SlideShare a Scribd company logo

introduction to cyber forensics, digital

Download as PPTX, PDF
Srinivas Kanakala, profile picture
Srinivas Kanakala

cyber forensics introduction

Education
1 of 60
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
UNIT-2: Cyberspace and the Law & Cyber Forensics 1. Introduction, Cyber Security Regulations, 2. Roles of International Law. 3. The INDIAN Cyberspace, 4. National Cyber Security Policy, 5. Historical background of Cyber forensics, Digital Forensics Science, 6. The Need for Computer Forensics, 7. Cyber Forensics and Digital evidence, 8. Forensics Analysis of Email, 9. Digital Forensics Lifecycle, 10.Forensics Investigation, 11.Challenges in Computer Forensics
CYBERSPACE • Cyberspace can be defined as an intricate environment that involves interactions between people, software, and services. • It is maintained by the worldwide distribution of information and communication technology devices and networks. • With the benefits carried by the technological advancements, the cyber space today has become a common pool used by citizens, businesses, critical information infrastructure, military and governments in a fashion that makes it hard to induce clear boundaries among these different groups. • The cyberspace is anticipated to become even more complex in the upcoming years, with the increase in networks and devices connected to it.
2.2 Cyber Security Regulations • There are five predominant laws to cover when it comes to cybersecurity: • Information Technology Act, 2000 The Indian cyber laws are governed by the Information Technology Act, penned down back in 2000. The principal impetus of this Act is to offer reliable legal inclusiveness to eCommerce, facilitating registration of real-time records with the Government. But with the cyber attackers getting sneakier, topped by the human tendency to misuse technology, a series of amendments followed. • The ITA,enacted by the Parliament of India,highlights the grievous punishments and penalties safeguarding the egovernance, e-banking, and e- commerce sectors. Now, the scope of ITA has been enhanced to encompass all the latest communication devices. The IT Act is the salient one, guiding the entire Indian legislation to govern cybercrimes rigorously:
2.2 Cyber Security Regulations • Section43-Applicable to people who damage the computer systems without permission from the owner. The owner can fully claim compensation for the entire damage in such cases. • Section 66 - Applicable in case a person is found to dishonestly or fraudulently committing any act referred to in section 43. The imprisonment term in such instances can mount up to three years or a fine of up to Rs. 5 lakh. • Section 66B - Incorporates the punishments for fraudulently receiving stolen communication Devices or computers, which confirms a probable three years imprisonment. This term can also be topped by Rs. 1 lakh fine, depending upon the severity
2.2 Cyber Security Regulations • Section 66C - This section scrutinizes the identity thefts related to imposter digital signatures, hacking passwords, or other distinctive identification features. If proven guilty, imprisonment of three years might also be backed by Rs.1 lakh fine. • Section 66 D - This section was inserted on-demand, focusing on punishing cheaters doing impersonation using computer resources.
Indian Penal Code (IPC) 1980 • Identity thefts and associated cyber frauds are embodied in the Indian Penal Code (IPC), 1860 invoked along with the Information Technology Act of 2000. The primary relevant section of the IPC covers cyber frauds: • Forgery (Section 464) • Forgery pre-planned for cheating (Section 468) • False documentation (Section 465) • Presenting a forged document as genuine (Section 471) • Reputation damage (Section 469)
Companies Act of 2013 • The corporate stakeholders refer to the Companies Act of 2013 as the legal obligation necessary for the refinement of daily operations. The directives of this Act cements all the required techno-legal compliances, putting the less compliant companies in a legal fix. • The Companies Act2013 vested powers in the hands of the SFIO(Serious Frauds Investigation Office) to prosecute Indian companies and their directors. Also, post the notification of the Companies Inspection, Investment, and Inquiry Rules, 2014, SFIOs has become even more proactive and stern in this regard. • The legislature ensured that all the regulatory compliances are well-covered, including cyber forensics, ediscovery, and cybersecurity diligence. The Companies (Management and Administration) Rules, 2014 prescribes strict guidelines confirming the cybersecurity obligations and responsibilities upon the company directors and leaders.
NIST Compliance-(National Institute of Standards and Technology ) • The Cybersecurity Framework (NCFS), authorized by the National Institute of Standards and Technology(NIST),offers a harmonized approach to cybersecurity as the most reliable global certifying body. • NIST Cybersecurity Framework encompasses all required guidelines, standards, and best practices to manage the cyber-related risks responsibly. This framework is prioritized on flexibility and cost- effectiveness.
NIST Compliance-(National Institute of Standards and Technology ) • It promotes the resilience and protection of critical infrastructure by: Allowing better interpretation, management, and reduction of cybersecurity risks to mitigate data loss, data misuse, and the subsequent restoration costs • Determining the most important activities and critical operations - to focus on securing them Demonstrates the trust-worthiness of organizations who secure critical assets Helps to prioritize investments to maximize the cybersecurity ROI Addresses regulatory and contractual obligations Supports the wider information security program • By combining the NIST CSF framework with ISO/IEC 27001 - cybersecurity risk management becomes simplified. It also makes communication easier throughout the organization and across the supply chains via a common cybersecurity directive laid by NIST.
• Final Thoughts Ashuman dependence on technology intensifies, cyberlaws in India and across the globe need constant up-gradation and refinements. The pandemic has also pushed much of the workforce into a remote working module increasing the need for app security. • Lawmakers have to go the extra mile to stay ahead of the impostors, in order to block the mat their advent. • Cybercrimes can be controlled but it needs collaborative efforts of the lawmakers, the Internet or Network providers, the intercessors like banks and shopping sites, and, most importantly, • theusers.Onlytheprudenteffortsofthesestakeholders,ensuringtheirconfinem enttothelaw of the cyber land can bring about • online safety and resilience
2.3 ROLES OF INTERNATIONAL LAW: • In various countries, areas of the computing and communication industries are regulated by governmental bodies. • There are specific rules on the uses to which computers and computer networks may be put, in particular there are rules on unauthorized access, data privacy and spamming. • There are also limits on the use of encryption and of equipment which may be used to defeat copy protection schemes. • There are laws governing trade on the Internet, taxation, consumer protection, and advertising. • There are laws on censorship versus freedom of expression, rules on public access to government information, and individual access to information held on them by private bodies Some states limit access to the Internet, by law as well as by technical means.
INTERNATIONAL LAW FOR CYBER CRIME • Cyber- The complexity in types and forms of cybercrime increases the difficulty to fight back fighting cybercrime calls for international cooperation. Various organizations and governments have already made joint efforts in establishing global standards of legislation and law enforcement both on a regional and on an international scale
2.4 THE INDIAN CYBERSPACE: • Indian cyberspace was born in 1975 with the establishment of National Informatics Centre (NIC) with an aim to provide govt with IT solutions. Three networks (NWs) were set up between 1986 and 1988 to connect various agencies of govt. These NWs were, INDONET which infrastructure, NICNET(the NICNW) a nation wide very small a pertureterminal(VSAT)NW for public sector organizations as well as to connect the central govt with the state govts and district administrations, the third NW setup was ERNET (the Education and Research Network), to serve the academic and researchcommunities.
2.4 THE INDIAN CYBERSPACE: • New Internet Policy of 1998 paved the way for services from multiple Internet service providers(ISPs) and gave boost to the Internet user base grow from1.4million in 1999 to over 150 million by Dec 2012. Exponential growth rate is attributed to increasing Internet access through mobile phones and tablets. Govt is making a determined push to increase broadband penetration from its present level of about 6%1. • The target for broadband is 160 million households by 2016 under the National Broadband Plan
2.5 NATIONAL CYBER SECURITY POLICY: • National Cyber Security Policy is a policy framework by Department of Electronics and Information Technology. • It aims at protecting the public and private infrastructure from cyberattacks. The policy also intends to safeguard "information, such as personal information (of web users), financial and banking information and sovereign data". • This was particularly relevant in the wake of US National Security Agency (NSA) leaks that suggested the US government agencies are spying on Indian users, who have no legal or technical safeguards against it. • Ministry of Communication and Information Technology(India) defines Cyberspace as a complex environment consisting of interactions between people, software services supported by worldwide distribution of information and communication technology.
2.5 NATIONAL CYBER SECURITY POLICY: • VISION: • To build a secure and resilient cyberspace for citizens, business, and government and also to protect anyone from • intervening in user's privacy. • MISSION: • To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to • cyber threat, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional • structures, people, processes, technology, and cooperation
OBJECTIVE: • Ministry of Communications and Information Technology (India) define objectives as follows: • To create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy. • To create an assurance framework for the design of security policies and promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (Product, process, • technology &people). • To strengthen the Regulatory Framework for ensuring a SECURE CYBERSPACE ECOSYSTEM. • To enhance and create National and Sectoral level 24X7 mechanism for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective response and recovery actions
INTRODUCTION TO CYBER FORENSICS • Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence. • Forensic examiners typically analyze data from personal computers, laptops, personal digital assistants, cell phones, servers, tapes, and any other type of media. • This process can involve anything from breaking encryption,to executing search warrants with a law enforcement team, to recovering and analyzing files from hard drives that will be critical evidence in the most serious civil and criminal cases. • The forensic examination of computers, and data storage media, is a complicated and highly specialized process. • The results of forensic examinations are compiled and included in reports. In many cases, examiners testify to their findings, where their skills and abilities are put to ultimate scrutiny
HISTORICAL BACKGROUND OF CYBER FORENSICS • It is difficult to pinpoint when computer forensics history began. Most experts agree that the field of computer forensics began to evolve more than 30 years ago. • The field began in the United States, in large part, when law enforcement and military investigators started seeing criminals get technical. • Government personnel charged with protecting important, confidential, and certainly secret information conducted forensic examinations in response to potential security breaches to not only investigate the particular breach, but to learn how to prevent future potential breaches. • Ultimately, the fields of information security, which focuses on protecting information and assets, and computer forensics, which focuses on the response to hi-tech offenses, started to intertwine
HISTORICAL BACKGROUND OF CYBER FORENSICS • Over the next decades, and up to today, the field has exploded. Law enforcement and the military continue to have a large presence in the information security and computer forensic field at the local, state, and federal level. • Private organizations and corporations have followed suit – employing internal information security and computer forensic professionals or contracting such professionals or firms on an as-needed basis. • Significantly, the private legal industry has more recently seen the need for computer forensic examinations in civil legal disputes, causing an explosion in the e-discovery field.
HISTORICAL BACKGROUND OF CYBER FORENSICS • The computer forensic field continues to grow on a daily basis. More and more large forensic firms, boutique firms, and private investigators are gaining knowledge and experience in the field. • Software companies continue to produce newer and more robust forensic software programs. And law enforcement and the military continue to identify and train more and more of their personnel in the response to crimes involving technology
DIGITAL FORENSICS: • Digital Forensics is defined as the process of preservation, identification, extraction, and documentation of computer evidence which can be used by the court of law. • It is a science of finding evidence from digital media like a computer, mobile phone, server, or network. • It provides the forensic team with the best techniques and tools to solve complicated digital- related cases. • Digital Forensics helps the forensic team to analyzes, inspect, identifies, and preserve the digital evidence residing on various types of electronic devices. • Digital forensic science is a branch of forensic science that focuses on the recovery and investigation of material found in digital devices related to cybercrime.
THE NEED FOR COMPUTER FORENSICS: • Computer forensics is also important because it can save your organization money. • From a Technical standpoint, the main goal of computer forensics is to identify, collect, preserve, and analyze data in a way that preserves the integrity of the evidence collected so it can be used effectively in a legal case.
CYBER FORENSICS AND DIGITAL EVIDENCE: • Digital evidence is information stored or transmitted in binary form that may be relied on in court. • It can be found on a computer hard drive, a mobile phone, among other places. • Digital evidence is commonly associated with electronic crime,ore- crime,such as child pornography or credit card fraud. • However, digital evidence is now used to prosecute all types of crimes, not just e-crime. • For example, suspects' e-mail or mobile phone files might contain critical evidence regarding their intent, their whereabouts at the time of a crime and their relationship with other suspects. • In 2005, for example, a floppy disk led investigators to the BTK serial killer who had eluded police capture since 1974 and claimed the lives of at least 10victims.
CYBER FORENSICS AND DIGITAL EVIDENCE: • In an effort to fight e-crime and to collect relevant digital evidence for all crimes, law enforcement agencies are incorporating the collection and analysis of digital evidence, also known as computer forensics, into their infrastructure. • Law enforcement agencies are challenged by the need to train officers to collect digital evidence and keep up with rapidly evolving technologies such as computer operating systems.
• Cyberforensics can be divided into two domains: • 1. Computer forensics; • 2. network forensics.
FORENSICS ANALYSIS OF EMAIL • E-mail forensics refers to the study of source and content of e- mail as evidence to identify the actual sender and recipient of a message, data/time of transmission, detailed record of e-mail transaction, intent of the sender, etc. • This study involves investigation of metadata, keyword searching, port scanning, etc. for authorship attribution and identification of e-mail scams.
FORENSICS ANALYSIS OF EMAIL • Various approaches that are used for e-mail forensic are: • Header Analysis–Meta data in thee-mail message in the form of control information • i.e. envelope and headers including headers in the message body contain information about the sender and/or the path along which the message has traversed. • Some of these may be spoofed to conceal the identity of the sender. A detailed analysis of these headers and their correlation is performed in header analysis
Bait Tactics • – In bait tactic investigation an e-mail with http: “<imgsrc>” tag having image source at some computer monitored by the investigators is send to the sender of e-mail under investigation containing real(genuine)e-mail address. • When the e-mail is opened, alog entry containing the Ip address of the recipient(sender of the e-mail under investigation) is recorded on the http server hosting the image and thus sender is tracked. • However, if the recipient (sender of the e-mail under investigation) is using a proxy server then IP address of the proxy server is recorded. • The log on proxy server can be used to track the sender of the e-mail under investigation. If the proxy server’s log is unavailable due to some reason, then investigators may send the tactic e-mail containing a)Embedded Java Applet that runs on receiver’scomputerorb) • HTML • page withActiveXObject.BothaimingtoextractIPaddressofthereceiver’scomputerand e-mail it to the investigators
Server Investigation • –In this investigation, copies of delivered e-mails and server logs are investigated to identify source of an e-mail message. • E-mails purged from the clients (senders or receivers) whose recovery is impossible may be requested from servers (Proxy or ISP) as most of them store a copy of all e-mails after their deliveries. • Further, logs maintained by servers can be studied to trace the address of the computer responsible for making the e-mail transaction. • However, servers store the copies of e- mail and server logs only for some limited periods and some may not co-operate with the investigators. • Further, SMTP servers which store data like credit card number and otherdatapertainingtoownerofamailboxcanbeusedtoidentifypersonbehindane- mailaddress
Network Device Investigation • – In this form of e-mail investigation, logs maintained by the network devices such as routers, firewalls and switches are used to investigate the source of an e-mail message. • This form of investigation is complex and is used only when the logs of servers (Proxy or ISP) are unavailable due to some reason, e.g. when ISP or proxy does not maintain a log or lack of co-operation by ISP’s or failure to maintain chain of evidence
Software Embedded Identifiers • – Some information about the creator of e-mail, attached files or documents may be included with the message by thee-mail software used by the sender for composing e-mail.This information may be included in the form of custom headers or in the form of MIME content as a Transport Neutral Encapsulation Format (TNEF). Investigating the e-mail for these details may reveal some vital informationaboutthesenderse-mailpreferencesandoptionsthatcouldhelpclientside evidence gathering. The investigation can reveal PST file names, Windows logon username, MAC address, etc. of the client computer used to send e-mailmessage
SenderMailerFingerprints • –Identification of software handling e-mail at server can be revealed from the Received header field and identification of software handling e-mail at client can be ascertained by using different set of headers like “X-Mailer” or equivalent. • These headers describe applications and their versions used at the clients to send e-mail. • This information about the client computer of the sender can be used to help investigators devise an effective plan and thus prove to be very useful.
EMAIL FORENSICS TOOLS • Erasing or deleting an email doesn’t necessarily mean that it is gone forever. Often emails can be forensically extracted even after deletion. Forensic tracing of e-mail is similar to traditional detective work. It is used for retrieving information from mail box files
MiTec Mail Viewer This is a viewer for Outlook Express, Windows Mail/Windows LiveMail, Mozilla Thunder bird message databases, and single EMLfiles. It displays a list of contained messages with all needed properties, like an ordinary e-mail client. Messages can be viewed in detailed view, including attachments and an HTML preview. It has powerful searching and filtering capability and also allows extracting emailaddressesfromallemailsinopenedfoldertolistbyoneclick.Selectedmessages can be saved to eml files with or without their attachments. Attachments can be extracted from selected messages by one command.
OST and PST Viewer • – Nucleus Technologies’ OST and PST viewer tools help you view OST and PST files easily without connecting to an MS Exchange server. These tools allow the user to scan OST and PST files and they display the data saved in it including email messages, contacts, calendars, notes, etc., in a proper folder structure.
eMailTrackerPro– • eMailTrackerPro analyses the headers of an e-mail to detect the IPaddressofthemachinethatsentthemessagesothatthesendercanbetracke ddown. It can trace multiple e-mails at the same time and easily keep track of them. The geographical location of an IP address is key information for determining the threat level or validity of an e- mailmessage
EmailTracer • – EmailTracer is an Indian effort in cyber forensics by the Resource Centre for Cyber Forensics (RCCF) which is a premier centre for cyber forensics in India. It develops cyber forensic tools based on the requirements of law enforcement agencies
Fig 2.1: Digital Forensics Lifecycle
• 2.12 DIGITAL FORENSICS LIFECYCLE: There are many type of Cyber crimes taking place in the digital world, it is important for the investigator to collect, analyze, store and present the evidence in such a manner that court will believe in such digital evidences and give appropriate punishment to the Cyber criminal
• Collection: The first step in the forensic process is to identify potential sources of data and acquire data from them. • Examination: After data has been collected, the next phase is to examine the data, which involves assessing and extracting the relevant pieces of information from the collected data. This phase may also involve bypassing or mitigating OS or application features that obscure data and code, such as data compression, encryption, and access control mechanisms. • Analysis: Once the relevant information has been extracted, the analyst should study and analyzethedatatodrawconclusionsfromit.Thefoundationofforensicsisusinga methodical approach to reach appropriate conclusions based on the available data or determine that no conclusion can yet bedrawn
• Reporting:Theprocessofpreparingandpresentingtheinformat ionresultingfromtheanalysis phase. Many factors affect reporting, including the following: • a. Alternative Explanations: When the information regarding an event is incomplete, it may not be possible to arrive at a definitive explanation of what happened. When an event has two or more plausible explanations, each should be given due consideration inthereportingprocess.Analystsshoulduseamethodicalappro achtoattempttoprove or disprove each possible explanation that is proposed
• AudienceConsideration.Knowingtheaudiencetowhichthedata orinformationwill be shown isimportant. • c. Actionable Information. Reporting also includes identifying actionable information gained from data that may allow an analyst to collect new sources ofinformation
FORENSICS INVESTIGATION: • Forensics are the scientific methods used to solve a crime. Forensic investigation is the gathering and analysis of all crime-related physical evidence in order to come to a conclusion about a suspect. Investigators will look at blood, fluid, or fingerprints, residue, hard drives, computers,orothertechnologytoestablishhowacrimetookpla ce.Thisisageneraldefinition, though, since there are a number of different types offorensics.
• TYPES OF FORENSICS INVESTIGATION • Forensic Accounting /Auditing • Computer or CyberForensics • Crime SceneForensics • ForensicArchaeology • ForensicDentistry • ForensicEntomology • ForensicGraphology • ForensicPathology • ForensicPsychology • ForensicScience • ForensicToxicology
CHALLENGES IN COMPUTER FORENSICS: • Digital forensics has been defined as the use of scientifically derived and proven methods towards the identification, collection, preservation, validation, analysis, interpretation, and presentation of digital evidence derivative from digital sources to facilitate the reconstruction of events found to be criminal.But these digital forensics investigation methods face some major challenges at the time of practical implementation. Digital forensic challenges are categorized into three major heads as per Fahdi, Clark, and Furnell are: •  Technicalchallenges •  Legalchallenges •  ResourceChallenges
Anti-forensics techniques are categorized into the following types • TECHNICAL CHALLENGES • As technology develops crimes and criminals are also developed with it. Digital forensic expertsuseforensictoolsforcollectingshredsofevidenceagains tcriminalsandcriminalsuse such tools for hiding, altering or removing the traces of their crime, in digital forensic this process is called Anti- forensics technique which is considered as a major challenge in digital forensics world
• Encryption • It is legitimately used for ensuring the privacy of information by keeping it hidden from an unauthorized user/person. Unfortunately, it can also • be used by criminals to hide their crimes
• Data hiding in storage space • Criminals usually hide chunks of data inside the storage medium in invisible form by using system commands, and programs. • Covert Channel • Acovertchannelisacommunicationprotocolwhich allows an attacker to bypass intrusion detection technique and hide data over the network. The attackeruseditforhidingtheconnectionbetween • him and the compromised system
• Other Technical challenges are: •  Operating in thecloud •  Time to archive data •  Skillgap •  Steganography
LEGAL CHALLENGES • Thepresentationofdigitalevidenceismoredifficultthanitscollectionb ecausetherearemany instances where the legal framework acquires a soft approach and does not recognize every aspectofcyberforensics,as inJagdeoSinghV.TheStateandOrscaseHon’bleHighCourtof Delhi held that “while dealing with the admissibility of an intercepted telephone call in a CD and CDR which was without a certificate under Sec. 65B of the Indian Evidence Act, 1872the court observed that the secondary electronic evidence without certificate u/s. 65B of Indian Evidence Act, 1872 is not admissible and cannot be looked into by the court for any purpose whatsoever.”
• This happens in most of the cases as the cyber police lack the necessary qualification and ability to identify a possible source of evidence and prove it. Besides, most of the time electronic evidence is challenged in the court due to its integrity. In the absence of properguidelinesandthenonexistenceofproperexplanationof thecollection,andacquisition of electronic evidence gets dismissed initself
• Absence of guidelines and standards • In India, there are no proper guidelines for the collection and acquisition of digital evidence. The investigating agencies and forensic laboratories are working on the guidelines of their own. Due to this, • the potential of digital evidence has been destroyed
• Limitation of the Indian Evidence Act,1872 • TheIndianEvidenceAct,1872havelimitedapproach, it is not able to evolve with the time and address the E-evidence are more susceptible to tampering, alteration, transposition, etc. the Act is silent on the method of collection of e- evidence it only focuses on the presentation of electronic evidence in the court by accompanying a certificate as per subsection 4 ofSec. 65B[12]. This means no matter what procedure is followeditmustbeprovedwiththehelpofa • certificate.
• Other Legal Challenges •  PrivacyIssues •  Admissibility inCourts •  Preservation of electronicevidence •  Power for gathering digitalevidence •  Analyzing a runningcomputer
• RESOURSE CHALLENGES: • Astherateofcrimeincreasesthenumberofdataincreasesandth eburdentoanalyzesuchhuge dataisalsoincreasingonadigitalforensicexpertbecausedigitale videnceismoresensitiveas compared to physical evidence it can easily disappear. For making the investigation process fast and useful forensic experts use various tools to check the authenticity of the data but dealing with these tools is also a challenge initself
Types of Resource Challenges are: • Change intechnology: • Due to rapid change in technology like operating systems, application software and hardware, reading of digital evidence becoming more difficult because new version software’s are not supportedtoanolderversionandthesoftwaredevelopingcomp aniesdidprovideanybackward compatible’s which also affectslegally.
• Volume andreplication: • The confidentiality, availability, and integrity of electronic documents are easily get manipulated. The combination of wide-area networks and the internet form a big network that allows flowing data beyond the physical boundaries. Such easiness of communication and availabilityofelectronicdocumentincreasesthevolumeofdata whichalsocreatedifficultyin the identification of original and relevantdata.
introduction to cyber forensics, digital
introduction to cyber forensics, digital

More Related Content

PPTX
CYBER Crime Cyber Security Cyber Law INDIA
Anish Rai
 
PDF
Cybersecurity
pronab Kurmi
 
PPTX
14-Computer Privacy and Security Principles.pptx
wylobide
 
PDF
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
Kyle Lai
 
PPT
Information Technology Act
maruhope
 
PPTX
National cyber security policy final
Indian Air Force
 
PPTX
Various contours of Cyber Crimes by Dr. Deipa Singh
ssuser369aa3
 
PPTX
SUNITA PATIL LLB II YEAR PPT Cyber_Law_in_India_.pptx
RevatiPatil48
 
CYBER Crime Cyber Security Cyber Law INDIA
Anish Rai
 
Cybersecurity
pronab Kurmi
 
14-Computer Privacy and Security Principles.pptx
wylobide
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
Kyle Lai
 
Information Technology Act
maruhope
 
National cyber security policy final
Indian Air Force
 
Various contours of Cyber Crimes by Dr. Deipa Singh
ssuser369aa3
 
SUNITA PATIL LLB II YEAR PPT Cyber_Law_in_India_.pptx
RevatiPatil48
 

Similar to introduction to cyber forensics, digital (20)

PPTX
CYBER LAW AND ITS EVOLUTION (1)-1.111111
KomalSandhu50
 
PPT
Cyber Security
Ankit Ranjan
 
PPTX
Unit-3 Cyber Crime PPT.pptx
ParasSehgal12
 
PPT
CTO-CybersecurityForum-2010-Trilok-Debeesing
segughana
 
PPTX
cyber crime in india and law related to cyber crime
SumedhaBhatt2
 
PPTX
information about IT Laws regarding the protecting the digital fraud and scams
chinmayirp2405
 
PDF
State of Encryption in Kenya
CollinsKimathi
 
PPTX
A Wake-Up Call for IoT
Ahmed Banafa
 
PDF
Ethiopia reba paper
Wesen Tegegne
 
PDF
Cybersecurity and Internet Governance
Kenny Huang Ph.D.
 
PDF
Cyber law-it-act-2000
Mayuresh Patil
 
PDF
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati
 
PPTX
Cyber security laws
Sri Manakula Vinayagar Engineering College
 
PPTX
Unit-4 National Cyber Security Policy ,2013.pptx
himanshukumarviplava2
 
PPTX
Achieving Caribbean Cybersecuirty
Shiva Bissessar
 
DOCX
IT Laws and Practices Module 3 to Module 5
RBeze58
 
PDF
Developments in the TMT Sector - Current trends & emerging legal issues
Martyn Taylor
 
PPTX
OVERVIEW OF CYBER LAWS IN INDIA AND SECTIONS
anupama12369
 
PPTX
Cyber Crime with basics and knowledge to cyber sphere
RISHIKCHAUDHARY2
 
PDF
Privacy & Security for the Internet of Things
Gerry Elman
 
CYBER LAW AND ITS EVOLUTION (1)-1.111111
KomalSandhu50
 
Cyber Security
Ankit Ranjan
 
Unit-3 Cyber Crime PPT.pptx
ParasSehgal12
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
segughana
 
cyber crime in india and law related to cyber crime
SumedhaBhatt2
 
information about IT Laws regarding the protecting the digital fraud and scams
chinmayirp2405
 
State of Encryption in Kenya
CollinsKimathi
 
A Wake-Up Call for IoT
Ahmed Banafa
 
Ethiopia reba paper
Wesen Tegegne
 
Cybersecurity and Internet Governance
Kenny Huang Ph.D.
 
Cyber law-it-act-2000
Mayuresh Patil
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati
 
Cyber security laws
Sri Manakula Vinayagar Engineering College
 
Unit-4 National Cyber Security Policy ,2013.pptx
himanshukumarviplava2
 
Achieving Caribbean Cybersecuirty
Shiva Bissessar
 
IT Laws and Practices Module 3 to Module 5
RBeze58
 
Developments in the TMT Sector - Current trends & emerging legal issues
Martyn Taylor
 
OVERVIEW OF CYBER LAWS IN INDIA AND SECTIONS
anupama12369
 
Cyber Crime with basics and knowledge to cyber sphere
RISHIKCHAUDHARY2
 
Privacy & Security for the Internet of Things
Gerry Elman
 
Ad

More from Srinivas Kanakala (20)

PPTX
EXERCISE 2: Importance of visualizations Principles of communicating data, Pr...
Srinivas Kanakala
 
PPTX
cyber security unit introduction to privacy
Srinivas Kanakala
 
PPTX
620054032-20220209112111-PPT06-Probabilistic-Reasoning.pptx
Srinivas Kanakala
 
PPT
IPR Unit 3 Copyrights and Geographical indications -.ppt
Srinivas Kanakala
 
PPTX
Forensics Analysis of Email cyber forensics
Srinivas Kanakala
 
PPTX
cyber forensics, of email analysis using
Srinivas Kanakala
 
DOCX
list of Scopus journals to publish papers
Srinivas Kanakala
 
DOCX
international conferences names and link
Srinivas Kanakala
 
PPTX
Cyberspace and the Law & Cyber Forensics
Srinivas Kanakala
 
PPTX
Cyber Security Concepts, layers of security,
Srinivas Kanakala
 
PPTX
UNIT 1 INTELLIGENT AGENTS ARTIFICIAL INTELIGENCE
Srinivas Kanakala
 
PPTX
FOUNDATIONS OF ARTIFICIAL INTELIGENCE BASICS
Srinivas Kanakala
 
PPTX
MALWARE ANALYSIS USING DEEP LEARNING PRE
Srinivas Kanakala
 
PPTX
System Logs Anomaly Detection Using Deep Learning
Srinivas Kanakala
 
PDF
RM IPR R22 SYLLABUS REESEARCH METHODOLOGY HELPS FOR WRITING ARTICILES
Srinivas Kanakala
 
PDF
Computer Network Security and Cyber Ethics ( PDFDrive ).pdf
Srinivas Kanakala
 
PDF
Cyber Crime Investigations ( PDFDrive ).pdf
Srinivas Kanakala
 
PPTX
Software Estimation: Components of Software Estimations, Estimation methods...
Srinivas Kanakala
 
PPTX
FLOWCHARTS.pptx
Srinivas Kanakala
 
PPTX
Minor project ppt (1).pptx
Srinivas Kanakala
 
EXERCISE 2: Importance of visualizations Principles of communicating data, Pr...
Srinivas Kanakala
 
cyber security unit introduction to privacy
Srinivas Kanakala
 
620054032-20220209112111-PPT06-Probabilistic-Reasoning.pptx
Srinivas Kanakala
 
IPR Unit 3 Copyrights and Geographical indications -.ppt
Srinivas Kanakala
 
Forensics Analysis of Email cyber forensics
Srinivas Kanakala
 
cyber forensics, of email analysis using
Srinivas Kanakala
 
list of Scopus journals to publish papers
Srinivas Kanakala
 
international conferences names and link
Srinivas Kanakala
 
Cyberspace and the Law & Cyber Forensics
Srinivas Kanakala
 
Cyber Security Concepts, layers of security,
Srinivas Kanakala
 
UNIT 1 INTELLIGENT AGENTS ARTIFICIAL INTELIGENCE
Srinivas Kanakala
 
FOUNDATIONS OF ARTIFICIAL INTELIGENCE BASICS
Srinivas Kanakala
 
MALWARE ANALYSIS USING DEEP LEARNING PRE
Srinivas Kanakala
 
System Logs Anomaly Detection Using Deep Learning
Srinivas Kanakala
 
RM IPR R22 SYLLABUS REESEARCH METHODOLOGY HELPS FOR WRITING ARTICILES
Srinivas Kanakala
 
Computer Network Security and Cyber Ethics ( PDFDrive ).pdf
Srinivas Kanakala
 
Cyber Crime Investigations ( PDFDrive ).pdf
Srinivas Kanakala
 
Software Estimation: Components of Software Estimations, Estimation methods...
Srinivas Kanakala
 
FLOWCHARTS.pptx
Srinivas Kanakala
 
Minor project ppt (1).pptx
Srinivas Kanakala
 
Ad

Recently uploaded (20)

PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PDF
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
PPTX
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PPTX
master seminar digital applications in india
ananyaray35
 
Pre independence Education in Inndia.pdf
goofy5603
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
master seminar digital applications in india
ananyaray35
 

introduction to cyber forensics, digital

  • 1. UNIT-2: Cyberspace and the Law & Cyber Forensics 1. Introduction, Cyber Security Regulations, 2. Roles of International Law. 3. The INDIAN Cyberspace, 4. National Cyber Security Policy, 5. Historical background of Cyber forensics, Digital Forensics Science, 6. The Need for Computer Forensics, 7. Cyber Forensics and Digital evidence, 8. Forensics Analysis of Email, 9. Digital Forensics Lifecycle, 10.Forensics Investigation, 11.Challenges in Computer Forensics
  • 2. CYBERSPACE • Cyberspace can be defined as an intricate environment that involves interactions between people, software, and services. • It is maintained by the worldwide distribution of information and communication technology devices and networks. • With the benefits carried by the technological advancements, the cyber space today has become a common pool used by citizens, businesses, critical information infrastructure, military and governments in a fashion that makes it hard to induce clear boundaries among these different groups. • The cyberspace is anticipated to become even more complex in the upcoming years, with the increase in networks and devices connected to it.
  • 3. 2.2 Cyber Security Regulations • There are five predominant laws to cover when it comes to cybersecurity: • Information Technology Act, 2000 The Indian cyber laws are governed by the Information Technology Act, penned down back in 2000. The principal impetus of this Act is to offer reliable legal inclusiveness to eCommerce, facilitating registration of real-time records with the Government. But with the cyber attackers getting sneakier, topped by the human tendency to misuse technology, a series of amendments followed. • The ITA,enacted by the Parliament of India,highlights the grievous punishments and penalties safeguarding the egovernance, e-banking, and e- commerce sectors. Now, the scope of ITA has been enhanced to encompass all the latest communication devices. The IT Act is the salient one, guiding the entire Indian legislation to govern cybercrimes rigorously:
  • 4. 2.2 Cyber Security Regulations • Section43-Applicable to people who damage the computer systems without permission from the owner. The owner can fully claim compensation for the entire damage in such cases. • Section 66 - Applicable in case a person is found to dishonestly or fraudulently committing any act referred to in section 43. The imprisonment term in such instances can mount up to three years or a fine of up to Rs. 5 lakh. • Section 66B - Incorporates the punishments for fraudulently receiving stolen communication Devices or computers, which confirms a probable three years imprisonment. This term can also be topped by Rs. 1 lakh fine, depending upon the severity
  • 5. 2.2 Cyber Security Regulations • Section 66C - This section scrutinizes the identity thefts related to imposter digital signatures, hacking passwords, or other distinctive identification features. If proven guilty, imprisonment of three years might also be backed by Rs.1 lakh fine. • Section 66 D - This section was inserted on-demand, focusing on punishing cheaters doing impersonation using computer resources.
  • 6. Indian Penal Code (IPC) 1980 • Identity thefts and associated cyber frauds are embodied in the Indian Penal Code (IPC), 1860 invoked along with the Information Technology Act of 2000. The primary relevant section of the IPC covers cyber frauds: • Forgery (Section 464) • Forgery pre-planned for cheating (Section 468) • False documentation (Section 465) • Presenting a forged document as genuine (Section 471) • Reputation damage (Section 469)
  • 7. Companies Act of 2013 • The corporate stakeholders refer to the Companies Act of 2013 as the legal obligation necessary for the refinement of daily operations. The directives of this Act cements all the required techno-legal compliances, putting the less compliant companies in a legal fix. • The Companies Act2013 vested powers in the hands of the SFIO(Serious Frauds Investigation Office) to prosecute Indian companies and their directors. Also, post the notification of the Companies Inspection, Investment, and Inquiry Rules, 2014, SFIOs has become even more proactive and stern in this regard. • The legislature ensured that all the regulatory compliances are well-covered, including cyber forensics, ediscovery, and cybersecurity diligence. The Companies (Management and Administration) Rules, 2014 prescribes strict guidelines confirming the cybersecurity obligations and responsibilities upon the company directors and leaders.
  • 8. NIST Compliance-(National Institute of Standards and Technology ) • The Cybersecurity Framework (NCFS), authorized by the National Institute of Standards and Technology(NIST),offers a harmonized approach to cybersecurity as the most reliable global certifying body. • NIST Cybersecurity Framework encompasses all required guidelines, standards, and best practices to manage the cyber-related risks responsibly. This framework is prioritized on flexibility and cost- effectiveness.
  • 9. NIST Compliance-(National Institute of Standards and Technology ) • It promotes the resilience and protection of critical infrastructure by: Allowing better interpretation, management, and reduction of cybersecurity risks to mitigate data loss, data misuse, and the subsequent restoration costs • Determining the most important activities and critical operations - to focus on securing them Demonstrates the trust-worthiness of organizations who secure critical assets Helps to prioritize investments to maximize the cybersecurity ROI Addresses regulatory and contractual obligations Supports the wider information security program • By combining the NIST CSF framework with ISO/IEC 27001 - cybersecurity risk management becomes simplified. It also makes communication easier throughout the organization and across the supply chains via a common cybersecurity directive laid by NIST.
  • 10. • Final Thoughts Ashuman dependence on technology intensifies, cyberlaws in India and across the globe need constant up-gradation and refinements. The pandemic has also pushed much of the workforce into a remote working module increasing the need for app security. • Lawmakers have to go the extra mile to stay ahead of the impostors, in order to block the mat their advent. • Cybercrimes can be controlled but it needs collaborative efforts of the lawmakers, the Internet or Network providers, the intercessors like banks and shopping sites, and, most importantly, • theusers.Onlytheprudenteffortsofthesestakeholders,ensuringtheirconfinem enttothelaw of the cyber land can bring about • online safety and resilience
  • 11. 2.3 ROLES OF INTERNATIONAL LAW: • In various countries, areas of the computing and communication industries are regulated by governmental bodies. • There are specific rules on the uses to which computers and computer networks may be put, in particular there are rules on unauthorized access, data privacy and spamming. • There are also limits on the use of encryption and of equipment which may be used to defeat copy protection schemes. • There are laws governing trade on the Internet, taxation, consumer protection, and advertising. • There are laws on censorship versus freedom of expression, rules on public access to government information, and individual access to information held on them by private bodies Some states limit access to the Internet, by law as well as by technical means.
  • 12. INTERNATIONAL LAW FOR CYBER CRIME • Cyber- The complexity in types and forms of cybercrime increases the difficulty to fight back fighting cybercrime calls for international cooperation. Various organizations and governments have already made joint efforts in establishing global standards of legislation and law enforcement both on a regional and on an international scale
  • 13. 2.4 THE INDIAN CYBERSPACE: • Indian cyberspace was born in 1975 with the establishment of National Informatics Centre (NIC) with an aim to provide govt with IT solutions. Three networks (NWs) were set up between 1986 and 1988 to connect various agencies of govt. These NWs were, INDONET which infrastructure, NICNET(the NICNW) a nation wide very small a pertureterminal(VSAT)NW for public sector organizations as well as to connect the central govt with the state govts and district administrations, the third NW setup was ERNET (the Education and Research Network), to serve the academic and researchcommunities.
  • 14. 2.4 THE INDIAN CYBERSPACE: • New Internet Policy of 1998 paved the way for services from multiple Internet service providers(ISPs) and gave boost to the Internet user base grow from1.4million in 1999 to over 150 million by Dec 2012. Exponential growth rate is attributed to increasing Internet access through mobile phones and tablets. Govt is making a determined push to increase broadband penetration from its present level of about 6%1. • The target for broadband is 160 million households by 2016 under the National Broadband Plan
  • 15. 2.5 NATIONAL CYBER SECURITY POLICY: • National Cyber Security Policy is a policy framework by Department of Electronics and Information Technology. • It aims at protecting the public and private infrastructure from cyberattacks. The policy also intends to safeguard "information, such as personal information (of web users), financial and banking information and sovereign data". • This was particularly relevant in the wake of US National Security Agency (NSA) leaks that suggested the US government agencies are spying on Indian users, who have no legal or technical safeguards against it. • Ministry of Communication and Information Technology(India) defines Cyberspace as a complex environment consisting of interactions between people, software services supported by worldwide distribution of information and communication technology.
  • 16. 2.5 NATIONAL CYBER SECURITY POLICY: • VISION: • To build a secure and resilient cyberspace for citizens, business, and government and also to protect anyone from • intervening in user's privacy. • MISSION: • To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to • cyber threat, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional • structures, people, processes, technology, and cooperation
  • 17. OBJECTIVE: • Ministry of Communications and Information Technology (India) define objectives as follows: • To create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy. • To create an assurance framework for the design of security policies and promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (Product, process, • technology &people). • To strengthen the Regulatory Framework for ensuring a SECURE CYBERSPACE ECOSYSTEM. • To enhance and create National and Sectoral level 24X7 mechanism for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective response and recovery actions
  • 18. INTRODUCTION TO CYBER FORENSICS • Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence. • Forensic examiners typically analyze data from personal computers, laptops, personal digital assistants, cell phones, servers, tapes, and any other type of media. • This process can involve anything from breaking encryption,to executing search warrants with a law enforcement team, to recovering and analyzing files from hard drives that will be critical evidence in the most serious civil and criminal cases. • The forensic examination of computers, and data storage media, is a complicated and highly specialized process. • The results of forensic examinations are compiled and included in reports. In many cases, examiners testify to their findings, where their skills and abilities are put to ultimate scrutiny
  • 19. HISTORICAL BACKGROUND OF CYBER FORENSICS • It is difficult to pinpoint when computer forensics history began. Most experts agree that the field of computer forensics began to evolve more than 30 years ago. • The field began in the United States, in large part, when law enforcement and military investigators started seeing criminals get technical. • Government personnel charged with protecting important, confidential, and certainly secret information conducted forensic examinations in response to potential security breaches to not only investigate the particular breach, but to learn how to prevent future potential breaches. • Ultimately, the fields of information security, which focuses on protecting information and assets, and computer forensics, which focuses on the response to hi-tech offenses, started to intertwine
  • 20. HISTORICAL BACKGROUND OF CYBER FORENSICS • Over the next decades, and up to today, the field has exploded. Law enforcement and the military continue to have a large presence in the information security and computer forensic field at the local, state, and federal level. • Private organizations and corporations have followed suit – employing internal information security and computer forensic professionals or contracting such professionals or firms on an as-needed basis. • Significantly, the private legal industry has more recently seen the need for computer forensic examinations in civil legal disputes, causing an explosion in the e-discovery field.
  • 21. HISTORICAL BACKGROUND OF CYBER FORENSICS • The computer forensic field continues to grow on a daily basis. More and more large forensic firms, boutique firms, and private investigators are gaining knowledge and experience in the field. • Software companies continue to produce newer and more robust forensic software programs. And law enforcement and the military continue to identify and train more and more of their personnel in the response to crimes involving technology
  • 22. DIGITAL FORENSICS: • Digital Forensics is defined as the process of preservation, identification, extraction, and documentation of computer evidence which can be used by the court of law. • It is a science of finding evidence from digital media like a computer, mobile phone, server, or network. • It provides the forensic team with the best techniques and tools to solve complicated digital- related cases. • Digital Forensics helps the forensic team to analyzes, inspect, identifies, and preserve the digital evidence residing on various types of electronic devices. • Digital forensic science is a branch of forensic science that focuses on the recovery and investigation of material found in digital devices related to cybercrime.
  • 23. THE NEED FOR COMPUTER FORENSICS: • Computer forensics is also important because it can save your organization money. • From a Technical standpoint, the main goal of computer forensics is to identify, collect, preserve, and analyze data in a way that preserves the integrity of the evidence collected so it can be used effectively in a legal case.
  • 24. CYBER FORENSICS AND DIGITAL EVIDENCE: • Digital evidence is information stored or transmitted in binary form that may be relied on in court. • It can be found on a computer hard drive, a mobile phone, among other places. • Digital evidence is commonly associated with electronic crime,ore- crime,such as child pornography or credit card fraud. • However, digital evidence is now used to prosecute all types of crimes, not just e-crime. • For example, suspects' e-mail or mobile phone files might contain critical evidence regarding their intent, their whereabouts at the time of a crime and their relationship with other suspects. • In 2005, for example, a floppy disk led investigators to the BTK serial killer who had eluded police capture since 1974 and claimed the lives of at least 10victims.
  • 25. CYBER FORENSICS AND DIGITAL EVIDENCE: • In an effort to fight e-crime and to collect relevant digital evidence for all crimes, law enforcement agencies are incorporating the collection and analysis of digital evidence, also known as computer forensics, into their infrastructure. • Law enforcement agencies are challenged by the need to train officers to collect digital evidence and keep up with rapidly evolving technologies such as computer operating systems.
  • 26. • Cyberforensics can be divided into two domains: • 1. Computer forensics; • 2. network forensics.
  • 27. FORENSICS ANALYSIS OF EMAIL • E-mail forensics refers to the study of source and content of e- mail as evidence to identify the actual sender and recipient of a message, data/time of transmission, detailed record of e-mail transaction, intent of the sender, etc. • This study involves investigation of metadata, keyword searching, port scanning, etc. for authorship attribution and identification of e-mail scams.
  • 28. FORENSICS ANALYSIS OF EMAIL • Various approaches that are used for e-mail forensic are: • Header Analysis–Meta data in thee-mail message in the form of control information • i.e. envelope and headers including headers in the message body contain information about the sender and/or the path along which the message has traversed. • Some of these may be spoofed to conceal the identity of the sender. A detailed analysis of these headers and their correlation is performed in header analysis
  • 29. Bait Tactics • – In bait tactic investigation an e-mail with http: “<imgsrc>” tag having image source at some computer monitored by the investigators is send to the sender of e-mail under investigation containing real(genuine)e-mail address. • When the e-mail is opened, alog entry containing the Ip address of the recipient(sender of the e-mail under investigation) is recorded on the http server hosting the image and thus sender is tracked. • However, if the recipient (sender of the e-mail under investigation) is using a proxy server then IP address of the proxy server is recorded. • The log on proxy server can be used to track the sender of the e-mail under investigation. If the proxy server’s log is unavailable due to some reason, then investigators may send the tactic e-mail containing a)Embedded Java Applet that runs on receiver’scomputerorb) • HTML • page withActiveXObject.BothaimingtoextractIPaddressofthereceiver’scomputerand e-mail it to the investigators
  • 30. Server Investigation • –In this investigation, copies of delivered e-mails and server logs are investigated to identify source of an e-mail message. • E-mails purged from the clients (senders or receivers) whose recovery is impossible may be requested from servers (Proxy or ISP) as most of them store a copy of all e-mails after their deliveries. • Further, logs maintained by servers can be studied to trace the address of the computer responsible for making the e-mail transaction. • However, servers store the copies of e- mail and server logs only for some limited periods and some may not co-operate with the investigators. • Further, SMTP servers which store data like credit card number and otherdatapertainingtoownerofamailboxcanbeusedtoidentifypersonbehindane- mailaddress
  • 31. Network Device Investigation • – In this form of e-mail investigation, logs maintained by the network devices such as routers, firewalls and switches are used to investigate the source of an e-mail message. • This form of investigation is complex and is used only when the logs of servers (Proxy or ISP) are unavailable due to some reason, e.g. when ISP or proxy does not maintain a log or lack of co-operation by ISP’s or failure to maintain chain of evidence
  • 32. Software Embedded Identifiers • – Some information about the creator of e-mail, attached files or documents may be included with the message by thee-mail software used by the sender for composing e-mail.This information may be included in the form of custom headers or in the form of MIME content as a Transport Neutral Encapsulation Format (TNEF). Investigating the e-mail for these details may reveal some vital informationaboutthesenderse-mailpreferencesandoptionsthatcouldhelpclientside evidence gathering. The investigation can reveal PST file names, Windows logon username, MAC address, etc. of the client computer used to send e-mailmessage
  • 33. SenderMailerFingerprints • –Identification of software handling e-mail at server can be revealed from the Received header field and identification of software handling e-mail at client can be ascertained by using different set of headers like “X-Mailer” or equivalent. • These headers describe applications and their versions used at the clients to send e-mail. • This information about the client computer of the sender can be used to help investigators devise an effective plan and thus prove to be very useful.
  • 34. EMAIL FORENSICS TOOLS • Erasing or deleting an email doesn’t necessarily mean that it is gone forever. Often emails can be forensically extracted even after deletion. Forensic tracing of e-mail is similar to traditional detective work. It is used for retrieving information from mail box files
  • 35. MiTec Mail Viewer This is a viewer for Outlook Express, Windows Mail/Windows LiveMail, Mozilla Thunder bird message databases, and single EMLfiles. It displays a list of contained messages with all needed properties, like an ordinary e-mail client. Messages can be viewed in detailed view, including attachments and an HTML preview. It has powerful searching and filtering capability and also allows extracting emailaddressesfromallemailsinopenedfoldertolistbyoneclick.Selectedmessages can be saved to eml files with or without their attachments. Attachments can be extracted from selected messages by one command.
  • 36. OST and PST Viewer • – Nucleus Technologies’ OST and PST viewer tools help you view OST and PST files easily without connecting to an MS Exchange server. These tools allow the user to scan OST and PST files and they display the data saved in it including email messages, contacts, calendars, notes, etc., in a proper folder structure.
  • 37. eMailTrackerPro– • eMailTrackerPro analyses the headers of an e-mail to detect the IPaddressofthemachinethatsentthemessagesothatthesendercanbetracke ddown. It can trace multiple e-mails at the same time and easily keep track of them. The geographical location of an IP address is key information for determining the threat level or validity of an e- mailmessage
  • 38. EmailTracer • – EmailTracer is an Indian effort in cyber forensics by the Resource Centre for Cyber Forensics (RCCF) which is a premier centre for cyber forensics in India. It develops cyber forensic tools based on the requirements of law enforcement agencies
  • 39. Fig 2.1: Digital Forensics Lifecycle
  • 40. • 2.12 DIGITAL FORENSICS LIFECYCLE: There are many type of Cyber crimes taking place in the digital world, it is important for the investigator to collect, analyze, store and present the evidence in such a manner that court will believe in such digital evidences and give appropriate punishment to the Cyber criminal
  • 41. • Collection: The first step in the forensic process is to identify potential sources of data and acquire data from them. • Examination: After data has been collected, the next phase is to examine the data, which involves assessing and extracting the relevant pieces of information from the collected data. This phase may also involve bypassing or mitigating OS or application features that obscure data and code, such as data compression, encryption, and access control mechanisms. • Analysis: Once the relevant information has been extracted, the analyst should study and analyzethedatatodrawconclusionsfromit.Thefoundationofforensicsisusinga methodical approach to reach appropriate conclusions based on the available data or determine that no conclusion can yet bedrawn
  • 42. • Reporting:Theprocessofpreparingandpresentingtheinformat ionresultingfromtheanalysis phase. Many factors affect reporting, including the following: • a. Alternative Explanations: When the information regarding an event is incomplete, it may not be possible to arrive at a definitive explanation of what happened. When an event has two or more plausible explanations, each should be given due consideration inthereportingprocess.Analystsshoulduseamethodicalappro achtoattempttoprove or disprove each possible explanation that is proposed
  • 43. • AudienceConsideration.Knowingtheaudiencetowhichthedata orinformationwill be shown isimportant. • c. Actionable Information. Reporting also includes identifying actionable information gained from data that may allow an analyst to collect new sources ofinformation
  • 44. FORENSICS INVESTIGATION: • Forensics are the scientific methods used to solve a crime. Forensic investigation is the gathering and analysis of all crime-related physical evidence in order to come to a conclusion about a suspect. Investigators will look at blood, fluid, or fingerprints, residue, hard drives, computers,orothertechnologytoestablishhowacrimetookpla ce.Thisisageneraldefinition, though, since there are a number of different types offorensics.
  • 45. • TYPES OF FORENSICS INVESTIGATION • Forensic Accounting /Auditing • Computer or CyberForensics • Crime SceneForensics • ForensicArchaeology • ForensicDentistry • ForensicEntomology • ForensicGraphology • ForensicPathology • ForensicPsychology • ForensicScience • ForensicToxicology
  • 46. CHALLENGES IN COMPUTER FORENSICS: • Digital forensics has been defined as the use of scientifically derived and proven methods towards the identification, collection, preservation, validation, analysis, interpretation, and presentation of digital evidence derivative from digital sources to facilitate the reconstruction of events found to be criminal.But these digital forensics investigation methods face some major challenges at the time of practical implementation. Digital forensic challenges are categorized into three major heads as per Fahdi, Clark, and Furnell are: •  Technicalchallenges •  Legalchallenges •  ResourceChallenges
  • 47. Anti-forensics techniques are categorized into the following types • TECHNICAL CHALLENGES • As technology develops crimes and criminals are also developed with it. Digital forensic expertsuseforensictoolsforcollectingshredsofevidenceagains tcriminalsandcriminalsuse such tools for hiding, altering or removing the traces of their crime, in digital forensic this process is called Anti- forensics technique which is considered as a major challenge in digital forensics world
  • 48. • Encryption • It is legitimately used for ensuring the privacy of information by keeping it hidden from an unauthorized user/person. Unfortunately, it can also • be used by criminals to hide their crimes
  • 49. • Data hiding in storage space • Criminals usually hide chunks of data inside the storage medium in invisible form by using system commands, and programs. • Covert Channel • Acovertchannelisacommunicationprotocolwhich allows an attacker to bypass intrusion detection technique and hide data over the network. The attackeruseditforhidingtheconnectionbetween • him and the compromised system
  • 50. • Other Technical challenges are: •  Operating in thecloud •  Time to archive data •  Skillgap •  Steganography
  • 51. LEGAL CHALLENGES • Thepresentationofdigitalevidenceismoredifficultthanitscollectionb ecausetherearemany instances where the legal framework acquires a soft approach and does not recognize every aspectofcyberforensics,as inJagdeoSinghV.TheStateandOrscaseHon’bleHighCourtof Delhi held that “while dealing with the admissibility of an intercepted telephone call in a CD and CDR which was without a certificate under Sec. 65B of the Indian Evidence Act, 1872the court observed that the secondary electronic evidence without certificate u/s. 65B of Indian Evidence Act, 1872 is not admissible and cannot be looked into by the court for any purpose whatsoever.”
  • 52. • This happens in most of the cases as the cyber police lack the necessary qualification and ability to identify a possible source of evidence and prove it. Besides, most of the time electronic evidence is challenged in the court due to its integrity. In the absence of properguidelinesandthenonexistenceofproperexplanationof thecollection,andacquisition of electronic evidence gets dismissed initself
  • 53. • Absence of guidelines and standards • In India, there are no proper guidelines for the collection and acquisition of digital evidence. The investigating agencies and forensic laboratories are working on the guidelines of their own. Due to this, • the potential of digital evidence has been destroyed
  • 54. • Limitation of the Indian Evidence Act,1872 • TheIndianEvidenceAct,1872havelimitedapproach, it is not able to evolve with the time and address the E-evidence are more susceptible to tampering, alteration, transposition, etc. the Act is silent on the method of collection of e- evidence it only focuses on the presentation of electronic evidence in the court by accompanying a certificate as per subsection 4 ofSec. 65B[12]. This means no matter what procedure is followeditmustbeprovedwiththehelpofa • certificate.
  • 55. • Other Legal Challenges •  PrivacyIssues •  Admissibility inCourts •  Preservation of electronicevidence •  Power for gathering digitalevidence •  Analyzing a runningcomputer
  • 56. • RESOURSE CHALLENGES: • Astherateofcrimeincreasesthenumberofdataincreasesandth eburdentoanalyzesuchhuge dataisalsoincreasingonadigitalforensicexpertbecausedigitale videnceismoresensitiveas compared to physical evidence it can easily disappear. For making the investigation process fast and useful forensic experts use various tools to check the authenticity of the data but dealing with these tools is also a challenge initself
  • 57. Types of Resource Challenges are: • Change intechnology: • Due to rapid change in technology like operating systems, application software and hardware, reading of digital evidence becoming more difficult because new version software’s are not supportedtoanolderversionandthesoftwaredevelopingcomp aniesdidprovideanybackward compatible’s which also affectslegally.
  • 58. • Volume andreplication: • The confidentiality, availability, and integrity of electronic documents are easily get manipulated. The combination of wide-area networks and the internet form a big network that allows flowing data beyond the physical boundaries. Such easiness of communication and availabilityofelectronicdocumentincreasesthevolumeofdata whichalsocreatedifficultyin the identification of original and relevantdata.