CYBER SECURITY: IMPLEMENTATION OF IMAGE LOGGING

SYSTEM FOR DIGITAL EVIDENCE IN WEB FORENSIC AND

LAW ENFORCEMENT

SCHOOL OF COMPUTER SCIENCE & IT

DEVI AHILYA VISHWAVIDYALAYA (DAVV)
INDORE (M.P)
2008-2010

Guided By: Submitted By:

Prof. D. S. Bhilare Sandeep Sharma
Head I. T. Center Swapnil Gupta
Prof. Rajendra Singh M.Tech (NM) III sem
Reader, IMS
 ABSTRACT
Computers, mobiles and the Internet are no exception. Today society
depends a lot on computers, mobiles and internet, thus present a new door
for Business Company and legal agencies.
As the technology advances and use of computers, mobile and
internet increases, it has bring many advantages to worldwide users, but on
the other hand, cases of misused of technology for committing crime has
been increased.
In this way, it is very important to investigate the criminals and their
process of committing crime to facilitate the secure usage of new
technological services. Thus, for the investigation of cyber crime and law
enforcement, Cyber Forensic is come into existence.
The goal of cyber forensic analysis is to identify digital evidence for
an investigation. Cyber forensic evidence must be undisputed, correct,
complete, acceptable by juries, and admissible with common law and
legislative rules.
There cannot be a single solution to overcome from cyber crime.
Either pure technology or pure law will not of any use. We need a good
combination of technology and legal provision of the country to counter
such threat. Today the vulnerability in the cyber space is still increasing. The
attackers are becoming smarter and committing crimes using advance
technology. The cyber forensic in India is not so advance to deal with such
attackers.
The main problem in investigating cyber crime is lack of digital
evidence and law enforcement. The action perform on the internet creates a
log file of the action; the log files created by the web server are in the text
format, which can easily be manipulated and thus cannot be used as an
authenticated evidence in the law of court. There must be a mechanism
available like Image Logging System, which can stores the image log files
of the action perform, which is not easily manipulated and can be used as an
authenticated evidence for law enforcement.
This project aim at the Cyber Security achieved through
implementation of Image Logging System for Digital Evidence and Legal
Provision of Indian Cyber Law for Cyber Crimes. Image Logging System
stores the image files of the web URL and creates its image log files, which
can be used as a Digital Evidence for Law Enforcement.
Keywords: Image Logging System, Cyber Security, Cyber Crime, Cyber
Forensics, Cyber Crime Investigation, Digital Evidence, Cyber Law
AIM OF THE PROJECT:

The aim of the study is to provide the cyber security through

implementation of Image Logging System and legal provision of Indian IT
Act, 2000 for web forensic.

OBJECTIVE:

1. Implementation of Image Logging Server (ILS).

2. Configuration of ILS with virtual private network (VPN) for any
organization.
3. Configuration of ILS with Secure Audit Log Server.
4. Acceptance of image log files created by ILS as Digital Evidence and can
be used in law enforcement under Indian IT Act, 2000.

INTRODUCTION:

Computers and the Internet are no exception. The ever increasing

dependence of society on the availability of computers, mobile and network
system present a new frontier for business enterprises and law enforcement
agencies. As an old saying-
"The modern thief can steal more with a computer than with a gun.
Tomorrow's terrorist may be able to do more damage with a keyboard than
with a bomb".
Cyber crime is a criminal activity committed on the internet. This is a broad
term that describes everything from electronic cracking to denial of service
attacks that cause electronic commerce sites to lose money".

The types of Cybercrime are: Assault by Threat, Child Pornography, Cyber

Contraband, Cyberstalking, Cyberlaundering, Cyberterrorism, Cybertheft

Cyber forensics can be defined as the collection and analysis of data from
computer systems, networks, communication streams (wireless) and storage
media in a manner that is admissible in a court of law. It is a merger of the
disciplines of computer science and the law. This definition applies to the
collection of information in real time, as well as the examination of latent
data [Nolan, 2005].
 The objective in cyber forensics is quite straight forward. It is to
recover, analyze and present computer based material in such a way that it is
useable as evidence in a court of law [Mandia, 2001].
Cyber forensics involves the preservation, collection, validation,
identification, analysis, interpretation, documentation and presentation of
computer evidence stored on a computer [Vidas, 2006].
Cyber security is a part of the national security. If we are weak in
cyber security, we cannot be strong in physical security. Cyber security has
many dimensions. One of the dimensions is having the required technical
expertise. Another dimension is to have an effective legal regime. Third
dimension is to have an effective security infrastructure that can use the
technology and the law towards achieving the objective of securing the
information assets of the country [Naavi, 2009].
Neither pure law nor pure technology will be of any use. Therefore, a
good combination of law and technology must be established and then an
effort must be made to harmonize the laws.
Cyber security is categorized into two parts:
1. Technical aspects
2. Legal aspects

The cyber forensic ontology [Gruber T, 2006] is given below:

FIG 1: CYBER FORENSIC ONTOLOGY

 Technological advances and the pervasive use of computers, mobile
technology and advanced services has bring many advantages to worldwide
people or users, but on the other hand, cases of misused of technology for
committing crime has been increased.
The Parliament of India passed its first Cyberlaw, the Information
Technology Act in 2000. It not only provides the legal infrastructure for E-
commerce in India but also at the same time, gives draconian powers to the
Police to enter and search, without any warrant, any public place for the
purpose of nabbing cybercriminals and preventing cybercrime. Also, the
Indian Cyberlaw talks of the arrest of any person who is about to commit a
cybercrime [Duggal, 2000].