This document describes a case of revenge porn involving a 21-year-old female student in Salem, Tamil Nadu. Her parents reported to police that morphed photos of her were being posted on Facebook. The police began an investigation but did not register an official FIR at the parents' request. They identified the Facebook profile as fake. Police initially suspected a man the victim had a relationship with but ruled him out. The investigation included an unhelpful phone number. Police submitted a request to Facebook for IP details of the fake profile, which was their last hope to identify the culprit.

1. Er.Jay Nagar(Cyber Security Researcher)
+91-9601957620
www.jaynagarblog.wordpress.com
-:Investigation:-
Tracking and Tracing of Digital Evidence

2. Cyber Crimes (Social Media)
Cyber Crime can be said as the criminal activity or
the crime that involves the internet, the computer
or any computer technology
The world is effected by various types of crimes
revolving around some of them are:
 Defamation
 Stalking
 Identity Theft
 Crime against Community
 Double switching
 Radicalization
 Personation
 Scams
 Phishing
 Sexting
 Cyber Terrorism
 And many more…….

3. Digital evidences or Electronic Evidence
Digital evidence orelectronic evidence is any probative
information stored or transmitted in digital form that a party
to a court case may use at the trial. Before accepting the
digital evidence, a court will determine if the evidence is
relevant, whether it is authentic, if it is hearsay and whether a
copy is acceptable or the original is required.
The use of digital evidence has increased in the past few
decades as courts have allowed the use of e-mails, digital
photographs, ATM transaction logs, word processing
documents, instant message histories, files saved from
accounting programs, spreadsheets, internet browser
histories, computer backup, computer printout, Global
Positioning System tracks, logs from the hotel’s electronic
door locks, and digital video or audio files.
Device such as mobile phones, laptops, computer system,
Media card, thumb drives, optical media, digital camera, mp3
player, GPS device all of these devices are capable of holding
significant digital evidence that will help in the case. And each
of these mentioned above are handled in different ways,
seizure of these items should
be performed with special
care. It is always advised to
work with an experienced
digital evidence analysist to
collect these items.

4. Case Study-1
Identity theft case
JAIPUR: The US Federal Bureau of Investigation (FBI) has confirmed
that Abhishek Joshi (36) and his father Ashok Joshi (56), arrested earlier
in the Alwar cooperative bank scam, were also wanted in the multi-million
identity theft case.The special operations group (SOG) of the Rajasthan
police received emails to the effect following an inquiry last week.
Abhishek and Ashok were arrested along with three others in the Alwar
bank scam, involving an alleged embezzlement of Rs 16 crore and illegal
money exchange of Rs 1.38 crore, on December 21.
"During our investigation and interrogation of Abhishek and his father, who
are the kingpins in this embezzlement case, it was found that both of them
were also involved in a multi-million
identity fraud case and wanted by the
FBI. We had emailed FBI and on
Wednesday we got a response from
them," said a senior officer of SOG on
the condition of anonymity.
"In that case, FBI had already arrested
four people and the arrest of these two
was pending. According to FBI, both have been chargesheeted by them in
the concerned court," the officer said.
The operation
The gang first invited online applications from around the world for various
jobs in a company called 'Deutche Group' created by them. Later, aspirants
were asked to attach their identity cards with their applications. They used
this information to apply for credit cards and cheat the applicants. We will
check with the FBI about the gravity of the crime and the exact role played
by the duo in the scam which took place in June 2016. Some American
newspaper had reported that both Abhishek and Ashok were yet to be
arrested.

5. Case Study- 2
Online Stalking
NEW DELHI: A Delhi University law student has been accused of stalking
and threatening a woman online. He also created her fake profiles on social
networking sites to defame her.The woman, from Vasco-da-Gama, Goa,
has lodged a complaint with Delhi Policealleging the accused has been
harassing her for over a year now. She said the law student has been
making obscene phone calls and sending threatening emails.
The victim, while working in Delhi last year, became acquainted with the
accused. "He asked her to marry him. She alleged that when she refused,
he assaulted her at Sarita Vihar. He also threatened to kill her," said a
senior police officer. "She also lodged a complaint with the Sarita Vihar
policein July last year. After this, he apologized and promised not to bother
her in future," the officer said. The accused had reportedly given a written
statement to police that he will not stalk her. After this, she withdrew her
complaint.
The victim then moved to Goa to live with her parents. But soon after she
left Delhi, the accused created her fake profiles on social networking
websites. He then uploaded photographs on these sites and declared her
to be his wife. "The accused also impersonated the victim online and made
contact with her friends through these profiles," the officer said. The girl's
marriage was called off due to this.
A case under Section 66-A of Information Technology Act was lodged at
the Economic Offences Wing on Wednesday. In her complaint, the victim
has stated that "she is a victim of cyber stalking and identity theft which has
created grave problems for her and her family".
Senior officers said the accused will be questioned and soon arrested.

6. Case Study- 3
Honey trap (Matrimonial Website)
NEW DELHI: Three African nationals along with an Indian woman have
been arrested by Special Cell of Delhi Police for allegedly cheating
prospective brides through popular matrimonial websites.While claiming to
have busted two such gangs, police has arrested Joseph IraborBhahemen,
26, and Bawo Hilary Omagbemi, 35, who are permanent residents of
Nigeria, and Nagaland native LeniyaMagh, 26. They all were presently
residing in Gurgaon.
It said the gang had cheated a Hyderabad-based woman to the tune of Rs
48.75 lakh over the past few months after befriending her through a
matrimonial website.In another case, police arrested Nigerian national
Henry ChimaAnidebe, 30, who disclosed that other gang members were
using 'voice changers' to modulate male voices into those of a woman to
pose as a customs officer.
Deputy Commissioner of Police of Special Cell said the gang members
were cheating innocent women through popular matrimonial websites and
the victims have been identified from several parts of India including Delhi.
Police said the accused were using VoIP and other techniques to execute
the cheating plan using an online services platform.
According to the special cell, it received information about cheating of
prospective brides who subscribed to these matrimonial portals.The
accused were looking for a suitable match by creating and operating
fictitious profiles, posing themselves as wealthy NRIs working in highly
remunerative professions abroad.
They were using foreign SIM cards including that of UK, US, but they were
used from within India on international roaming to mask real locations and
identities, police said.In one such case, several persons, including a
woman, were in touch with a Hyderabad woman from March on the basis of
a fake identity of Dr Abhishek Mohan created on a matrimonial website.

7. Case Study- 4
Personation
Aurangabad: The cybercrime branch of the city police is probing an identity
theft case after an unidentified suspect recently hacked the email account of a
city-based industrialist and sent an email to all his contacts seeking financial
help claiming that he was stuck in Singapore. The suspect also provided the
account number of a bank.A complaint was lodged by the industrialist's
representative and executive managerRamesh SargandhraoAuradkar
following which police registered a case against the unidentified suspected
hacker on Saturday evening.After the matter reached the commissionorate, it
was referred to the cybercrime branch, which, after primary investigations,
sent the case to the Satara police station for registration of offence.Satara
inspector Kailash Prajapati said, "We are moving ahead with the investigation
with the technical assistance of the cyber crime branch."
Assistant police inspector(cyber crime) Rahul Khatavkar expressed
confidence in locating the suspected hacker.According to the complaint lodged
by Auradkar, the suspect hacked the email account of the industrialist and
sent an email to everyone in his contact list seeking immediate financial help.
He also included the account number of bank in a location abroad.When the
industrialist started receiving several calls from his friends and family asking
if he was safe, he checked his email and found out what had happened.. Cyber-
crime officials said this is not an isolated case and there are many such
incidents in the city that are said to go unreported.
"There is a particular breed of hackers who steal identities from the internet
for financial gains in unethical manner, and the industrialist here is a victim to
such hackers," said Khatavkar.He added that usually, in such cases, email ids
used at public places, free Wi-Fi zones and internet cafes are more prone to
hacking.The officer said that in most of the cases, people abstain from lodging
complaint in, which ultimately benefits the suspect.

8. Case Study- 5
Defamation Case
Describing allegations levelled by Delhi Chief Minister Arvind Kejriwal and five
other AAP leaders against Union Finance Minister Arun Jaitley as “not only
insulting but jeeringly taunting and provocative”, a Delhi court Wednesday
summoned them as accused in a criminal defamation case filed by Jaitley.
Directing Kejriwal and AAP leaders Ashutosh, Sanjay Singh, Kumar Vishwas,
Raghav Chadha and Deepak Bajpai to appear before him on April 7, Chief
Metropolitan Magistrate (CMM) SumitDass said “freedom of speech and
expression is not an
absolute right” but “one
that is hedged with
reasonable restrictions,
with the law of defamation
being the primary one”.
“The language of public
discourse ought to be
within the confines of
decency. If it transgresses
those limits and becomes
insulting, offensive and laced with innuendos, same may amount to defamation and
become actionable at the end of the person aggrieved,” CMM Dass said.
Jaitley had moved court against the AAP leaders, complaining that they had made
defamatory statements and targeted him for alleged corruption in the Delhi and
District Cricket Association (DDCA).

9. Case Study – 6
Fraud
BENGALURU: Online gangs running scams to procure seeds with
medicinal properties to cure cancer have conned 22 people in Bengaluru
this year, and the loss to victims has crossed Rs 5 crore.
Police said the latest victim is a 27-year-old software engineer who parted
with Rs 35.5 lakh before approaching them with a complaint last week.
In the past year, say police, the scamsters started contacting people via
dating and matchmaking sites, apart from social networking sites like
Facebook. The seeds scam involves a swindler approaching a victim online
as a representative of an overseas pharmaceutical firm looking to source
mucuna seeds (which grow in tropical regions and are said to have
medicinal properties) from local farmers through an agent. They promise
the victim huge returns later on if they pay the agent upfront for the seeds,
and then the money disappears.
In July 2015, an elderly businessman from Bengaluru lodged a complaint
with police after losing Rs. 48.7 lakh in a seeds scam. He said the cheats
had trapped him via Facebook.
Of late, phishing emails and messages have been replaced with women
trapping men on dating and matrimonial sites. "They are organized online
gangs operating from Delhi, and have people in Bengaluru who visit the
victims posing as seed inspectors," explained sources in the CID's
cybercrime wing.
"At least 22 people have been conned in Bengaluru so far in 2016, and
many more have been cheated in the last few years. Tracing the fraudsters
is difficult as they operate from multiple locations and the money is
transferred to various bank accounts opened using bogus documents," said
an investigating officer attached to the cybercrime wing.

10. This February, IT engineer Shyam Prakash (name changed on request)
from Doddanekundi met Priyanka Mukherjee on dating site QuackQuack.in.
She claimed she worked for a Liverpool-based pharmaceutical firm
specializing in cancer drugs. "After days of casual conversation, she cited a
business prospect for me. She said I could procure the seeds from an
Indian farmer and re-sell them to her firm for a huge profit. She claimed the
seeds could cure liver tumours," said Prakash, who was sceptical at first
but soon took the bait.
Mukherjee spoke to him on the phone and introduced him to
Choice Kumar, a farmer from Pune. "After a series of online conversations
with the farmer, I made a wire transfer of Rs 2 lakh and received two
packet of seeds weighing 500g each," Prakash said. Soon after, as
Mukherjee had said, a man of African origin visited his house in Bengaluru
in April and inspected the seeds. Prakash realized he'd been cheated only
after he transferred Rs 35.5 lakh to various bank accounts over 10
instalments for different consignments. He approached police after the con
artists, including Mukherjee, snapped
all contact with him in mid-August,
and the seeds were discovered to be
inexpensive wild beans.
"There has been an increase in such
Nigerian frauds, primarily because of
people's desire for easy money,"
said Hemant Nimbalkar,
IGP, Economic Offences and Cyber
Crimes, CID. "It is sad to see
educated people falling prey to such fraud and losing their hard-earned
money despite we running awareness campaigns to tell people about such
scams. We have arrested many Nigerian fraudsters in the past and a probe
is under way into this scam as well," he said.

11. Case Study – 7
Phishing Page Attacks
ICICI Bank Phishing
Did you know that e-mails,longconsidered the most convenient form of communication,can actually spring
some nasty surprisesfor you? Recently, a few ICICI Bank customers in Mumbai, to their utter dismay,
discovered that e-mails can be extremely hazardous,if not to their health, at leastto their security.These ICICI
Bank customers received an e-mail from someone who posed as an official of the bank and asked for sensitive
information likethe account holder's Internet login name and password and directed them to a Web page that
resembled the bank's official site.When some customers wrote in to find out what the e-mail was about, the
bank officialsregistered a complaintwith the police.
Absolutely Innovativeway to get the secret information of the net bankingcustomers.This articlefrom
Rediff.com throws lighton what is Phishing?
New as itmay be in India,itis actually a popularbankingscam,a warningagainstwhich had been issued by
many international banks includingBarclaysand Citibank.rediff.compresents a guide that will help readers
understand what the scamis aboutand how they can stay clear of it.
What happened in the caseof the e-mail scaminvolvingICICI Bank? Afew customers of ICICI Bank received an
e-mail askingfor their Internet login name and password to their account.The e-mail seemed so genuine that
some users even clicked on the URL given in the mail to a Web page that very closely resembled the official
site. The scamwas finally discovered when an assistantmanager of ICICI Bank's information security cell
received e-mails forwarded by the bank's customers seeking to crosscheck the validity of the e-mails with the
bank. Such a scamis known as 'phishing.'

12. Case Study – 8
Revenge Pron
SALEM, TAMIL NADU
This is a story about a 21-year-old BSc student from Salem, Tamil Nadu. This 21-year-old girl
is the victim in this whole episode.On 23 June 2016, the victim’s parents rush into the Salem’s
SP’s office to take action against a Facebook user who was allegedly posting morphed
pictures of their daughter. The police were ready to help them but the parents had a
condition that, No FIR should be lodged that is the case should be off the books.
The police explained the parents that it would be next to impossible for them to find the real
culprit without an official document certifying the crime. After much persuading, the parents
agreed to register the complaint, not in the police office but in the Community Service
Register.
Investigation through data scrapping revealed that the account was a fake profile. The culprit
was now to be charged with three sections. Section 65C for having a fake profile.Section 67
and 67A for uploading pornographic content.
The next day police caught a young man who allegedly had an affair with the victim. The
police later realized that he was not the culprit and they let him off.Another angle of
investigation was a mobile number from which the victim’s father used to receive phone
calls. This too wasn’t helpful as the police realized that the number too was bought with a
fake identity.
The very same day an e-mail was sent to Facebook from the Salem Cyber Cell to reveal the IP
details of the fake Facebook profile. With no other clue, a response from Facebook was their
final hope.
CB-CID(Crime Branch-Criminal Investigation Department) was also approached to put
pressure on Facebook India officials for speedy delivery of the required information.Two days
later, with no response from Facebook, something very unfortunate happened. The victim
committed suicide.
This incident shook the entire nation and put a very serious question in the minds of people,
“Are children safe on the internet?”.The next day Facebook delivered the required
information to Salem Cyber Cell. After the IP address was retrieved it was a matter of hours
for the cyber experts to reach the culprit.
Within 12 hours, the police arrested the culprit who was the victim’s next doorneighbor who
claimed to be the victim’s rejected boyfriend who wanted revenge.

13. Case Study – 9
Crime against community.
A Jadavpur University chemistry professor was arrested on Thursday evening for circulating
a picture spoof on Trinamool Congress boss Mamata Banerjee and railway minister Mukul
Roy.The charge against the professor, AmbikeshMahapatra, is that he had sent emails with
the spoof, parodying Satyajit Ray's detective flick, Sonar Kella (The Golden Fortress).
The spoof, which is being widely circulated on the internet, has lines from the film, in which
a boy called Mukul is duped by two criminals into believing that they caused a “wicked man”
— who is actually a good person — to “vanish”. In the spoof, the “wicked man” who has
“vanished” is former railway minister Dinesh Trivedi, forced out of office by Banerjee
in march.
Banerjee said, "If one commits an offence, one has to face arrest. Conspiracies won't be
tolerated." But Mahapatra said, "I am not repentant for my act."Mahapatra, who has been
teaching at the university for 17 years, later said Trinamool supporters stormed his house on
Thursday evening and forced him to confess in writing that he had sent the e-mail as he was a
CPI(M) supporter. He was granted bail on a personal bond of R500 by a city court on Friday.
Along with Mahapatra, his neighbour Subrata Sengupta was arrested because the former used
his e-mail. Sengupta is the secretary of the housing society in which Mahapatra lives.Both
labour minister Purnendu Bose and transport minister Madan Mitra, however, defended the
police action, saying the e-mail was in bad taste. "Jadavpur University is becoming a hotbed
of wannabe Maoists under the guise of academics. Investigation would reveal it easily," Mitra
said.
However, rebel Trinamool Congress MP Kabir Suman slammed the police for the arrest.

14. Case Study – 10
Radicalization
Two girls were arrested over their Facebook post questioning the shutdown in the city for Shiv Sena
patriarch Bal Thackeray's funeral with the comment also leading to an attack on the clinic of an uncle
of one of them by Sena activists.The arrests in neighbouring Thane on Sunday sparked an outrage
with Press Council of India chief MarkandeyKatju on Monday demanding "immediate" action against
police personnel involved. Congress said a police case against the girls was "unfortunate" and hoped
Maharashtra government would take remedial measures
The two girls--ShaheenDhada and Renu--were sent to 14-day judicial custody by a court before which
they were produced on Monday but were granted bail within hours after they furnished personal
bonds, police said.Dhada was arrested after she posted comments on the social networking site
opposing the shutdown in Mumbai.86-year-old Thackeray was cremated on Saturday.
She allegedly said that one should not observe bandh for Thackeray's funeral. "We should remember
Bhagat Singh and Sukhdev," the post said.Dhada's friend Renu was arrested for 'liking' the
post."Police arrested both of them under section 505(2) (statements creating or promoting enmity,
hatred or ill-will between classes). Today, they were granted bail," their advocate Sudhir Gupta
said.The duo was arrested following a police complaint lodged by a local Sena leader.
After the comment was posted, a mob of nearly 40 Shiv Sainiks allegedly barged into Dhada'suncles's
orthopaedic hospital at Palghar and vandalised the place yesterday.However, no arrests were made
in connection with the attack.In an e-mail to the Maharashtra Chief Minister Prithviraj Chavan, Katju
warned of "legal consequences" if he failed to take action against the police personnel concerned.
With the Aseem Trivedi episode apparently on the back of their mind, Maharashtra Police's IG (Law
and Order) Deven Bharti said a probe has been ordered into whether the contents of the Facebook
post constituted an offence and even if the offence was registered why were the arrests made.Bowing
to public pressure and criticism from the court, the Maharashtra government last month decided to
drop sedition charge against cartoonist Aseem Trivedi for allegedly insulting national symbols.
"Filing a case against the girls is unfortunate and I hope Maharashtra government will correct it,"
Congress spokesperson Sandeep Dikshit said in Delhi. He, however, said a comment or two a couple
of days later could have been alright since it was a "sensitive time" on the day of Thackeray's
funeral.Dikshit, at the same time, disapproved of the attack by the Sena activistsSudhir Gupta said
the Facebook post at no place contains anything that insults anybody's religious feelings."If you see
the entire post, it nowhere insults anybody's religious feelings," he added.
Deven Bharti said the police probe will be conducted by Special IG of Konkan range Sukhwinder
Singh."We have ordered an inquiry....if any further action needs to be taken the probe team will
decide and send a report. On this report we will act," he added."There were two major issues. We
have asked him (Singh) to inquire whatever has been written, whether it qualifies for an offence.
Second, even if the offence is registered, why the arrests were made, and under which circumstances
were the arrests made," he said.
Dr Abdul Yusuf Dhada, whose hospital was ransacked, said he has suffered heavy financial losses.
With the police coming under attack, Investigating Officer Shrikant Pingle said anybody can comment
on Facebook."But one should make good comments which doesn't hurt others' sentiments," he
added.

15. Case Study – 11
Cyber Terrorism
26/11 Mumbai terror attack case
26/11 Mumbai attacks would show that cyber communication between the terrorists and usageof cyber
technology by them to be acquainted with the target population and the place,created similardevastating
results in India.Itwas observed that most of the 26/11 planningwas also planned meticulously with Google
Earth. The terrorists madeuse of “cellular phonenetworks for command and control, as well as social media to
track and thwart the efforts of Indian commandos.Moreworryingly,the terrorists demonstrated expertise
which bore hallmarksof a professional team. They managed to convert audio signalsto data before
transmission.
Even though the media had highlighted the phenomenal terroristattack on crucial bus inessand Jewish
settlements in Mumbai,the Indian Ministry of Home affairs in their annual report(2010) had released a
detailed nexus between digital technology and the misuseof the same by extremists, satellitephones,GPS and
various websites were widely used for fulfillingthe mission of the extremists. As per the facts available
regarding26/11 attacks,the perpetrators did access the computer resources availableatTaj Hotel and Trident
Hotel. They accessed the Hotel computers to download information about the hotel guests, especially theUS
and UK citizens stayingatthat point of time. Their objective was to kill the hotel guest selectively by obtaining
their room numbers from hotels computer database.What perpetrator did? From section 66F perspec tive, the
perpetrators intentionally threatened the unity, integrity, security,or sovereignty of India and struck terror
and caused death or injuriesto the person and damaged or destruction of property by penetrating or
accessinga computer resources without authorisation.Thus the act of perpetrator of 26/11 may fall under the
category of cyber terrorism.
The Information Technology Act, 2000 (amended in 2008) had painstakingly taken efforts to secure protected
systems, which is defined by Section 70. “The appropriateGovernment may, by notification in theOfficial
Gazette, declareany computer resource which directly or indirectly affects the facility of Critical Information
Infrastructure,to be a protected system”. Further actions of government include the passingof rules such as
the Information Technology (Guidelines for Cyber Cafe) Rules,2011 under the umbrella of the ITAct. In doing
so, the government has had to walk a fine balancebetween the fundamental rights to privacy under the Indian
Constitution and national security requirements. Cyber terrorismgains new faces in pace with the growing
innovations in the cyber field.India faces diversechallenges of cyber terrorismwi th the emergence
and widespread useof social networking sites and digital medium. Significantly
more than 80 internet pages were banned by the governmentof India in the
wakeof rumours after the Assam incident reveals the intensity of new face of
cyber terrorismin the country.

16. Investigation Steps:
1.Data scrapping of the accused profile
There are various tools that can help to scrap the data of the accused
profile.
https://autoclick.us/fb-uid-scraper/
http://osintframework.com/

17. 2. Checking the details of the IP Address obtained from data
scrapping.
IP lookup can be done using various tools available over the internet
3. Image Searching (google reverse image lookup)

19. 4. Filling of 91CRPC
The 91 crpc is an official document that can be issued by the
investigating officer to request the service provider like Facebook,
twitter, etc. to send details regarding a particular account which may
be required for investigating purposes. 91 crpc can be filed only when
a written complaint has already been registered.

20. 6. IP DR Analysis
Social networking sites like Facebook when requested for information
via 91 CRPC revert back with the necessary information.
This information typically consists the account creation IP address
with date and time, password change IP address with date and time,
the E-mail address linked to the account, the phone number linked to
the account, the devices that have been used to login the account
and much more.
Once the investigating officer gets hold of the required IP address,
he/she can easily track the physical location of the devices that the
culprit used to commit crimes.