transferred
were ceased. Also the full information of E-mail Id from where automatic code
was taken with full header was noted.
5. The above criminal has opened fake accounts in various banks supporting proofs
have been taken from the banks.
The crime report has been submitted against criminals.
Result Waited.
16
Cyber Crime Investigation and Forensics
Case No.2
Police station- Decca Gymkhana
G.R.N 199/07 IPC Code. 420, 467, 468, 34 with law of information & technology of 2000 cool
43, a, b, h 66 & 72
Petitioner- Sunil Marianna Made age 32 yrs occupation- service (Rise manager HDFC stargaze,
pane) Residential Address B-402 Uttamnagar, Pune-23
Criminal- Moil Laming Harkin Age-30 Residential Address- Ignore Rd near Vidyasagar High
school, Naphtha, Delhi
Native- Churchyard Poor Lama, at & Post Bethel, Manipur
Incident- 24/4/2007 between 15:45 to 16:00 at Rank Jewelers carve Rd, Pune.
Case filed- 24/04/07 at 23:00 hrs
Evident officer- Entail Shined Asst. Police Commissioner (Fin & cyber) crime Branch Pune.
Short Story- Criminal lady & her colloquies 1) Utahan 2)Nepali man 3) Lady named Mara all
together on 24/04/07 between 15:45 to 16:00 hrs at Rank Jewelers, Carve Rd Pane Purchased By
using HDFC Bank credit card, but this card belongs to Missoula Federal union, USA bank. This
was found through Risk monitoring system and also found that the card wad fakes. On the spot
lady was arrested, but her other colleagues ran away.
Finding- Lady Criminal was found with Chinese passport on the name of Talon Eyeing. On that
immigration stamps of Indonesia, Australia, Germany were found, criminal lady was found with
credit cards of five banks on Talon Eyeing.
1. Sent a letter to Aortal, Hutch, Idea & Tate to get the information of criminal’s mobile no
9967674094 & her colleagues mob no
2. Sent a letter to bank for getting information of credits cards holders
3. To verifying reality of passport consumer Chennai, Embassy Mumbai has been
approached by sending letter.
4. Take statements of Mosaic Palace, Shirted Rd Pane where criminals & her colleagues
were staying. And also taken the statements of manager & owner of Rank Jewelers.
5. Came to know though HDFC, HSBC and Standard Charted Bank that the criminal lady
holding the credit cards is of Missoula Federal Credit Union, USA.
17
Cyber Crime Investigation and Forensics
6. Sent a letter to Police commissioner Chennai for information as the criminal passport was
emigration stamped by Chennai passport.
7. Sent a wireless to south Manipur Police to get address proof and character information.
8. Sent a Police squad to Delhi for searching for other criminals.
9. Regarding Passport, fax received from Embassy of china that concerned passport was
from Hong Kong Special Administrative region and wad expired on 10th Sep 2003.
10. Received Information from Manipur police by wireless is as below-
After sending criminal reports the court the criminal lady was punished by the court.
18
Cyber Crime Investigation and Forensics
Case No- 3
Police Station - Yawed
G.R.N - 2/8/08 C B V 403419420
Applicant - Swap nil Deli Sail Age 30 Son 401/r
Balladic VadyanNagar Vadgensheri Pune 14
Accursed - Yogis Chowder Chennai
Applied on - on 25/3/08 Use of credit card stolen.
Enquiry Officer - Kristi Kumar Patel PSI
Short Story- Yogis has purchased Air tickets on 28/3/08 for Rs.18, 596.10.
Swap nil has City Bank credit card he take online accounts statements, he has seen on 24/4/08 at
a bill of Rs.18596.10 as a transaction done on 28/3/08 from Makemytripe.com & Airdeccan.com
Yogis has taken the tickets.
1. To find out whose IP is This by Domain Tool get name Isaac Telecom India Put Ltd.
Sutra
2. Send Letter to Ibarra to enquire to whom this IP Address is Given Get Information Of IP
Address 123.201.56.193 is dynamic and given to Yogis Chowdery Chennai
3. Mobile use in No 9884214361, 9789943185 get details of this phones & phone calls from
Manager Airtal & Manager Hutch.
4. Visit to Chennai to find out Yogis.
5. Caught him at Chennai he deterrent he has done this crime.
19
Cyber Crime Investigation and Forensics
Case No.4
Police Station- Koshered G.R.N 00107 BDV 509 information Security Act 5.67
Apply by - Miss Sanity Koshered Pane
Against - Miss Lisa and Pane
Happened on- Before 26/06/07 12:30
Recorded on- 28/06/07 5:00 PM
Short Story- Before 26/06/07 someone stolen password of email Id of Sanity & profile XYZ
Rout website and produce some very bad Exposition on website.
Director- Net Shined PSI
Enquiry- Send all database link Rout website prepared by Name on what date, Time , IP
Address to Google company by e-mail.Saniya get knowledge from friends that there is some bad
things on Rout by Lisa Cornello.Saniya before 3 to 4 weeks try to prepare new Account
abc@hotmail.com. On that website the bad topic is profiled again. Visited to sanity’s residence
checked her computer whiter there is any virus or not. Send Read notify to Sanity for stolen by
anybody her password at xyz@hotmail.com. Read Information from Google 3/7/09.
Profile prepared by Sanity was as follows:-
E-mail Profile email Id xyz@hotmail.com
IP Address 59.161.3.66 on 8/5/07 4IS GMT.
Secondary email Id LisaCornello@ yahoo.co.in
Trace out all information from above address.
Received following information from Yahoo on 14/5/09 at 9:36:14 Lisacornello@yahoo.co.in
and IP Address 219.64.160.136 has been prepared .On 5/5/07 3:36:4 Lisacornello@yahoo.co.in
Email ID and IP Address 59.169.3.66 prepared on 8/05/07
Let following information for Domain tools
File Number- 12345678
Name - Lisa
Phone - 122344568
Address- And Pane
Red on Lisa Residence makes all necessary Police Action. Story is Lisa & Sanity were friends
being affairs with Shoed. The Police ceased the Hard disk & CPU sent it to forensic lab.
Lisa was punished by 2 yrs prison & 2, 75,000 cash fine.
20
Cyber Crime Investigation and Forensics
21
Cyber Crime Investigation and Forensics
6. Always keep a watch on the sites that your children are accessing to
prevent any kind of harassment or depravation in children.
7. It is better to use a security programme that gives control over the cookies
and send information back to the site as leaving the cookies unguarded
might prove fatal.
8. Web site owners should watch traffic and check any irregularity on the
site. Putting host-based intrusion detection devices on servers may do this.
9. Use of firewalls may be beneficial.
10. Web servers running public sites must be physically separate protected
from internal corporate network.
Adjudication of a Cyber Crime - On the directions of the Bombay High Court the Central
Government has by a notification dated 25.03.03 has decided that the Secretary to the
Information Technology Department in each state by designation would be appointed as
the AO for each state.
22
Cyber Crime Investigation and Forensics
QUESTIONNAIRE
QUESTIONNAIRE RELATED TO THE RECOMMENDATIONS FROM THE FOURTH
MEETING OF GOVERNMENTAL EXPERTS ON CYBER-CRIME
1. In which of the following areas does our country have existing cyber-crime
legislation in place?
a) IT act Cyber laws (e.g., laws prohibiting online identity theft, hacking,
intrusion into computer systems, child pornography): Yes ___ No ___
If yes, please list and attach copies of all such legislation, preferably in electronic
format if possible:
65 – Code Modification
66 – Hacking
67 – Pornography
If yes, please list and attach copies of all such legislation, preferably in electronic
format if possible:
41 CRPC
42 CRPC
100 CRPC
If yes, please list and attach copies of all such legislation, preferably in electronic
format if possible:
23
Cyber Crime Investigation and Forensics
2. Please identify whether the following forms and means (1) occur frequently, (2) occur
infrequently, or (3) have not occurred, by placing an “X” as appropriate in the
following table:
24
Cyber Crime Investigation and Forensics
a) In addition, to the above, if there are any other forms and means of cyber-
crime that have occurred (either frequently or infrequently) in our country,
please identify them as well as the frequency with which they occur in the
following table.
Cyber Stalking
Copy Right
Source Code
3. Does our country have any concrete experiences with respect to strengthening the
relationship between the authorities responsible for investigating and/or prosecuting cyber-
crimes, and internet service providers that may be shared with other States as a best practice
in this area? Yes No ___
If yes, please explain: ISP’s meeting, Bank models meeting cyber committee
regular basic interaction.
4. Has our country identified, created, or established a unit or entity specifically charged
with directing and developing the investigation of cyber-crimes? Yes No
If yes, please provide the following information: CBI Crime cell, CID
If such a unit/entity has been created or established, are its functions dedicated
exclusively to the investigation of cyber-crimes? Yes No ___
If no, what other types of offenses or crimes is this unit/entity responsible for
investigating and/or prosecuting?
5. Has our country identified, created, or established a unit or entity specifically charged with
directing and developing the prosecution of cyber-crimes? Yes ___ No
25
Cyber Crime Investigation and Forensics
Relevance of Evidence
Main purpose of investigation of any crime is to collect sufficient & legally admissible
evidence to ensure conviction of offenders.
Requirements of evidence in Cyber Crimes are not different but its nature has made
collection of Evidence a specialized job.
Evidence Act & rules already in existence were considered not sufficient; so IT Act, 2000
made extensive changes in Indian Evidence Act, 1872
All documents including electronic records produced in Court are called documentary
evidence.
“Electronic records” has the same meaning as assigned in IT Act,2000, i.e.:
image or sound stored, received or sent in an electronic form; or
micro film or computer generated micro fiche;
17. Admission defined - An admission is a statement, oral or documentary or contained in
electronic form which suggests any inference as to any fact in issue or relevant fact.
27. How much of information received from accused may be proved - When any fact is
discovered in consequence of information received from a person accused of any offence,
in the custody of a police officer, so much of such information, as relates distinctly to the
fact thereby discovered, may be proved.
26
Cyber Crime Investigation and Forensics
Evidence shall be given of so much and no more of the electronic record, as the Court
considers necessary in that particular case to the full understanding of the nature and
effect of the statement, and of the circumstances under which it was made.
Opinion as to digital signature where relevant.
47A. When the Court has to form an opinion as to the digital signature of any person, the
opinion of the Certifying Authority which has issued the Digital Signature Certificate is a
relevant fact.
27
Cyber Crime Investigation and Forensics
85A The Court shall presume that every electronic record purporting to be an agreement
containing the digital signatures of the parties was so concluded by affixing the digital
signature of the parties.
28
Cyber Crime Investigation and Forensics
But the Court shall not make any presumption as to the person by whom such message
was sent.
Recent Amendments
The Information Technology (Amendment) Bill, 2008 (Bill No.96-F of 2008) was passed
by the Look Saba on 22-12-2008 and by the Raja Saba on 23-12-2008.
It received His Excellency President’s assent on 5th February, 2009.
The date, from which the amendments are to be applicable, is yet to be notified.
29
Cyber Crime Investigation and Forensics
Section 66B makes it an offence to dishonestly receive or retain any stolen computer
resource or communication device which is punishable with 3 years imprisonment or fine
unto Rs. 1.00 Lac.
Dishonest use of Electronic Signatures, password or identification feature invites
punishment up to 3 years and fine up to Rs. 1.00 Lac (Section 66C)
Impersonation with the help of computer or communication device will result in 3 years
imprisonment and fine unto Rs.1.00 Lac (Section 66D)
Violation of privacy by way of sending electronic visual images of private parts of body
is also punishable with 3 years’ imprisonment or fine unto Rs. 1.00 Lac. (Section 66E).
30
Cyber Crime Investigation and Forensics
31
Cyber Crime Investigation and Forensics
Our Analysis
As we all have seen all the crimes done with the help of computer or technology,
Has become very serious issue now – days. And victim can be anybody a naïve person or even a
tech savvy personal can be a victim. So from above cyber crime conducted we can conclude the
to counter these crime the end user should be educated about these cyber crimes. And he/she
should be cautious in checking his/her e-mails, or when downloading files/ software. They
should even change their password after 45 days, and also set a strong password with
alphanumeric and special characters used in it, should never used the Administrator account if
not required. Always updated the Antivirus. Try keeping licence copy of the software used by
the user. Try to secure his/her network both LAN and wireless.
Conclusion:
Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the
cyber space. It is quite possible to check them. History is the witness that no legislation has
succeeded in totally eliminating crime from the globe. The only possible step is to make people
aware of their rights and duties (to report crime as a collective duty towards the society) and
further making the application of the laws more stringent to check crime. Undoubtedly the Act is
a historical step in the cyber world. Further I all together do not deny that there is a need to bring
changes in the Information Technology Act to make it more effective to combat cyber crime. I
would conclude with a word of caution for the pro-legislation school that it should be kept in
mind that the provisions of the cyber law are not made so stringent that it may retard the growth
of the industry and prove to be counter-productive.
32
Cyber Crime Investigation and Forensics
Police Commissioner
Two Asst. Police Commissioner
Two Sub Inspector
And ten constables in the team.
In the year 2008 there were 63 cases got registered. And between 2003-2008 total numbers of
cases registered with Police were 452.
Year 2001 2002 2003 2004 2005 2006 2007 2008 2009 total
Total 03 04 09 06 10 10 13 08 09 72
33
Cyber Crime Investigation and Forensics
Cyber forensics discovery, analysis, and reconstruction of evidence extracted from any element
of computer systems, computer networks, computer media, and computer peripherals that allow
investigators to solve the crime.
Four Stages
Acquire
Authenticate
Analyze
Documentation
34
Cyber Crime Investigation and Forensics
Static Electricity
Magnetic Fields
Shock
Moisture
35
Cyber Crime Investigation and Forensics
Computer Forensics:-
Computer forensics is a branch of forensic science pertaining to legal evidence found in
computers and digital storage mediums.
Computer forensics, also called cyber forensics, is the application of computer
investigation and analysis techniques to gather evidence suitable for presentation in a court of
law. The goal of computer forensic is to perform a structured investigation while maintaining a
documented chain of find out exactly what happened on a computer and who was responsible for
it.
Computer forensics experts investigate data storage devices, such as hard drives, USB
Drives, CD-ROMs, floppy disks, tape drives, etc., identifying sources of documentary or other
digital evidence, preserving and analyzing evidence, and presenting findings. Computer forensics
adheres to standards of evidence admissible in a court of law.
Incident Response
An important part of computer forensics lies in the initial response to a computer crime. It
is at this point that the suspect computer and related devices are identified and prepared for the
forensic response. In a corporate environment, this is simply done by locating the perpetrator's
computer workstation and collecting a forensic image of the hard drive, and any related media.
In a criminal situation with a law enforcement response, the incident response involves the
proper serving of a search warrant and lawful collection of evidentiary media. While in some
corporate environments the computer is left behind, sometimes to give the impression that the
employee is not a targeted suspect, law enforcement will attempt to seize all computer related
material (bag and tag) and transfer it to a forensic laboratory for analysis.
36
Cyber Crime Investigation and Forensics
Forensic Analysis
All digital evidence must be analyzed to determine the type of information that is stored
upon it. For this purpose, specialty tools are used that can display information in a format useful
to investigators. Such forensic tools include: Brian Carrier's Sleuth Kit, Foremost and Smart. In
many investigations, numerous other tools are used to analyze specific portions of information.
37
Cyber Crime Investigation and Forensics
Extortion
Industrial espionage
Position of pornography
SPAM investigations
Virus/Trojan distribution
Homicide investigations
Intellectual property breaches
Unauthorized use of personal information
Forgery
Perjury
Computer related crime and violations include a range of activities including:
o Business Environment:
Theft of or destruction of intellectual property
Unauthorized activity-
Tracking internet browsing habits
Reconstructing Events
Inferring intentions
Selling company bandwidth
Wrongful dismissal claims
Sexual harassment
Software Piracy
Evidence Processing Guidelines
New Technologies Inc. recommends following 16 steps in processing evidence
They offer training on properly handling each step
o Step 1: Shut down the computer
Considerations must be given to volatile information
Prevents remote access to machine and destruction of evidence (manual or
ant-forensic software)
o Step 2: Document the Hardware Configuration of The System
38
Cyber Crime Investigation and Forensics
39