Your SlideShare is downloading. ×
0
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cybercrime Investigations and IT Act,2000

1,637

Published on

This presentation was delivered by Cyberlaw Expert, Karnika Seth to chartered Accountants of ICAI dealing in cyber frauds and discusses the key features of IT Act,2000 and Cybercrime investigations.

This presentation was delivered by Cyberlaw Expert, Karnika Seth to chartered Accountants of ICAI dealing in cyber frauds and discusses the key features of IT Act,2000 and Cybercrime investigations.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,637
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
190
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Legal Framework for cybercrime Investigations and IT Act,2000 ICAI, FAFD Course, 25 june 2013 Karnika Seth © copyrighted ,Karnika seth
  • 2. Book on cyberlaws by Karnika Seth
  • 3. The cybercrimes  Computer Crime, E-Crime, Hi-Tech Crime or Electronic Crime is where a computer is the target of a crime or is the means adopted to commit a crime.  Most of these crimes are not new. Criminals simply devise different ways to undertake standard criminal activities such as fraud, theft, blackmail, forgery, and embezzlement using the new medium, often involving the Internet .  Cybercrimes can be categorised based on gravity or nature of offence, or affected target group.
  • 4. Types of Cyber crimes  Cyber terrorism  Hacking and sabotage  Credit card frauds  Phising  Cyber pornography  Sale of illegal articles-narcotics, weapons, wildlife  Online gambling  Intellectual Property crimes- software piracy, copyright infringement, trademarks violations, theft of computer source code  Email spoofing  Forgery  Defamation  Cyber stalking Crime against persons Crime against Government Crime against property 4Copyrighted,Seth Associates,2010
  • 5. Levels of cyber threats and vulnerabilities Individual sector society State level Global 5 Copyrighted,Seth Associates,2010
  • 6. Cyber Threats in 2009 and Beyond Report of Georgia Tech Information Security Center (GTISC) Malware Botnets Threats to VOIP and mobile convergence Cyber warfare Data thefts 6 Copyrighted,Seth Associates,2010
  • 7. Cyber Crime mechanisms According to the report by NCRB Under the Information Technology Act, a total of 420 cases such as hacking computer systems or forging digital signatures were reported in 2009, while the figure was 142 in 2006. Copyrighted,Seth Associates,20107 Network based attacks Operation based attacks User authenticationSoftware based attacks Hardware based attacks
  • 8. Legal statutes  IT Act,2000 -enacted on 17th May 2000, India is 12th nation in the world to adopt cyber laws  Indian Penal Code,1860  Criminal Procedure Code ,1973  NDPS Act  Arms Act  Copyright Act,1957  Trademarks Act,1999  Patents Act,1970  Public Gambling Act, 1867  PML Act ,2002
  • 9. New cybercrimes-IT (Amendment) Act,2008 Computer related offences –Section 66 Sending of offensive false messages(s.66A) Identity theft (s. 66C) Cheating by personation (s.66D) Violation of privacy (s.66E) Cyber terrorism (s.66F) Publishing sexually explicit content(s. 67A) Child pornography (s.67B) Stolen computer resource(s.66B) Attempt to commit an offence (s.84C) Abetment to commit an offence(s.84B)
  • 10. Important Sections of IPC  Waging war against Government of India- Section 121  Promoting enmity between different religious groups- Section 153A ,295A  Theft- Section 379  Receiving stolen computer resource-Section 411 IPC  Extortion –Section 383  Criminal breach ofTrust/Fraud- Section 406 IPC  Cheating by personation –Section 419  Destruction of electronic evidence- Section 204 IPC  False electronic evidence-Section193 IPC  Forgery of electronic record-Section 470  Sale of obscene books –Section 292  Criminal conspiracy-Section 120B  Defamation- Section 500  Criminal intimidation –Section 503, 507.  Outraging modesty of woman-Section 509  Copyright infringement-Section 63, 63B of Copyright Act
  • 11. Computer Related Crimes under IPC and Special Laws Sending threatening messages by email Sec 503 IPC Sending defamatory messages by email Sec 499, 500 IPC Forgery of electronic records Sec 470, 471 IPC Bogus websites, cyber frauds Sec 420 IPC Email spoofing Sec 419 IPC Online sale of Drugs NDPS Act Web - Jacking Sec. 383 IPC Online sale of Arms Arms Act
  • 12. IT Act,2000  The Act was passed in India in 2000  based on Model law of e-commerce adopted by UNCITRAL in 1996  Three fold objectives in Preamble-  Legal recognition for e-transactions  Facilitate electronic filing of documents with govt agencies  To amend certain acts such as IPC,1860, Evidence Act,1872,etc
  • 13. Determining jurisdiction  In a recent case, Super cassettes industries ltd v My space inc 2011 (48) PTC 49, the High court of Delhi dealt with a case for copyright infringement wherein plaintiff alleged that infringing songs and videos were uploaded on defendant's website that directly infringed its copyright in the said works.The court dealt with issue of lack of jurisdiction wherein the defendants contended:  a)The defendant No.1 is a foreign national and engaged in  business outside the jurisdiction of this court  b) No part of cause of action has arisen with in the territorial  jurisdiction of the court.  c)The defendant No.1 is not amenable personally to jurisdiction  of the court and cannot be compelled to submit to  the jurisdiction of the court.  d)The website of defendants cannot fall within the jurisdiction of the  court as it does not qualify the tests laid down in the case of  Banyan TreeVs.A. Murali Krishna Reddy & Anr, 2010  (42) PTC 361 (Del).  e)The exercise of jurisdiction by this court would mean that the  court is giving extraterritorial effect
  • 14.  The court considered these objections and held that the case relates to infringement of copyright wherein the remedies are conferred under the Indian Copyright Act, which provides in Section 62 that suit for infringement of copyright can be filed and initiated at the place wherein the plaintiff carries on business, or personally works for gain which is additional ground available to plaintiff apart from Section 20 of Civil Procedure Code.The court held that even assuming that the rules of private international law may have any role to play, the same stands overridden by the express provision of the special Act which is Copyright Act, 1957 which entitles the plaintiff to sue at the place of its own forum.The court observed regarding two aspects of downloading and uploading of infringing content as follows-  "In the first case, the tort or civil wrong is caused in India as the aspect of downloading to the computer has been occurred in India when the said work is communicated to Indian users without the permission of the plaintiff. In the second case too, the initiation of the tort or part of the same has occurred in India as the infringing work without the authority of the plaintiff is communicated to the defendants with a limited licence to further modify and communicate further.The said commission of the acts or the part of the overt acts constitutes the part of cause of action within the meaning of Section 20 (c) of the Code of Civil Procedure."  The court also distinguished Banyan tree case judgement from the present case on the ground that Banyan tree case pertained to passing off which cannot be extended to copyright infringement cases which are governed by special provisions.Also, the court applied principle of interactivity of website and targeting of customers in India to assume jurisdiction to decide the matter.
  • 15. Main Features of IT Act,2000  Conferred legal validity and recognition to electronic documents & digital signatures  Legal recognition to e-contracts  Set up Regulatory regime to supervise Certifying Authorities  Laid down civil and criminal liabilities for contravention of provisions of IT Act,2000  Created the office of Adjudicating Authority to adjudge contraventions  According to s 75 of the Act, the Act applies to any offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India.
  • 16. Need for amendments  Diversifying nature of cybercrimes –all were not dealt with under IT Act,2000-cyber terrorism, spamming, MMS attacks,etc  Use of wireless technology had no mention in definition of “computer network” in S2(j)  Digital signatures only for authentication .  Definition of ‘intermediary’ and their liability required clarification.  Grey areas-Power of execution- Adjudicating authority  No appointed statutorily authority for supervising cyber security of protected systems  Power to investigate offences –only DSP and above  Power to intercept & decrypt information limited under Section 69
  • 17. Important definitions added in amended Act  Section 2 (ha)- communication device-includes cell phones, PDA,etc  Section 2 (j) computer network –interconnection through wireless added  Section 2 (na) cybercafe  Section 2(w)- intermediary- includes search engines, web hosting service providers, online auction sites,telecom service providers etc
  • 18. Corporate Responsibility introduced in Section 43A  Applies to Corporate bodies handling sensitive personal information or data in a computer resource  Need for data protection fulfilled- no limit to compensation claim  Will help combat data theft, credit card and IP frauds  To be r/w Section 85 IT Act,2000  To protect from unauthorized access, damage, use ,modification, disclosure, or impairment  Privacy policy mandatory
  • 19. Section 43A  ‘Reasonable security practices’ as may be specified by agreement between parties  Or Specified by any law  Or Prescribed by Central Govt in consultation with professional bodies  InformationTechnology ( Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 passed-recommend adoption of ISO27001 .
  • 20.  InformationTechnology ( Reasonable security practices and procedures and sensitive personal data or information) Rules 2011  Body corporate mandated to share information with government authorities without prior consent of owner for verification of identity,  prevention, detection, investigation, prosecution, punishment of offences  Government agency required to submit request for information in writing –purpose of seeking info  Also undertake such information not be shared with other persons
  • 21. Amended Section 43 –cyber contraventions  Earlier Section 43 –contraventions-actus reus and Section 66-mens rea +actus reus  Amended Section 43 , insertion of Section 43 (i) and (j)- requirement of mens rea with actus reus  Section 43(j) uses words “stealing” and “intention to cause damage”. Same acts when committed ‘dishonestly’ or ‘fraudulently’ are placed under Section 66.  Intent is to punish under section 66 and compensate for loss for same acts in S.43.Amended Section 43 removed ceiling limit for compensation
  • 22. Amended Section 43 (j)  If any person without permission of the owner or any other person who is incharge of a computer,computer system or computer network….steal, conceals,destroys or alters or causes any person to steal, conceal, destroy, or alter any computer source code used for a computer resource with an intention to cause damage…he shall be liable to pay damages by way of compensation to the person so affected.
  • 23. Recent amendments & Role of Adjudicating Authority  The Subject matter of its jurisdiction is widened –adjudging more contraventions under Section 43,43A  Power to impose penalty & award compensation both  Excludes jurisdiction from matters where compensation claimed is more than 5 crores  Quantum of compensation –discretion of adjudicating officer-  objective criteria laid down for guidance maintained-Amount of unfair advantage gained, amount of loss, repetitive nature of default  IT (qualification and experience of adjudicating officers and manner of holding enquiry ) Rules ,2003
  • 24. Strengthening the role of Adjudicating Authority  Reliance on documentary evidence, investigation reports , other evidence  Compounding of contraventions  Powers of Civil court and Section 46(5)© confers power of execution of orders passed by it- attachment of property, arrest & detention of accused, appointment of receiver- greater enforceability
  • 25. Cognisability & bailability  Most offences introduced by the 2008 amendments prescribe punishment of upto 3 yrs , fine of one lac/2 lac  For hacking term of imprisonment remains upto 3yrs but fine increased from 2 lakhs to 5 lacs  In S.67 imprisonment term reduced from 5 yrs to three yrs. Fine increased from one lac to 5 lacs.  Most Offences are cognisable but bailable  This is a new challenge for cyberlaw enforcement authorities- need quick action by trained investigators to collect and preserve evidence as probability of tampering increases .
  • 26. Collection of evidence streamlined  Section 67C- Intermediaries bound to preserve and retain such information as Central govt prescribes, for prescribed duration- contravention punishable with upto 2yrs imprisonment ,upto one lac fine or both- but no mandatory period for maintaining logs stipulated  Accountability of service providers increased-Section 72A added-disclosure of information in breach of lawful contract-punishment upto 3 years , fine upto 5 lakh or both
  • 27. Collection of evidence streamlined  Section 69 -Power of Central Govt to intercept, monitor, decrypt information  IT (procedure and safeguards for interception, monitoring and decryption of Information) Rules, 2009.  Power with Secretary, Ministry of Home Affairs to authorize an agency to intercept  Non-cooperating Subscriber or intermediary -liable to punishment of upto 7 yrs imprisonment and fine is added by amendment.  Maintenance of confidentiality, due authorisation process, exercise power with caution.
  • 28. Collection of evidence streamlined  Section 69 A added- blocking of public access and under Section 69B confers power on central govt to appoint any agency to monitor and collect traffic data or information generated, transmitted,received,or stored in any computer resource  Non cooperating intermediary-liable to punishment –term upto 7 yrs and fine  Websites containing hate speech, defamatory matter, slander, promoting gambling, racism ,violence, terrorism, pornography, can be reasonably blocked  IT (procedure and safeguards for monitoring and collecting traffic data or information) Rules ,2009 -competent authority- secy to govt of India DIT – authorised agency-intermediary  Review committee, confidentiality, destruction of records  InformationTechnology (Procedure and Safeguards for blocking for access of information by public ) Rules,2009 -committee examines request to block  Authorisation procedures laid down-Designated Authority-committee approval- seeks Secy DIT approval- authorises DOT to block/court order  Responsibility to maintain confidentiality-intermediaries.  Review committee provision, destruction of records  Non cooperating intermediary-liable to punishment –term upto 3 yrs and fine
  • 29. EEE’s role  Examiner of Electronic Evidence created in section 79A-  Central Government empowered to appoint this agency  To provide expert opinion on electronic form of evidence.  “electronic form evidence” –inclusive definition- computer evidence, digital audio, digital video, cellphone, fax machines-information stored, transmitted in electronic form
  • 30. Strengthening India’s cyber security  Section 70- protected systems- takes within its cover the ‘Critical Information Infrastructure’  Computer resource, incapacitation or destruction of which has debilitating impact on national security,economy,public health, safety.  CERT appointed as Nodal Agency for incident response- Section 70B  Multiple roles- alert system ,response team, issuing guidelines ,reporting incidents  Non cooperating service providers, intermediaries,etc punishable with term upto one year or fine upto one lac or both  Excludes jurisdiction of court
  • 31. IT (Amendment) Act,2008 Legal recognition to E- documents & e-contracts (Sec.7A,10A) Composition of CAT- Include members- majority decision (Sec52D) other Acts applicability (Section 77 r/w 81) Power to investigate -Inspectors- (Section 78,80)
  • 32. Intermediaries Guidelines  InformationTechnology ( Intermediaries guidelines) Rules 2011.  Privacy policy and User Agreement mandatory  Inform the users not to ‘host, display, upload, modify, publish, transmit, update or share information’ that they donot have a right to, grossly harmful, harassing, defamatory, obscene, invades privacy, hatespeech, encourages money laundering, or gambling, unlawful, harmful to minors, infringes IPR, spoofing, sends grossly offensive information, impersonation, software virus spread., threatens unity, integrity, security of India….friendly relations with foreign states…public order , causes incitement to commission of any cognisable offence, prevents investigation, or insults other nation’
  • 33. Liability of ISP revisited  Under earlier Section 79, network service providers were liable for third party content only if they failed to prove offence was committed without knowledge or due diligence was exercised. Burden of proof was on Network service provider.  The amended section excludes certain service providers and holds intermediary liable only if he has conspired , abetted or induced whether by threats or promise or otherwise in the commission of unlawful act (S.79(3)(a).Onus to prove conspiracy, abetment, is shifted on Complainant.  Intermediary is liable also if on receipt of actual knowledge or on receipt of intimation from govt agency, it fails to remove or disable such website’s access.  Temporary storage exempted-no human editorial control, removal of access on actual knowledge  Electronically signed complaint by affected party- action within 36 hrs to disable content  Intermediary's right to terminate access /use if breach of user agreement  Intermediary to provide information to government investigating agencies- verification of identity, prevention, detection, investigation, prosecution,cybersecurity incidents, punishment of offences on a written request stating purpose.  Intermediary to comply with Reasonable security practices Rules, 2011
  • 34. Compliances by Cybercafes  InformationTechnology ( Guidelines for cybercafe ) Rules ,2011  Agency for registration of cybercafe  Identification of user mandatory-school icard,photo credit card, passport, voter id, PAN card, photo icard, driving license, UID  Photocopy/scanned id proof duly signed by user and cybercafe representative to be maintained for one year.  May also be photographed signed by user, cybercafe rep part of log register maintained in physical or electronic form.  online version to be electronically signed
  • 35.  Name, address ,gender, contact number, type and detail of identification document, date, computer terminal used, log in , logout  Monthly reports of log registers –submit to agency directed by registration agency by 5th of next month.  Cybercafe owners to maintain backup of logs of history of websites accessed on a computer  Logs of proxy server at the café  Guidelines for auditing and logging- CISG 2008-01 updated by CERT-see www.cert-in.org.in  Record of its staff for one year
  • 36. Investigations- Important provisions under CrPC  Under CrPC, Section 41-When police may arrest without warrant  Search by police officer–Section 47  Summons to produce a document or thing-Section 91  Search warrant by magistrate-Section 93, Section 94- for stolen goods/forged documents  Power to seize property-Section 102  Arrest to prevent commission of cognizable offences- Section 151  Section 154- Information/complaint in cognizable cases  Section 157-procedure to investigate –send report to magistrate  Section 160 r/w 161-power to require attendance of witness& their examination  Section 165-search by police investigating an offence -copies of record sent to magistrate  Section 166-officer required another police station to issue search warrant  Section 166A –letter of request by criminal court for outside India search  Section 167- producing accused before magistrate on expiry of 24 hrs  Section 172-Diary of proceedings to be maintained  Section 173-Police Report  Section 175-Power to summon persons
  • 37. Determining Jurisdiction  Place of inquiry/trial- Section 177- where offence was committed.  Section 178-offence committed in more than one jurisdiction- any of the relevant jurisdictions  Section 178- act where it is done and consequence where felt- any of these jurisdictions  Section 181-theft, stolen property, extortion- where committed, stolen property is possessed  Offences committed by letters, messages- where sent/received  Section 188-offence committed outside India by citizen of India, on a ship/aircraft registered in India trial as if committed in India with prior sanction of central government.  Section 468-period of limitation to take cognizance.
  • 38. Important provisions under IT Act,2000  Section 77r/w 81- IT Act,2000-confiscation- Any computer or accessory liable to be confiscated if used for commission of offence  compensation, penalty, confiscation not to interfere with other remedies under other statutes  Section 77 A –compounding of offences –below 3 year sentence  Section 77B- offences with 3 yr punishment bailable  Section 78-power to investigate- inspector and above  Inspection provisions- consistent with Section 80 –power of police inspectors /officers to search & arrest, without warrant any person who has committed, is committing or about to commit any offence under IT Act.
  • 39. CBI manual chapter 18-Investigating cybercrimes  Disks or Cartridges ─ these can be used to store copies of files from the computer  for use in his investigation.  (2) Labels ─ to label cables, where they plug in, disks, the various parts of the  computer and to write/protect disks.  (3) Screwdrivers and other tools used to dismantle the hardware for seizure.  (4) Gloves ─ remember that often, latent prints can be taken from disks or other  storage media or hardware.  (5) Packing materials – rubber bands, tape, boxes, bubble wrap, and if he does not  have access to anti-static wrap, paper bags should be used, because they have  less static charge than plastic bags.  (6) Camera equipment – to videotape and photograph the scene.  (7) Chain of custody report sheets and other paper to inventories seized evidence.
  • 40. Investigation in cybercrime cases  On the crime scene if computer screen is on, click pictures, video or note in seizure memo.  Digital evidence in hard disk, Smartcards, biometric devices,answering machines,digital cameras, printers,PDAs,modems,servers,CDs, scanners,pendrives, phones, Drives, digital watches, fax machine,GPS,keyboard, mouse  Draw the network architecture sketch/video/photograph it. Prepare set of questions for FSL lab to investigate, note individuals present there, position of equipment, password slips, papers, note network connections, details of modem,list of suspects,mitigation actions, logs, after incident use, any system alarms, user names, service provider details, back up plan, CCTV, user management software, type of wifi connection,protect media from magnetic field .Access rights informationetc.
  • 41. Techniques of cyber investigation- Cyber forensics  Computer forensics, also called cyber forensics, is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law.  The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it. Archival Articulation Analysis Authentication Acquisition Assessment
  • 42. Rules of evidence  Computer forensic components-  Identifying  Preserving  Analysing  Presenting evidence in a legally admissible manner
  • 43. Classification of computer forensics  Disk based forensics  Network based forensics  Mobile forensics  E-mail forensics etc  Disk imaging and analysis-  Tool must have the ability to image every bit of data on storage medium, tool must not make any changes to the source medium.  Examples-  DCFLDD-www.prdownloads.sourceforge.net/biatchux  ODD-open data duplicator  ODESSA-creating a qualified duplicate image with Encase- www.odessa.sourceforge.net
  • 44. Recovering deleted data  Encase  FTK  Stellar Phoenix  PCI file recovery  Undelete  Recover4allGet data back  Fast file recovery  Active undelete
  • 45. Access data
  • 46. Results displayed by category
  • 47. FBI handbook of forensic investigation- techniques for computer forensics Examine type of content in computer Comparison of data files Transactions-to know time and sequence when data files were created Data files can be extracted from computer Deleted data files can be recovered from the computer Data files can be converted from one format to the other Key word searching Passwords, log in and log out time, use of applications, wifi Limited source code can be analysed and compared Storage media with standalone word processors can be examined
  • 48. Sources of Evidence  Existing Files  Deleted Files  Logs  Special system files (registry etc.)  Email archives, printer spools  Administrative settings  Internet History  Chat archives  Misnamed Files  Encrypted Files / Password Protected files  Steganography /hidden files
  • 49. E-mail forensics  E-mail composed of two parts- header and body  Examine headers  Request information from ISP  Trace the IP  Tools-Encase,FTK,Final email  Sawmill groupwise  Automation for logging  Cracking the password- brute force attack, smart search, dictionary search, date search, customised search, guaranteed decryption, plaintext attack  Passware, ultimate zip cracker,office recovery enterprise,etc
  • 50. The criminal prosecution pyramid Conviction/acquittal Trial Contents of charge Issue of process –summons, warrant Examine the witnesses Examine the complainant on oath Initiation of criminal proceedings-cognizance of offences by magistrates
  • 51. Amendments- Indian Evidence Act 1872  Section 3 of the Evidence Act amended to take care of admissibility of ER as evidence along with the paper based records as part of the documents which can be produced before the court for inspection.  Section 4 of IT Act confers legal recognition to electronic records  Section79A of the IT Amendment Act ,2008 defines electronic evidence .includes computer evidence, digital audio/video, cellphones, digital fax machines
  • 52. Sections of Evidence Act,1872  Section 47A- opinion of Certifying Authority with respect to Electronic signatures  Section 67A- mandates proof of electronic signature of subscriber  Section 85A- presumption in favour of electronic signature on an electronic record purporting to be an agreement containing electronic signature  Section 85C-presumption in favour of certain information listed in Electronic signature certificate  Section 90A- presumption in favour of electronic signature on electronic record that is 5yrs old  Section 73A-proof of digital signature  Section 45A opinion of Examiner of Electronic Evidence
  • 53. Societe Des products Nestle SA case 2006 (33 ) PTC 469  By virtue of provision of Section 65A, the contents of electronic records may be proved in evidence by parties in accordance with provision of 65B.  Held- Sub section (1) of section 65B makes admissible as a document, paper print out of electronic records stored in optical or magnetic media produced by a computer subject to fulfillment of conditions specified in subsection 2 of Section 65B . a) The computer from which the record is generated was regularly used to store or process information in respect of activity regularly carried on by person having lawful control over the period, and relates to the period over which the computer was regularly used. b) Information was fed in the computer in the ordinary course of the activities of the person having lawful control over the computer. c) The computer was operating properly, and if not, was not such as to affect the electronic record or its accuracy. d) Information reproduced is such as is fed into computer in the ordinary course of activity.  In the context of Section 65B(2)(c) the condition that throughout the material part of the period to  which the computer operations related, the computer was operating properly has to be complied with.  Secondary evidence can be led –apart from certification procedure in Section 65B(d)  State v Mohd Afzal, 2003 (7) AD (Delhi)1
  • 54. Mohd Afzal case- Parliament attack case- cyber terrorism  I-Cards, slips of papers containing telephone numbers and mobile phones were seized from accused. The laptop which was seized from the two terrorists, who were gunned down when Parliament was under siege on December 13 2001, was sent to Computer Forensics Division of BPRD after computer experts at Delhi failed to trace much out of its contents.  The laptop contained several evidences that confirmed of the two terrorists’ motives, namely the sticker of the Ministry of Home that they had made on the laptop and pasted on their ambassador car to gain entry into Parliament House and the fake ID card that one of the two terrorists was carrying with a Government of India emblem and seal.  The emblems (of the three lions) were carefully scanned and the seal was also craftly made along with residential address of Jammu and Kashmir. But careful detection proved that it was all forged and made on the laptop.  investigate about the mobile numbers found written on the slips of paper recovered from the terrorists-also the mobile phones recovered from the terrorists and the three SIM cards recovered from the purse of terrorist-a) SIM cards corresponding to telephone number 9810693456 recovered from the purse of Mohd. was used in six instruments.  b) Last call made from this mobile number 9810693456 was made to mobile No. 9811489429 (the number on the I. Cards recovered from the terrorists) at 11.25 A.M. on 13.12.2001 (Time was when attack was on).  Phone tapping was adopted and accused were found to have connections from Srinagar.
  • 55. State vs Mohd Afzal  Held- “The testimony of PW.35 and PW.36 establishes that the call details Ex.PW.35/2 to Ex.PW.35/8 and Ex.PW.36/1 to Ex.PW. 36/5 were computer generated and pertained to the respective periods indicated in the print outs.Testimony establishes that they related to the services provided by the respective companies in respect of the different mobile phone numbers. It is true that neither witness made a positive statement that during the relevant period, the computers worked properly but reading the statement as a whole, the same is implicit.No suggestion was given to the witness that their computers were malfunctioning.”  “We are satisfied that on the evidence on record, the prosecution has duly proved the electronic record Ex.PW.35/2 to Ex.PW.35/8 and Ex.PW.36/1 to 36/5.The technical flaw whereby on four occasions double entries have been recorded are explainable, in that,they are double entries pertaining to the called and caller numbers. Even otherwise as held in Ana Marcolino (Supra) the malfunction is not sufficient to cast a doubt upon the capacity of the computer to process information correctly. It does not establish in any way that the capacity of. the computer to process, store and retrieve information used to generate the statement, tendered in evidence, was effected”.
  • 56. State v Navjot Sandhu (2005)11 SCC 600  Held, while examining Section 65 B Evidence Act, it may be that certificate containing details of subsection 4 of Section 65 is not filed, but that does not mean that secondary evidence cannot be given.  Section 63 & 65 of the Indian Evidence Act enables secondary evidence of contents of a document to be adduced if original is of such a nature as not to be easily movable.
  • 57. Syed Asifuddin and Ors. V. The State of AP. & Anr., 2005CriLJ4314  Facts of the case: Pioneer Scheme a third generation digital handset costing about Rs. 10.500/- for a mere payment of Rs. 3.350/- with a condition to sail with their network for a period of 3 years with option to exit either by surrendering the handset or paying the cost of the handset to the company. Investigation also reveals that there is an agreement existing between the Samsung manufacturers and LG manufacturersWith Reliance Infocomm regarding their exclusive models Samsung N191 and LG-2030.These model handsets are to be exclusively used by Reliance India Mobile Limited only.  Tata Indicom employees were arrested for manipulation of the electronic 32-bit number (ESN) programmed into cell phones that were exclusively franchised to Reliance Infocomm. The court held that such manipulation amounted to tampering with computer source code as envisaged by section 65 of the InformationTechnology Act, 2000. A cell phone is a computer as envisaged under the InformationTechnology Act. ESN and SID come within the definition of "computer source code" under section 65 of the Information TechnologyAct. When a customer of second respondent opts for its services, the MIN and SID are programmed into the handset.If some one manipulates and alters ESN, as per the case of second respondent,Samsung/LG handsets which are exclusively used by them become usable by other service providers like TATA Indicom.
  • 58. Presumptions in law- Section 85 B Indian Evidence Act  The law also presumes that in any proceedings, involving secure digital signature, the court shall presume, unless the contrary is proved, that the secure digital signature is affixed by the subscriber with the intention of signing or approving the electronic record  In any proceedings involving a secure electronic record, the court shall presume, unless contrary is proved, that the secure electronic record has not been altered since the specific point of time, to which the secure status relates
  • 59. Presumption as to electronic messages- Section 88A of Evidence Act  The court may treat electronic messages received as if they were sent by the originator, with the exception that a presumption is not to be made as to the person by whom such message was sent.  It must be proved that the message has been forwarded from the electronic mail server to the person ( addressee ) to whom such message purports to have been addressed  An electronic message is primary evidence of the fact that the same was delivered to the addressee on date and time indicated.
  • 60. Ziyauddin Burhanuddin Bukhari Vs. Brijmohan Ramdass Mehra & Ors (1976) 2 SCC 17  court relied on R.Vs. Maqsud Ali -held that the tape-recordings of speeches were admissible in evidence on fulfillment of the following conditions:  "(a)The voice of the person alleged to be speaking must be duly identified by the maker of the record or by others who know it.  (b) Accuracy of what was actually recorded had to be proved by the maker of the record and satisfactory evidence, direct or circumstantial, had to be there so as to rule out possibilities of tampering with the record.  (c)The subject-matter recorded had to be shown to be relevant according to rules of relevancy found in the Evidence Act.“
  • 61. Bazee.com case-cyberporn  Required user to register on site  Seller to post item & write description  Telephonic verification of seller  Safety and trust division ran objectionable material filter check  Bazee .com received commission on sales  Ravi Raj was registered user with e-mail id psell@sify.com  He used new name as Alice Electronics gave a kharakpur address sold item under books and magazines  Word ‘sex ‘at serial 23 of filter list , sexual at ’70’ still listing took place  Seller on receiving confirmation of payment will mail it as e-mail attachment to buyer ‘dps_rkpuram-sex-scandle.zip’  On 27th nov 2004 e-mail received from Amit vohra intimating the illegal activity , on 29th it was closed.-sold 8 copies  Avnish Bajaj arrested.  As regards Section 292, no vicarious liability of director but under Section 67, read with Section 85, director is primafacie liable .-listing primafacie obscene. “Delhi girls having fun”
  • 62. Aneeta Hada v M/s. Godfather Travels & Tours  Thereafter, in Aneeta Hada v M/s. Godfather Travels &Tours (P) ltd 2012 (5) SCC 661, the Hon'ble Supreme court considered criminal appeal no.1483 of 2009 titled Avjnish Bajaj v State along with other criminal appeals involving same question of law,whether a director can be held liable even where a company is not arraigned as an accused .The Hon'ble court took the view that under Section 85 of the Information Technology Act,2000,which provides for deemed liability of directors incase of offences committed by companies, a director cannot be held liable without impleading the company as an accused.The court quashed the proceedings against the appellant director as the company was not even arraigned as an accused.The court applied the doctrine of strict construction, and took the view that commission of offence by the company is an express condition precedent to attract the vicarious liability of others.
  • 63. Identity thefts  A complaint was filed in by Sony India Private Ltd, which runs a website called sony- sambandh.com, targeting Non Resident Indians.The website enables NRIs to send Sony products to their friends and relatives in India after they pay for it online.  In May 2002,someone logged onto the website under the identity of Barbara Campa and ordered a Sony ColourTelevision set and a cordless head phone.A lady gave her credit card number for payment and requested that the products be delivered to Arif Azim in Noida.  At the time of delivery, the company took digital photographs showing the delivery being accepted by Arif Azim.The transaction closed at that, but after one and a half months the credit card agency informed the company that this was an unauthorized transaction as the real owner had denied having made the purchase. The company lodged a complaint for online cheating at the Central Bureau of Investigation which registered a case under Section 418, 419 and 420 of the Indian Penal Code. The matter was investigated into and Arif Azim was arrested. Investigations revealed that Arif Azim, while working at a call centre in Noida gained access to the credit card number of an American national which he misused on the company’s site.
  • 64. Spoofing  A 16 year old student from Ahmadabad who threatened to blow up Andheri Railway station in an email message was found guilty by the Juvenile court in Mumbai. A private news channel received an email on 18 March 2008 claiming sender as Dawood Ibrahim gang saying a bomb would be planted on an unspecified train to blow it up. The case was registered in Andheri Police station under section 506 of IPC and transferred to cyber crime investigation cell. During Investigation CCIC traced the cyber cafe from which the email account was created and threatening email was sent. Cafe owner told police about users which had come that day to surf the net.Police Summoned them and found that the system which was used to send email was accessed by only one customer. On 22nd March 08, police arrested the boy a Class XII science student who during interrogation said that he sent the email for fun of having his prank flashed as “breaking news’’ on television.
  • 65. JCB INDIA LTD vs I.P. ADDRESS :122.163.98.166 & ORS  in March 2008 the plaintiffs became aware of the fact that the applicant had joined M/s Escorts Construction Equipment Ltd., its direct competitor.The plaintiff was also notified by its security staff that some documents, papers containing print outs of email messages pertaining to the private email account of the applicant being abhinavdeepti@indiatimes.com were found.  A reading of the documents, it is averred, revealed that they CS (OS) Nos.691/2008 & 1021/2008 Page 3 contained confidential information pertaining to the intellectual property of the plaintiff company.The plaintiff, therefore, alleges that the applicant during his stint in the plaintiff company transferred such confidential information and trade secrets to the local PC and thereafter on to his personal email id.  It is alleged that an examination of the computer records of the applicant revealed that mails were being sent frequently to the aforesaid email id and that these contained the plaintiff's valuable confidential,including drawing for a backhoe bucket, tanks, fender, post leg etc., all of which were made on Product Lifecycle Management (PLM), the software used by the plaintiff to store itsconfidential data.
  • 66. Nirav Navinbhai Shah And 4 Ors. vs State Of Gujarat And Anr. on 28/9/2006  The gist of the complaint was that the accused No. 1 hacked with the help of the other accused the complainant's computers and stole important data.The offence was investigated and report came to be filed by police and Criminal Case No. 3528 of 2004 began.  The complainant and three other witnesses have already been examined. It is stated in this application that in the meanwhile some settlement was arrived at between the parties to end all civil as well as criminal litigations pending between them in various courts including court in United Kingdom.
  • 67. Sri. P. Padmanabh S/O Papanna @ ... vs Syndicate Bank Limited, ... on 15 November, 2007  A nationalised bank had issued a ATM card to the defendant; that the card enabled the defendant to draw money/cash from the ATM counter established by the bank and that the amount drawn by the defendant would be debited to the Savings Bank account maintained by the defendant with the bank;  that it was linked to the Savings Bank account of the defendant; that the defendant could have drawn amounts from the ATM bank upto the extent of balance maintained in the Savings Bank account,  but the defendant taking advantage of some snapping of link between the ATM and the computer maintaining the bank accounts and other transaction of the bank had drawn sums of Rs. 5,000/- on three days though there was no sufficient balance in the account.  This fact having been noticed by the bank,later the bank had put the defendant on notice calling upon him to make good the amount; that amount having not been paid, a legal notice was also issued but the defendant not having responded positively to make good the amount, it had become necessary for the plaintiff to sue the defendant for the recovery of the amount,  particularly, for the three transactions of drawal of Rs. 5,000/- on each occasion through the ATM machine by the defendant with costs and consequence.The defendant while admitted the maintenance of Savings Bank account and also the issue of ATM card by the bank, denied having operated ATM machine for drawal of the amounts as indicated in the plaint
  • 68.  petitioner had not established the liability of defendant for payment of the amounts in terms of three withdrawal transactions through the ATM machine; that the defendant was enabled to withdraw amounts under the ATM card only upto the balance maintained in the account and not beyond and that special circumstance pleaded in the plaint regarding snapping of the link between the ATM machine and the main computer was never to the knowledge of the defendant but had no occasion to use the ATMmachine;  that even as admitted by the plaintiff there was malfunctioning of the ATM machine or the computer and therefore no presumption about the accuracy of the entries could have been drawn in favour of theplaintiff - bank;  that the very fact the bank had allowed the Savings Bank account to become irregular and did not even care to apprise the defendant for more than three months is proof enough of the irregularity of the maintenance of books of accounts in the normal course of business  that therefore, no presumption could have been drawn and the learned trial judge, when had declined to draw the presumption in favour of the plaintiff in terms of Section 65-B(2) Clause (b) of Indian Evidence Act, 1872 with Section 65-B
  • 69. MCQ Test  Q.1.The role of Certifying Authority appointed under the IT Act,2000 is-  (1) to issue digital signatures (2) to grant compensation for contraventions (3) to punish an accused (4) to make new rules under IT Act,2000  Q.2 Liability of intermediaries under IT Act is provided under –  (1) Section 79 of IT Act (2) Section 67 (3)Section 85 (4) Section 46  Q.3 Electronic Evidence in form of affidavit by Chief Technology officer as per Section 65A and B of evidence Act is-  (1) admissible as secondary evidence (2) admissible as primary evidence (3) not admissible (4) depends on facts of a case  Q.4 Forging of electronic document is punishable under Section 470 read with Section 465 IPC with a period of imprisonment of a term that may extend to –  (1) five years (2) three years (3) two years (4) one year  Q.5 using a digital signature of a director malafidely without permission to sign a document amounts to a –  (1) identity theft (2) negligence (3) perfectly legal act (4) tort
  • 70. Copyrighted,Seth Associates,201070 Thank you! SETH ASSOCIATES ADVOCATESAND LEGAL CONSULTANTS New Delhi Law Office: C-1/16, Daryaganj, New Delhi-110002, India Tel:+91 (11) 65352272, +91 9868119137 Corporate Law Office: B-10, Sector 40, NOIDA-201301, N.C.R ,India Tel: +91 (120) 4352846, +91 9810155766 Fax: +91 (120) 4331304 E-mail: mail@sethassociates.com

×