Cyber Crime And Evolution Of Cyber Forensics Information Technology Essay

ABSTRACT:

The evolution of internet has had a profound impact on the way business and individuals and government work and communicate. As cyber crime continue to grow at a substantial pace enterprises have realized that there is need for security mechanism which can provide and preserve safety of e-info.

This paper explores the ways of emerging requirements of the cyber forensics in order to curb the manace of cyber crime. It has emphasized the need of techno-legal procedures by giving in brief the historical developments which took place relating to forensics and examining forensic tools. Further in this paper I have mentioned how the experts use his physical and mental tools in the investigation process and collection of evidences relevant in the cases.

This paper avers the intention of criminals and related crimes and the provisions dealing with the offences. Flowcharts have been drawn in order to understand the provisions in the IT Act with the punishment prescribed for different offences all together. Paper has taken note of the inadequacy of conventional laws in combating problems of electronic media. In the last part position in India has been gathered by citing few case laws and understanding the phase of evolution and poor situation in the reporting cases due to several other reasons with concluding remarks.

INTRODUCTION:

The word forensic was derived from usage in the medical field. Forensic Medicine has been a recognised discipline as far back as the 18th century. The computer industry has been taking computer forensic serious for some years now due to embarrassing computer break-ins by hackers. Computer forensics is one of the largest growing professions of the 21st century. This is partly due to the growth of immoral and offensive activities which allows organizations and individuals to be susceptible to security threat. In the current scenario criminal activities had a major thrust in cyber space such as cyber terrorism, internet fraud, viruses, illegal downloads, falsification of document, child pornography, counterfeiting, benefit fraud, hacking etc. This led to the need for ethical hackers and computer experts to help prosecute the perpetrators of these crimes. This is where the skills of a forensic expert come in order to prevent the activities of offenders.

In the contemporary IT revolution and the detriments associated with it becomes all the more significant as the concept of storing and processing information at incredible speeds and across vast distances has generated an environment where the mysteries of technology can propagate a clouded perception that leads to a lack of trust and market confidence. This in turn has led to a tremendous increase in crimes related to cyber world like data theft, industrial espionage, employee misconduct, intellectual property theft, hacking pornography etc. [1] These unconventional crimes which involve wide use of information technology, require adequate measures to be taken by the law enforcement agencies such as improvement of data retrieval system and the use of special equipment in crime detection operation, the development of hardware and software to provide active data protection and conduct computer assisted criminal intelligence, development of computer medaling methods to model crime situation to perform online detection analysis and make current and strategic forecasts. [2] With the technology evolving at such a rapid pace, the rules governing the application of cyber forensics to the fields of auditing, security and law enforcement are changing as well. [3] Computer forensics has also been described as the autopsy of computer storage Medias for evidence. In short, Cyber forensics can be defined as the process of extracting information and data from computer storage devices and conferring its accuracy and dependablility. The challenging task ahead is of course of finding this data, collecting it, preserving it, and presenting it in a manner acceptable in a court of law.

BACKGROUND OF CYBER FORENSICS:

“Computer crime” or cyber crime refers to a misdeed involving the use of a computer. Cyber crimes can be divided into three major categories: cyber crimes against persons, property and government. Cyber crimes against persons include transmission of child pornography, harassment with the use of a computer such as e-mail, and cyber stalking. Cyber crimes against property include unauthorized computer trespassing through cyberspace, computer vandalism, transmission of harmful programs, and unauthorized possession of computerized information. Hacking and cracking are among the gravest of this type of cyber crimes known to date. The creation and dissemination of harmful computer programs or viruses to computer systems is another kind of cyber crime against property. Software piracy is also a distinct kind of cyber crime against property. In the early 1980’s, computer forensic tools were simple and mainly generated by government agencies such as the U.S internal Revenue Service (IRS) and the Royal Canadian Mounted Police (RCMP) in Ottawa. Most of the tools written then were in C language and assembly language and were not that popular. The term “Computer Forensics” was coined for the first time in the first training session of the International Association of Computer Investigation Specialists (IACIS) in Portland as the science which deals with the preservation, identification, extraction and documentation of computer evidence and like any other forensic science, relates law and science. However, it has been suggested that since the digital forensic practice can no longer be associated with the examination of conventional storage media as forensic examination can now be conducted on devices such as routers, personal digital assistants(PDAs) and digital cameras, there is a need for a new definition. [4] 

Internationally recognized standards in Information Security, like British Standard 7799, have emerged to promote good practices by laying down a proper mechanism for cyber forensics. [5] The Convention on Cyber crime, Budapest was also formulated in 2001 which relates to the establishment of procedures whereby law enforcement agencies can obtain orders requiring the preservation of data which otherwise may induce criminality and be vulnerable to destruction. This convention also prescribes for several provisions requiring the retention of traffic data, requiring the production of data held on a computer system, require ISPs to supply subscriber information, provide for search and seizure of computer data in the context of a criminal investigation, empower the interception of electronic communications, collect or require an ISP to collect real time data and pass this on to a law enforcement agency. [6] 

TYPES OF COMPUTER FORENSIC TOOLS:

There are many complicated cases involved regarding the use of electronic devices. In complex cases, forensic department can use electron microscopes and other sophisticated equipments to retrieve information from machines that have been damage or formatted through specialized software’s. Computer forensic tools can be classified into two major categories namely:

Hardware Forensic Tools : Hardware forensic tool varies and may range from simple, single purpose components to complete systems and server. There may be devises and instruments which are useful for the investigation which comes under this category.

Software Forensic Tools: Software forensic tool can be classified into command-line applications and other technical applications. Some of these tools are designed to perform single task and thereafter range may vary.

WORKING OF FORENSIC TOOLS

Computer forensic tools are categorized into five chief categories namely:

a. Acquisition: Acquisition is referred to as the primary task in computer forensics investigation. The work done is basically making copies from the primary data. The two types of methods used for data copying in software acquisition are: physical copying of entire drive and logical copying of disk. Logical acquisition is more in demand then physical because data acquired can be read and analyzed easily and conveniently.

b. Validation and Discrimination: The process involves ensuring and maintaining the integrity of the data acquired. The main purpose of data discrimination is to discriminate the suspicious data. The integrity of the data is compared with the original data. The processes like Hashing, Filtering and Analyzing file header etc come in as a useful way to make comparisons. Searching and comparing file headers helps in improving and ensuring data discrimination.

c. Extraction: Through extraction the data in question can be recovered via recovery task in a computing investigation. Sub-functions of extraction used in investigation includes: Data viewing, Keyword searching, Decompressing, carving, Decrypting and Book-marking. The practice and command over the work involved is very much required in this process and of course a great deal of talent.

d. Reconstruction: Reconstruction necessary to recreate a suspect’s drive and to show what happened during the crime or an incident. Copying of hard drive enables investigators to carry out their own acquisition, take test and analysis the evidence. However, an image of a suspect’s hard drive is to obtain the same make and model drive as the suspect’s drive. Other functions of reconstructions are numerous like : Disk-to-disk copy, Image-to-disk copy, Partition-to-partition copy, Image-to-partition copy.

e. Reporting: The last step is the forensic disk analysis and examination. The report is prepared after all the analysis and thereafter final report detailing the step by step process undergone during the examination comes into existence.

WHY CYBER FORENSICS REQUIRED?

The development of cyber forensics has become necessary in the light of following factors :

a) The insufficient conventional methods – The inadequacy in the procedural law has created a procedural loophole in maintaining substantive liability. The procedural aspects are framed to create and establish liability and guilt but certain breakdowns in the procedural aspect has lead to the deadlock in investigation. The traditional procedural methods dealing with finger prints, DNA, Testing and other blood tests are neither applicable nor suitable for and in the existing situation. [7] 

b) Shifting dimensions of crime- The usage of internet offences involves crimes like hacking, pornography, privacy violations, spamming, identity theft, cyber terrorisms etc which has imposed diverse range of crime and criminals. In order to curb the race the crime and criminal it is of outmost importance that certain measures are essentially required for curbing the menace cyber crime in an effective manner. [8] 

c) Assessment – A comparison of the traditional crimes and criminals with those of current methods has led to the observation that in IT being a significant in the IT environment, the parameters of the comparison being nature of the crime, support system has changed the methods of crime but certainly the parameters remain the same in assessing the face of the crime, players in the crime etc. Thus, the statutory as well as the non statutory investigation machinery in the form of cyber forensic body is very much required. [9] 

d) Issues of jurisdiction- like an old saying – “prevention is better than cure”. The purposes of experts and tools of forensics are meant for preventing the crime rather then waiting it to happen as there is no territorial boundaries of internet hence problem of jurisdiction problems are bound to arise as no one claims any particular incidence which is conflicting to legal provisions. [10] 

CATEGORIZATION OF CYBER FORENSICS:

1.Computer Forensics- The main goals of computer forensics are the preservation, identification, extraction, documentation and interpretation of recovered computer data. It is further divided into:-

a) Disc Forensics- The process of acquiring and analyzing the data stored on some form of physical storage media and includes the recovery of hidden and deleted data and file identification, which is the process used to identify the person who has created a file or message. [11] 

b) Source Code Forensics- The process in computer forensics which is used to determine software ownership or software liability issues and is not merely a review of the actual source code. [12] 

2. Network Forensics- It involves gathering digital evidence distributed over large, complex networks, which is transient in nature and not preserved with permanent storage media distributed across large-scale complex networks. It is a more challenging area of cyber forensics in that it deals primarily with task monitoring of network interconnected. [13] It is further divided into :-

a) Email Forensics- It is the study of the source and content of electronic mail as evidence and includes the process of identifying the actual sender and recipient of a message, the date and time it was sent, and where it was sent from. [14] It is a very important branch of network forensics as email has become one of the primary mediums of communication in the digital age, and vast amounts of evidence may be contained therein, whether in the body or enclosed in an attachment. [15] 

b) Embedded Forensics- It deals with the computer chips embedded in various electronic instruments etc. and is still in the process of evolution. [16] 

LEGAL FRAMEWORK IN INDIA:

In India, the emergence of Information Technology Act, 2000 was observed after the United Nation General Assembly Resolution, dated the 30th January, 1997 adopted the Model Law on Electronic Commerce following the United Nations Commission on International Trade Law. The enactment came in as a first step towards the Law relating to e-commerce. The enactment came after taking into consideration UNICITRAL model of Law on e- commerce 1996.

Provisions in the Criminal Procedure Code, Indian Penal Code, Indian Evidence Act and Copyrights Acts have been amended so as to make the law more stringent. For protection of personal data, the U.K. Data Protection Act is needed has been studied in the light of making necessary amendments. Every year there has been observations of steady increase in number of computer crime with its growth rate world wide recorded in the range of about 12 – 15 %. There is need for preventive measures in the field of computer /data security.

The IT Act, 2000 has amended the laws in order to meet the challenges posed by computer crime such as:

Indian Penal Code ,1860

Indian Evidence Act , 1872

Reserve Bank of India, 1934

According to the IT Act, 2000 Chapter XI deals with computer offences or computer crimes and provides for penalties for these offences with separately. The nature of criminal offences and punishments are given below. [17] 

SECTION

Nature Of Offences

Punishments

S. 65

Tampering with computer system

Source codes documents.

Imprisonment up to 3 years or with

Fine up to 2 lakhs or both.

S. 66 [2]

Hacking with computer system.

Imprisonment up to 3years or with

Fine up to 2lakhs or both.

S. 67

Publishing or transmitting obscene

Materials in electronic form.

Imprisonment up to 5yrs and fine

For 1st conviction. Imprisonment

Up to 10years and fine up to Rs 2 lakhs

For subsequent conviction. .

S. 71

Misrepresentation or suppression

Of materials facts to controller or

Certifying authority to obtain digital

Signature certificate or to obtain license to issue certificates.

Imprisonment up to 2years or with a

fine up to 1 lakh or both.

Up to 10years and fine up to Rs 2 lakhs .

S. 72

Breaching confidentiality of electronic

Documents to which a person has access.

Imprisonment up to 2years or with

A fine upto 1 lakh or both.

S. 73

Publishing Digital Signatures Certificate with false particulars.

Imprisonment up to 2years or

With fine up to 2lakhs or both.

S. 74

Creating , publishing or making available a Digital Signature Certificate for any Fraudulent or unlawful purpose.

Imprisonment up to 2years or

with a fine up to 2 lakhs

Or both

S. 43

S. 44(a)

Damages to computer etc.

Failure to furnish any document, returning or report to the Controller or the Certifying Authority.

Compensation upto 1 crore

fine up to Rs. 1, 50, 000

S. 44(b)

Failure to furnish any return or furnish any information, books or other documents.

fine up to Rs. 5000

S. 44(c)

Failure to maintain books of account or records

fine up to Rs, 10,000

S. 45

Contravention of any rules or regulations for which no penalty is provided for.

fine up to Rs. 25,000

There has been a time when electronic evidence has not been taken by the courts for the purposes of adjudication but since law was passed in India to recognize electronic documents as admissible evidence in a Court of law with the necessary amendments made to the Indian Evidence Act, 1872 by the Information Technology Act, 2000. [18] The documents produced before the Court as cyber evidence as per the Evidence Act may be divided into two categories:-

I . “Primary Evidence”- The document itself has to be produced to the Court for the purposes of production of Primary documents. As these evidences are in the form of media there are either software in the language of the court or help is taken from the experts for assisting the judges in order to take certain evidences. Analogy is drawn from the non electronic documents and process is adopted on the same lines for the presentation of document by the prosecution or the person who has the responsibility of making use of electronic document for representing his contentions. However for the purposes of examining the legality of document and other technical aspects court may take the help of experts to investigate possible manipulations and loopholes in evidences. [19] 

II . “Secondary evidence”- Section 65 of the Indian Evidence Act, 1872 refers to the cases in which secondary evidence relating to documents may be given before the court which the post-amendment by IT Act, 2000 has appended Section 65-A and 65-B to the Act. [20] While referring to the schedule II to ITA, 2000, serial no. 9,we can observe that rules of law provides that Section 65-A and 65-B are to be treated as self-determining sections. Section 65-A enjoins upon the parties to prove the contents of electronic records in accordance with the provisions of Section 65-B (2) which lays down the conditions needed to be satisfied for the computer output to be considered as admissible evidence. [21] Section 65B(2) contains a series of certifications which is to be provided by the person who is having lawful control over the use of the computer generating the said computer output and it is in this context that the responsibility of the Law Enforcement Authorities in India becomes onerous while collecting the evidence. [22] Investigating agencies have to do a daunting task of investigate computer in large numbers that too with greater caution so as to make it admissible in the court of law under the conditions mentioned under section 65 B of the Indian Evidence Act The standard of evidence has to be authentic and complete as per the natural common law rules. [23] 

FUNCTIONS OF EXPERTS

Cyber forensic is more than the technological, systematic inspection of the computer system which aid the legal process and helps in solving the puzzles coming in a art form and its contents for evidence or supportive evidence of a civil wrong or a criminal act presenting before the court. Computer forensics is a complicated process which where specialized expertise and tools are required which works for the task that goes above and beyond the normal data recovery, collection and protection and preservation techniques available to system support personnel and end users.

Task of experts can be classified in the two categories of namely physical task and mental or logical task. Role of forensic experts are significant as the number of people involved in the case over a complex network, keeping track through a detailed monitoring of investigation, overload of cases which makes tracking individual cases makes investigation a daunting task.

Mostly and generally, role of computer forensics experts is to investigate and analysis data storage devices and various other devices, these include but are not limited to hard drives, portable data devices {USB Drives, External drives, Micro Drives and many more}.

Firstly, to Identify sources of documentary or other digital evidence which are required in the form of tools and evidences for record of investigation. Secondly, to Preserve the evidence and Analyze it. This area requires great deal of hard work and precise finding and supervision. Accuracy and and correctness is of prime importance as there will not be any admissibility in the court of law if there be any contingencies attached to the case involved. The next step in the investigation by the experts is to Present the findings before the court in accordance with the procedure adopted by the law. Thus cyber forensics are done as per the standard adhered by the court of law and must be techno-legal in nature.

Other aspects of forensic expert is to form an understanding about the suspects. Forensic experts must have the intelligence team which are required to think on the lines of suspects and develop the understanding on insufficient information to form the opinion close to the suspect which must have been considered in a similar situation. Technical knowledge and skills are highly required by the experts in order to curb the offence in case there is very small amount of critical data on hard drive or other device.

Electronic evidence collection

Experts have to collect Electronic evidence from a variety of sources. Evidence can be collected from three avenues of offender’s network: at the workplace of the offender from where he originates the offence, on the server accessed by the offender, and on the network that connects the two.

Clause (3) of Section 80 of the Information Technology Act clearly states that the provisions of the Code of Criminal Procedure, 1973 shall subject to the provisions of this section, apply, so far as may be, in relation to any entry, search or arrest , made under this section. The cyber forensic is concerned with search and seizure so that indiscriminately evidences can be collected which is relevant as per the provisions of Indian Evidence Act. [24] Evidence collection has to be made with great precision and accuracy. Original evidences have the greater evidentiary value hence there is a need to avoid any alteration in collection of evidences during investigation. Documenting of evidence has to be done so that fragile electronic evidence can remain in original state before any tainted alterations. Moreover technical loopholes have to be handled carefully in forensic work and backup has to be done. Proper supervision has to be kept during the interaction with the crime scene and suspect.

CYBER FORENSICS

To investigate the current and future state of cyber forensics.

To identify and analyse various tools and technology employed in computer forensics and ways of recovering and analysing data to produce indisputable evidence

Applying and observing forensics in the recovering of lost data

Current state of investigation of comp forensics.

Explaining the tools and technology employed in computer forensics

Ways to recover and analyse data to produce indisputable evidence

Examination of recovered hard disk and lost data.

Extraction of lost data via technology and tools.

Compile and analyse recovered data.

Production of final report can be allowed in legal proceedings.

Future of investigating future forensics

Technological evolution in computer forensics

Recovering of the lost data

Ways of analyzing data to produce indiscriminate evidences in investigation.

Integration of tools and techno legal methods in forensics

CYBERCRIMES IN INDIA:

A latest statistics of National Crimes Record Bureau, 2005 gives a clear indication of rise in cyber crime. Survey has indicated that there has been great deal of underreporting of cyber offences around fifty crimes are reported to police out of five hundred that take place and maximum of one case comes under the registered journal of police. This clearly point out the distinction in the approach towards combating cyber crimes in India. ‘Netizens’ should be aware of the possible offences and should be careful about the intentions of the offenders. Underreporting is mainly due to the lack of awareness and fear of bad publicity and fear of bad reputation and standing society. However, this lack of orientation and awareness has increased the risk of perpetrators unlawful activities.

Therefore, with the view of increased cyber offences in the country there is ardent need for the law enforcement agencies and cyber cells which look after the welfare provisions to carefully analyse the problems and use cyber forensics in nailing the activities of criminal nature in the cyber worlds. Cyber forensic has great role to play in order to curb the menace of increasing statistics in technological sector with the aid of computer experts. There has been a demand in the forensic sector in order to curb the dangers to cyber world hence it can only be said that in course of time the jurisprudence behind cyber forensic is in the evolution phase.

In case of R.K. Dalmia v Delhi Administration the Supreme Court in cases related to appropriation of secret information and data theft held that the word “property” is used in the I.P.C in a much wider sense than the expression “movable property”. Court further held thatthere is no reason to restrict the meaning of the word “property” to moveable property only, when it is used without any qualification. Whether the offence defined in a particular section of IPC can be committed in respect of any particular kind of property, will depend not on the interpretation of the word “property” but on the fact whether that particular kind of property can be subject to the acts covered by that section.

In the famous case of Mohd. Afzal v. Union of India [25] which happened on Dec. 13 2001, a laptop and other electronic material were collected and was seized from the two terrorists involved in the attack. Investigative agencies in Delhi has failed to trace out much of its contents, subsequently it was referred to the Computer Forensics Division at Hyderabad for analyzing and retrieving information from the laptop. The forensic experts have with aid of forensic tools broken the codes of the laptop which contained several evidences that confirmed of the motives of the terrorists like the forged documents of the Ministry of Home which they used to gain access to the Parliament House and the fake ID cards with a Govt. of India emblem and seal.

The Two known cases of cyber crime in respect of pornography are the Delhi Bal Bharati case and the Bombay case wherein two Swiss couple used to force the slum children to come along with them for the purposes of taking obscene photographs. The Mumbai police later arrested them. These cases involved hosting of websites containing prohibited media. Courts in there judgment has emphases on the need for forensics in probing the matter in great detail.

In the case of Suhas Katty v. State of Tamilnadu, [26] , a person was convicted for crime which is related to posting of obscene, defamatory and annoying message group and forwarding emails through a false e-mail account opened by the accused in the name of the victim under Section 67 of the Information Technology Act, 2000 and under Section 467 & 509 of IPC for 2 years. The defendants counsel argued that the offending mails would have been given by the complainant herself to implicate the accused and also that the documentary evidence was not sustainable under Section 65B of the Indian Evidence Act. [27] However, forensic experts have probed the matter and with the assistance of a special mechanism called archival of the message, [28] the origination of the obscene message was traced out and the real culprit was brought before the Court of Law.

CONCLUSION:

There is very fine distinction in the traditional methods of crime and cyber crime. The fine demarcation exist which leads to the different approach in introspection techniques. The demarcation points out involvement of the medium in cases of cyber crime. Crime can take place at any time while introspection the nature of medium used not like the conventional crimes as there is a virtual cyber medium. It is almost impossible to eliminate crime from cyber space but with due care and caution we can check them. Till date there is no such legislation which has succeeded in completely eliminating crime from the cyber space. With the change in technology and rapid change in ideas it has become difficult to stop the cyber offences to continue. However by further making applications and more stringent laws we can check crime. There is always a possibility to make sufficient changes in Information Technology Act to govern cyber offences and make it more effective to combat cyber crime.

However, cyber forensics is an evolving art and science which is in the stage of evolution and is not developed. With advent of new technologyies and procedural techniques transforming into different phase at such a rapid pace, the secret information infrastructures, individual professionals and governments are facing troubles of protecting and preserving the data which have wider purposes. Latest news of cyber crime is the hacking done by the Chinese hackers in procuring data from the Indian government data files. Since the technology in forensics is so much developed that network forensics are taken help of and route for transmitting data had been discovered. Though Chinese government denied the allegations but forensic evidences has come to the rescue of Indian government allegations.

Cyber forensics, in the field of has led to the new revolution in the filed of information security and professionals have the better sight of finding auditing and preserving the evidences. New techniques and procedures has designed the new level of procuring and investigating cyber crimes. In other words we can say that cyber forensics have added a new dimensions to the IT laws and Other criminal and substantive laws which has made the laws more stringent and more powerful than before. Justice administration has enhanced by the advent of forensic sciences in electronic media. Cyber security and is interdependent on cyber forensics for the e-governance and e-commerce projects. One confers the tas of securing the electronic base and other indicates the shortcomings in the security and plausible solutions to the security base. However due to the highly qualified expertise there has been much difficulties in the cyber forensics. Person with the basic knowledge and expertise can be qualified in breaking the code and commit offences. Further collections and procurement of offences is a challenging in itself as the medium of transmitting data and device is fragile in itself. Moreover the problem of presentation of case before the court is another hurdle for the forensic experts. It is very difficult to explain the task and complex and technical problems to the court for adjudication purposes. Court is dependant upon an experts opinion regarding the consequent In the words of Mr. R.K. Raghvan, a noted cyber forensic expert notes “Complicated technology and ill-informed courts; highly-strung and argumentative experts frequently pitted against one another; and a range of challenging and criminally important types of case: this is the world of computer forensics in the era of high-technology crimes.” [29] 

Some of the arduous task and ill-informed government and administration in the field of cyber law has led to grave short coming in recognizing cyber forensics which is developed in western world but falls short in Indian scenario. Forensics has not been developed yet to a certain level whereby the criminals are deterrent about the laws which are framed and investigation which are carried out in prosecution of criminals. Techno-legal science had to be developed in light of appalling ignorance of the judiciary to understand a case before it starts hearing the evidence.

The outcome which we have expected of IT laws in India remains inadequate to cover the criminal component of its proceedings. Synthesis of laws should be done to do all round development against injury to an individual and other legal entity and also provide prosecution with power to investigate and punish the culprit within it own ambit. International and national treaties and convention should be designed in such a way that across the world model of law can be defined and any victimized country can have security.