GENERAL PROFICIENCY -1

ARTICLE
TOPIC-CYBER FORENSIC

SUBMITTED BY: DIPIKA (ENROLLNO-02417704415)

JASPREET KAUR(ENROLLNO-03317704415)
ANUJ SHARMA(ENROLLNO-01517704415)

CYBER FORENSICS
Abstract
The intensification of Information and Communications Technology usage in all facets of life
exceedingly amplify the incidents of information security policy breaches, cyber crimes, fraud,
commercial crimes, cyber laundering etc, hence require a well developed approach to tackle
these incidents in order to realize legally defensible digital evidence. Since electronic evidence is
fragile and can easily be modified, finding this data, collecting, preserving, and presenting it
properly in a court of law is the real challenge. There is a need for use of semantic analysis to
discover underlying security policy requirements and internal power structures and
institutionalization of anti cyber attack, antimony-laundering and regulatory schemes. The first
responders to cyber security incidents often than always are an organization ICT personnel who
are technically sound though may be deficient in investigative skill. The scientific standards of
cyber forensics dictates the procedure as it promotes objectivity, a precise and well documented
analysis, particularly that the findings may be used as evidence against the attacker. This paper
aims to contribute to the advancement of the cyber forensics discipline with a view to assist the
International community in combating this sophisticated, high-tech, dynamic ever changing
phenomenon.

Introduction
The computer crimes affect our daily lives and national security deeply, especially in this
information epoch, the expanding wave of Internet connectivity and digital technologies bring us
a lot of convenient, at the same time they also offer criminals more chance to commit crime.
Traditional law enforcement tools, methodologies and disciplines do not successfully address the
detection, investigation and prosecution of cyber crime and this dictates for a proactive approach,
for timely international cooperation, and for effective public private partnerships to ensure the
upper-hand over criminals. Cyber forensics may be defined as the process of extracting and
analyzing information and data from computers, network and storage medias and guaranteeing
its accuracy and reliability or the process of investigating what has occurred in a computer
system, networks etc, how to prevent it from recurring, and establishing the extent of the
damage. With the rapid development of electronic commerce and Internet technology, cyber
crimes have become more common and sophisticated. Incident Response for the purpose of this
paper may be defined as structured approach to addressing and managing the aftermath of a
security breach or attack and the countermeasures as technology has advanced, computers
have become incredibly powerful. Unfortunately, as computers get more sophisticated, so do the
crimes committed with them. Distributed Denial of Service Attacks, ILOVEYOU and
other viruses, Domain Name Hijacking, Trojan Horses, and Websites shut down are just a
few of the hundreds of documented attack types generated by computers against other computers.
Managers of information systems should understand computer forensics. Forensics is the process of using
scientific knowledge for collecting, analyzing and presenting evidence to the courts. Forensics
deals primarily with the recovery and analysis of latent evidence.

Background
Cyber crime is not actually new the first recorded cyber crime took place in the year 1820. In
1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom and allowed
the repetition of a series of steps in the weaving of special fabrics. This resulted in fear amongst
Jacquard's employees that their traditional employment and livelihood were being threatened
hence committed acts of sabotage to discourage Jacquard from further use of the new
technology. However, cyber crime is the latest and perhaps the most complicated problem in the
cyber world, and comes in different forms and sizes unlike the conventional crime. This hightech crime compelled the development of cyber forensics and incident response to address cyber
security.

Methodology
Computer forensics is defined as "the application of computer investigation and analysis
techniques in the interests of determining potential legal evidence."(Robbins 2007) Computer
forensics can be used to uncover potential evidence in many types of cases including, for
example:- Copyright infringement, Industrial espionage-,Money laundering, Piracy,
Sexual harassment, Theft of intellectual property, Unauthorized access to confidential
information, Corruption, Decryption, Destruction of information, Fraud, Illegal duplication
of software, Unauthorized use of a computer, Child pornography, Obscene phone calls.
The three main steps in computer forensics are acquiring, authenticating, and analyzing the data.
Acquiring the evidence in a computer forensics investigation primarily involves gaining the
contents of the suspect's hard drive. Ideally, the forensic analysis is not done directly on
the suspect's computer but on a copy instead. This is done to prevent tampering and alteration of
the suspect's data on the hard drive. Authentication is the process of ensuring that the evidence
has not been altered during the acquisition process. Any changes to the evidence will render the
evidence inadmissible in court. Analysis is the most important part of the investigation since this
is where incriminating evidence may be found. Part of the analysis process is spent in the
recovery of deleted files. The job of the investigator is to know where to find the remnants of
these files and interpret the results. Any file data and file attributes found may yield valuable
clues.

Proposed Cyber Forensics Model

For organizations, business and industry to guard against the intrusion, worm, automated attack
against their systems, specific controls, plan of action for responding to attack or computer
incident can greatly reduce the resultant cost and also saving them bad publicity, loss of public
confidence and loss of business. For this reason the implementation of a Computer Incident
Response Team whether formed with internal or external resources is obligatory, to guard against
crisis and may have invaluable return on investments. This will only be the first step thereafter
standard operating procedures and best practices need to be formulated and the technical
research and development be put in place to ensure preparedness in dealing with the evolving,
ever changing vulnerabilities. The proposed model aims at addressing the problems in both

incident response and cyber forensics and its uniqueness is in the fact that it requires thorough
documentation and corrective control measures. Incident response always commence with an
ongoing phase of pre incident preparation that takes place even before an occurrence of the
incident or attack. The model requires classification of incidents which will be in two parts the
temperament of information and the nature and intricacy of the system involved. This will be
contingent on the type of compromised systems to facilitate the medley of expertise to tackle the
matter ultimately determine the forensics to be performed whether live or imaging or duplication
or in other cases. The selected team may be compelled to perform data restoration etc, for the
purpose of circumventing bad publicity the team composition is critical, to sustain so called need
to know principle. The model also calls for isolation of the affected system which may include
but not limited to network termination, disabling interface at operating system level, disabling
switches and or hubs and quarantining of the affected computer or just removing the network
cable.

Conclusion
Many criminal investigations in today's technology rich society will involve so many aspect of
computer forensic. Any person undertaking to investigate such a case should be familiar with the
basic technologies involved ingathering the information, how to properly gather the data, and
how to ensure that the information will be valid as evidence during trial. In particular, it is
important to be able to acquire, authenticate and analyze data stored in electronic devices.
Furthermore, a competent investigator should understand the technologies involved in tracing
and detecting the actions of a specific computer user. This gives an overview and brief
introduction of these important aspects of computer forensics. Finally, it is important to avoid
becoming a criminal by breaking the law while investigating criminal activities.

Case study
Obscene Phone Calls
State
City
Sections of Law

: Karnataka
: Bangalore City
: 67 Of IT Act 2000.

Nothing has the power to broaden the mind as the ability to investigate
systematically and truly all that comes under the observations in life.Marcus Aurelius
Background
A written complaint was submitted by the complainant stating that she had
been receiving obscene phone calls on her mobile and landline numbers. The

complainant learnt from the callers that a doctored profile of hers had been
posted on a website. The profile stated that the complainant loved sex and
when the viewers were in Bangalore, they should contact her. The profile also
gave out victims landline and mobile phone numbers.
Investigation
The investigating officer obtained call details of the perpetrators number
from the cellular service provider and observed that the most frequent
incoming and outgoing calls were from two other mobile numbers. The
investigating officer also obtained the IMEI addresses for these numbers from
the mobile service provider.
The investigating officer sent out letters to the Website on which the obscene
profile of the complainant had been hosted to obtain details of the date, time
of the profile creation, the IP address used for the creation, the access details
for the profile and any other details that the Website would be able to
provide regarding the profile and e-mail ID.
The investigating officer then contacted the outlet from where the mobile
connection had been purchased and learnt that one of the SIM cards used
was a demo card which had been issued to a dealership. Upon further
investigation it was found that the other SIM card was allotted to a college
student and was being used by his friend. The investigating officer got
suspicious and on further enquiry found that the college student was of
dubious character.
The investigating officer obtained a search warrant and raided the residence
of the college student. Using disk imaging and analysis tools, the team
recovered the obscene profile that was posted on the internet from the
students computer. The partners of the accused were also examined in the
presence of the complainant. The accused admitted that he was guilty.
It later transpired that the college student was a close family friend of the
complainant and that he was suffering from a personality disorder,
secondary depression and poor self-esteem.
Current status
The case has been finalized and a report of class B has been submitted.

References
http://prateek-paranjpe.blogspot.in/p/cyber-forensics-case-studies.html? m=1

Computer Forensics World http://www.computerforensicsworld.com

Cyber Forensics http://www.cyberforensicsindia.com

Barkha et al, Cyber Law and crimes, Law Booksellers, Publishers and
Distributers, 2007 4.
Cashmore C. et al, Business Information systems and strategies, British
library Cataloguing in Publication Data, 1991