Do not take the bait! Understanding Email Phishing

What precisely is phishing?

Phishing is a tactic used by hackers to trick you into providing personal information or account data. Hackers steal sensitive data by generating new user passwords or inserting malware (such as backdoors) into your device once they have your knowledge.

Financial frauds or identity hacks perpetrated using the victim’s private information are the more serious consequences of phishing. Phishing is responsible for almost 90 percent of all data breaches.

What are the various kinds of phishing scams?

Depending on the perpetrator, phishing attacks will hit a wide variety of people. It is likely that this is a generic email phishing scam searching for someone with a PayPal account. However, these are almost certainly phishing attempts. Phishing may also take the form of an email that is sent to only one user. Because of their access, the attacker would devote time and effort to crafting an email for a single recipient. If the email is on this end of the continuum, even the most suspicious individuals are likely to fall victim to it. According to statistics, 91 percent of data security breaches begin with some form of a phishing scheme.

What is the concept of Email Phishing?

Since the 1990s, email phishing has possibly been the most prevalent form of phishing. These are the emails that a hacker sends to any and all email addresses he or she can get his hands on. The email normally advises the user that their account has been compromised and that they must reply immediately by clicking on the ‘this page’. Since the English are not always plain, these assaults are normally easy to detect. It sometimes gives the idea that someone used translation software to go through five different languages before deciding on English.

suspect source if you search the email source and the actual connection that you are being led to.

Sextortion is a form of a phishing scheme that involves giving someone an email that seems to be from themselves. The hacker appears to have broken into your email server and then into the machine in the email. They claim to have two crucial pieces of information: your password and a video of you. The sextortion takes place on the captured footage.

They claim to have two crucial pieces of information: your password and a video of you. The sextortion takes place on the captured footage. According to the claim, you were viewing adult entertainment videos on your monitor while the camera was recording. You must pay them, normally in bitcoin, otherwise, they will reveal the video to your relatives or co-workers.

How to Recognize a Phishing Email?

Every month, users all over the world receive an average of 16 malicious emails! Furthermore, given the plethora of email newsletters that we knowingly sign up for, a detailed review of an email prior to answering can be time-consuming. Nonetheless, being aware is crucial in thwarting future efforts to steal your personal or company information.

Here are few pointers on recognizing a phishing email:

  1. Avoid any email requests for sensitive information.

Remember that a legal company will never send you an email requesting confidential personal or financial information. Furthermore, an organization with which you are familiar would like to have a phone call with you about some account details. Unsolicited emails demanding personal information and containing a connection or attachment should be avoided. It is unquestionably a ruse. Generic Email Salutations Should Be Avoided

  1. Avoid emails that address you as a “respected member,” “favorite client,” “customer,” or “account manager,” among other words. 

    Emails with such generic salutations should be stopped at all times since they are almost invariably spam. Bear in mind that a legal business will call you by your name. Any cyber con artists, on the other hand, totally disregard the salutation portion of the text! As a consequence, make sure you check the other things on this guide and see whether it’s deceptive or not.

  2. Verify the Sender’s Domain in the Email Address

Examining the sender’s address is one of the most effective ways to detect a phishing text. Check the domain in the email address, which is the part after the @. This will give you a good sense of the email’s sources and therefore its validity. Cybercriminals sometimes change the spelling of a domain to make it seem legal. But proceed with caution! But, since businesses often use special or random domains to reach out to their clients, this is not a foolproof tip. Small businesses, in particular, rely on third-party email providers to deliver emails. As a consequence, the dubious-looking domain could be real!

  1. Spelling Errors Can Serve as a Warning Flag

One thing to keep in mind! Any brand and business invest heavily in their proofreaders and copywriters. This is to ensure that the material they distribute to consumers is error-free, factually correct, and grammatically correct. An error in material, particularly in an email to a prospective or current client, is a major source of embarrassment for an organization. As a consequence, it’s self-evident that an email from a legitimate organization must be well-written. Scam texts, on the other hand, are easily detected by their grammatical and spelling mistakes. Hackers, obviously, are not idiots! They know who they’re after, and these phishing emails are often aimed at people in the lower echelons of the educational ladder.

  1. Be wary of uninvited attachments

If you know what the most often used phishing email bait is? Attachments and connections that are unsolicited and suspicious-looking. Emails with random attachments or connections are never sent from a legitimate entity. They would rather take the user to their own website to retrieve the required documentation or files. Companies that have your contact information, on the other hand, can give you white papers, newsletters, and other materials as attachments. So, though you can be careful of attachments with extensions.exe,.scr, and.zip, this isn’t a completely secure trick. In case of uncertainty, the safest course of action is to contact the sender directly.

  1. It makes no difference if you have the world’s most reliable surveillance system. It only takes one untrained employee to be duped by a phishing attack and hand over the information you have worked so long to safeguard. 

Be sure you and your colleagues are all aware of these particular email phishing scenarios, as well as all of the warning signs of a phishing attempt.

Gaps and Limitations and how to tackle them 

Both consumers and companies must take action to defend themselves from phishing attacks. Vigilance is important for consumers. A spoof message sometimes includes inconsequential errors that reveal its true identity. As seen in the previous URL example, these may involve spelling errors or domain name changes. Users should also consider that they are sending such an email in the first place.

The foregoing phishing email detection tips will undoubtedly raise your tolerance and vigilance of phishing attacks. Phishing attacks, on the other hand, are becoming stealthier and more subtle by the day. And seasoned users can find it difficult to spot a phishing email before it’s too late, thanks to changing techniques.

It’s shocking to hear that almost half of all phishing or bogus websites already have SSL Certification or HTTPS encryption! To escape tracking, they are increasingly using tactics such as web page redirects. Fake fonts and other encoding methods are often used by some fake banking websites to give the impression of a real website. Also, the most vigilant customer is finding it more difficult to detect phishing attempts as a result of these tactics.

Texial’s – Phishing Attack Victims Investigation Services

Texial is a forensics laboratory that focuses on optical and Cyber Forensics. Texial’s Lab delivers investigative and cybersecurity expertise and technologies, supported by a roster of the best-in-class forensic experts. Texial’s Lab also delivers cybercrime detection training and information to corporations and law enforcement authorities.

A Dive into the Forensic Universe: Forensic Standardisation

What is Forensic Standardization? 

Computers have been an integral part of daily life in recent decades. Many that commit offenses, unfortunately, are not immune to the computer revolution. As a result, techniques that allow prosecutors to retrieve data from devices used in unlawful activities and use it as evidence in criminal cases are becoming increasingly relevant to law enforcement. Standardization of the compilation, analysis, interpretation, and reporting of forensic evidence is essential to a common approach to how evidence is used. This allows states to share facts and intelligence in order to exonerate the accused or convict the guilty.

HISTORY

The first Digital Forensic Research Workshop (DFRWS), conducted in Utica, New York in 2001, described digital forensics as “the application of scientifically derived and proven methods to the storage, processing, confirmation, identification, examination, interpretation, recording, and presentation of digital evidence derived from digital sources for the purpose of facilitating criminal investigations.” or assisting with the rehabilitation of violent cases, or assisting in the anticipation of unauthorized activities that have been seen to interrupt scheduled operations.” Digital forensic evidence, on the other hand, maybe used in both criminal and civil trials.

ISO/IEC 27043:2015 (ISO/IEC 27043:2015) is an international standard that covers information infrastructure, encryption techniques, and incident investigation standards and processes. The specification defines a component of a larger investigation that can be used in accordance with other international standards such as ISO/IEC 27035, ISO/IEC 27037, and ISO/IEC 27042. The ISO/IEC 27043 standard was created with the primary goal of defining and following certain standardized investigation principles and procedures in order to obtain the same results for different investigators under similar circumstances. The concepts of reproducibility and repeatability are critical in any criminal investigation. Throughout the inquiry process, the ISO/IEC 27043 specification is also intended to provide consistency and transparency in the collected findings for each specific process (including report generating).

UNDERSTANDING THE NEED FOR STANDARDISING FORENSIC REPORT PROCESS

Report generation is a process in ISO/IEC 27043 that focuses on the analysis of digital data. In general, the presentation phase of a digital forensic investigation assists in the confirmation of the forensic theory, while report generation as a procedure is encapsulated within the investigative process and is one of the classes of the digital investigation process. Although report generation is not a method for conducting investigations, it has been presented as a process for displaying or interpreting the results. We believe that forensic reports should be prepared or produced in a standardized manner, rather than being lumped into one of the digital investigation categories (investigative process class). It’s worth noting that if forensic reports aren’t prepared, presented, and interpreted properly, they may lead to misinterpretations of the forensic theory or investigative fact throughout several cases. This is a major flaw in the standard.

SCOPE OF DIGITAL FORENSIC INVESTIGATIONS

It’s important to remember that a forensic report can cover the full spectrum of the automated forensic investigation process as it’s being written or produced. At this stage, information from a digital forensic investigation cannot be retrieved without observing specified procedures; this must be stated clearly since the digital forensic investigation’s importance cannot be overstated. Which provides for open investigative notification to all interested stakeholders. One might also look at the possibility of using Blockchain to ensure the credibility of the report’s data.

LIMITATIONS

There is no such thing as a flawless automated forensic examination. As a result, any decisions to skip such procedures, protocols, or investigative behavior, as well as any known shortcomings in the methods and strategies used, should be reported. 

CONCLUSION AND FUTURE DIRECTIONS

The need to standardize the report generation process in order to improve the presentation of forensic evidence before and after trial while adhering to the ISO/IEC 27043:2015 standard. Future study will focus on defining the core components of a standardized report generation process, for example in collaboration with the international digital forensic group, as well as investigating how modern technology like augmented reality, Blockchain, and machine learning can be used to make the process easier.

A Guide to a career in Cyber Forensics

What is Cyber Forensics?

Cyber Forensics, also known as computer forensics, plays a vital role in investigation of Cyber attacks and Cyber crime. It involves extraction and analysis of digital evidence such as an electronic document and storage mediums.

Cyber Forensics deals with the extraction, preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from any such device that has a storage memory and basic computing power. Cyber Forensics experts are proficient in data recovery that encompasses recovering lost, encrypted, deleted, or damaged data and discovering hidden data residing in a system for investigation.

History

  • In 1978,first computer crime was recognized in Florida.
  • 1984 work began in the FBI Computer Analysis and Response Team (CART).
  • In 1992, Computer Forensics was introduced in academics.
  • 1995,International Organization on Computer Evidence (IOCE) came into force.
  • In 2000, the First FBI Regional Computer Forensic Laboratory was setup.
  • In 2002, first book on digital forensic called “Best practices for Computer Forensics” was published by Scientific Working Group on Digital Evidence (SWGDE).

Since then, several agencies, each with their own cyber crime divisions,digital forensics labs, dedicated onsite and field agents, collaborating actively in an effort to take on tasks.

India on Digital Forensics

India ranks 15 in the 2019 ranking and moved up to 18 in the 2020 rankings,in inverted scoring system.India also ranks 11th worldwide in the number of attacks caused by servers that were hosted in the country, which accounts of 2,299,682 incidents in 2020 as compared to 854,782 incidents detected in 2019, says the source.

The need for computer forensic experts is growing rapidly. According to a source, the Global Digital Forensics Market is estimated to reach $7 billion by 2024.As India continues to embrace technology and digitization, cybersecurity and digital forensics must be given maximum priority. Cyber forensics is the foundation for an effective and defensive measure against cyberattacks on civilians and government targets. It enables investigators to analyze computer systems after an attack to determine the extent of damage, recover lost data and find the perpetrators.

Opportunities

Several private investigation and cyber security firms hire freshers to perform data recovery.The average salary of a Computer Forensic Investigator is 758,388 per annum and may rise to 11-12 Lakhs pa within 5 years. This super-specialization field allows individuals to get into security and opens the widely acclaimed field of Cyber Security and Incident Response where packages can begin from 4 lakhs and rise up to 12 pa within a span of 5 years.These roles can be satisfied by Digital forensic students. Computer science engineers with knowledge in digital forensics can also cater to the field. Software engineers can perform source-code forensics. Although they are far and rare in India,they come with heavy packages. If you are planning a career in Cyber Forensics, the future is bright.

How to become a Computer Forensic Investigator

Get certified

A Certification in Cyber forensics will provide you with a foundation investigation and computer use,technologies and techniques used in the field. Experience will further advance one’s career and open senior job opportunies.

  • Computer Hacking Forensic Investigator(CHFI)
  • Texial Cyber Forensic Investigator

Get your first Job

Computer forensic jobs can be found in both Government and Private sector.

  • Security Consultant
  • Malware Analyst
  • Computer Forensic Investigator
  • Computer Forensic Technician
  • Information Security Analyst
  • Information Systems Security Analyst
  • Forensic Computer Analyst

Advance with experience

With years of experience one can advance their career as Senior Forensic Expert or start their own practice.

Skills needed

  • Knowledge of Digital storage,Computer OS,Basic programming,Malware & its types and Cyber Law.
  • Knowledge in Ethical/Legal aspects
  • Soft skills-Intuitive,Analytical,Logical,Critical,Problem solving,Communication.

Topics Covered in a Cyber Forensics Course 

The following section shall provide you an outline of the curriculum of Cyber Forensics, Cyber Crimes, Cyber Security & Cyber Law. 

  • Computer Forensics in Today’s World 
  • Computer Forensics Investigation Process 
  • Understanding Hard Disks and File Systems 
  • Operating System Forensics 
  • Defeating Anti-Forensics Techniques 
  • Data Acquisition and Duplication 
  • Network Forensics 
  • Investigating Web Attacks 
  • Database Forensics 
  • Cloud Forensics 
  • Malware Forensics 
  • Investigating E-mail Crimes 
  • Mobile Forensics 
  • Investigative Reports
Digital forensic has a board scope, thus copious amounts of tools go into an investigation. Digital forensic  has a number of sub categories ,for example  Mobile forensic, Memory forensic, Network forensic, Email forensic etc. Number of  tools are available for the same.Some of the major tools are:
Memory Forensic tools 
Autopsy 
X way forensic 
Ftk imager 
Bulkextractor 
Formost 
scalpel 
Email Forensic tools 
Xtraxtor 
Stellar email forensic 
Network Forensic tools 
Wireshark 
Network miner 
Mobile Forensic tools 
AF Logical OSE 
Open source android forensic 
LIME
 

Case Study

Krenar Lusha,2009

Krenar Lusha an illegal immigrant of the United Kingdom was arrested based on his internet search pattern. On conducting search on his laptop, it was found that he had downloaded a manual of 4300 GM to make explosives. When they searched his apartment for further investigation, the police also recovered documents entitled The Car Bomb Recognition Guide, 71.8 l of petrol, 4.5lb of potassium nitrate, Improvised Radio Detonation Techniques,Middle Eastern Terrorist Bomb Design, and The Mujahideen Explosives Handbook. The chats via MSN were also recovered from his laptop. He presented himself as a terrorist who wanted to see Jewish and Americans suffer. These conversations were retrieved from his computer and used as digital evidence in the court.

Cyber crime has been on rise for years.As people progressively conduct their personal lives and business online,the data becomes a leverage.With constantly growing cyber attacks the need for Cyber Forensic experts is growing rapidly.According to a source,the job demand in Cyber Forensics will rise upto 32% by 2028.

Texial Cyber Forensic Investigator-Texial Cybersecurity

The Texial Cyber Forensic Investigator training is a comprehensive program that consists of theoretical as well as practical training sessions to give students a hands-on learning experience in analyzing computer systems in the aftermath of a cyberattack and discern their causation.

A Complete guide to Fingerprint Analysis

What are Fingerprints?

Impression left by the friction ridges on the finger are known as Fingerprint.A Fingerprint consists of ridges and furrows in patterns,which make them unique.

Origin

  • Edward Richard Henry (1850-1931) –He devised the fingerprint classification formula, recommended the use of mercury based and graphite based powders. 
  • Sir William Hershel,1856 -The first to use fingerprints An English Chief Magistrate in India who used prints on native contracts. 
  • Dr.Henry Faulds,1880 -Notices fingerprints on pre-historic pottery 
  • Sir Francis Galton,1888 -Sir Francis Galton, a British anthropologist and a cousin of Charles Darwin, began his observations of fingerprints as a means of identification in the 1880’s. In 1892, he published his book, “Fingerprints”, establishing the individuality and permanence of fingerprints. The book included the first classification system for fingerprints.

Types of prints

  • Latent print
  • Patent print
  • Plastic print

Latent print

It is invisible to the eye produced due to the deposition of oils and perspiration.

Patent print

It is visible on surface after ridges have been in contact with colored material: blood,paint,ink,.

Plastic print

Impressions left on soft material: putty, wax, soap, or clay,.

Collection methods

Latent print

Use alternative light source(UV light),High Definition Photograph,tape lifting method,chemical fuming methods(cyanoacrcylate, ninhydrin, silver nitrate)

Patent print

Use alternative light source(UV light),High Definition Photograph,tape lifting method.

Plastic print

Casting methods

Collection of Fingerprint from the dead

Casting methods-For skin that’s badly deteriorated, it may be possible to use silicone putty to make a casting that captures the detail of the fingerprint ridges. Those impressions can then be photographed and used in identification. Most sensitive to taking an impression, even under only moderate pressure against the mold. 

Thanatopractical  processing– fluid is extracted from other parts of a body’s remains is used to restore tenseness and volume to the fingers in order to plump them for printing.

In case of rigor mortis, straighten the fingers. This can be accomplished by pressing down on the middle joint of the finger. Dust the fingers and palms with fingerprint powder and lift the prints with tape or rubber lifters.

Surfaces

Porous: Absorbent surfaces such as cloth,paper,. 

Non porous: Non absorbent surfaces such as glass,plastic,.

Principles of Fingerprint Analysis

1. A fingerprint is an individual characteristic because no two fingers have yet been found to possess identical ridge characteristics.

2.   A fingerprint will remain unchanged during an individual’s lifetime. 

3.  Fingerprints have general ridge patterns that permit them to be systematically classified.

Fingerprint Analysis

Types of Ridge patterns

Loops

Loop must have one or more ridges entering from one side of the print, recurring and exiting from the same side. 

It should have one core and one delta If loop 

-Opens towards little finger= ulnar loop 

-Opens towards the thumb= radial loop

These patterns are named for their positions related to the radius and ulna bones, i.e. the bone the loop opening is facing towards.

Whorls

  • Plain Whorl
  • Central pocket loop whorl
  • Double loop whorl
  • Accidental whorl

All whorl patterns have type lines and a minimum of two deltas. 

Central pocket loop whorl have at least one ridge that makes a complete circuit. 

Ridge may be spiral, oval or any variant of a circle.

Double loop whorls (Twin loop)are made up of any two loops combined into one print.

Accidental whorls contain two or more patterns which does not clearly fall under any of the other categories.

Arches

  • Plain Arch-Ridges enter on one side and exit on the other side.
  • Tented Arch-Similar to the plain arch, but has a spike in the center.
Arch patterns do not have Type lines,Core and Delta

Ridge Characterstics

Class Characterstics

Type Lines-Pattern area of the loop is surrounded by two diverging ridges known as type-lines.

Core-Core is defined as the innermost turning point where the fingerprint ridges form a loop.

Delta-Delta is defined as the point where these ridges form a triangular shape.

Individual Characterstics

Bifurcation(Fork)- A ridge diverging into two parallel ridges,forming a fork shape.

Spur (Hook)-A ridge diverging from the main ridge to form a hook.

Enclosure(eye)-A ridge divides into two and the two divided ridges immediately converge into a singe ridge,forming an eye shape.

Dot-A very small fragment found inbetween the pattern.

Trifurcation- A ridge dividing into three parallel ridges.

Bridge- Two ridges connected by a bridge.

Ridge Counting

The number of ridges intervening between the delta and the core is known as the Ridge Counting.

  • Ridge counting is performed on loop type pattern. 
  • If there is a bifurcation at the exact point of coincidence, two ridges are counted. 
  • If there is a bifurcation of a ridge exactly at the point where the imaginary line would be drawn, two ridges are counted. 
  • Fragments &dots are counted if they appear as thick as the neighbouring ridges. 
  • Ridges, which run close up to without meeting the line, are not counted. 
  • Where the line crosses an island, both sides are counted.

Ridge Tracing

  • The course of the lower ridge of the delta, is followed and it will be found either to meet or to go inside or to go outside the corresponding ridge of the delta. 
  • If the course of the ridge ends abruptly, the course of the next ridge below it is to be followed. 
  • In case of bifurcating ridge the lower line of bifurcation should be followed. 
  • When the traced ridge meets the corresponding ridge of the right delta or goes inside or outside, with not more than two ridges intervening between them, the Whorl is specialised as Meeting(M). 
  • When the ridge goes inside and there are three or more intervening ridges, it is specialised as Inner(I). 
  • When the ridge goes outside and there are three or more intervening ridges, it is specialised as Outer(O).

Database

Fingerprint Analysis and Criminal Tracing System (FACTS) & Aadhar 

The computer uses an automated scanning device to convert the image of a fingerprint into digital ridge characteristics. (image processing and pattern recognition techniques) 

Holds information of class characteristics, individual characteristics , minutiae location, direction, ridge count, density, type of print,. National crime records bureau and Central finger print bureau hold access to FACTS.

Applications

  • Biometric security 
  • Identity recognition in mass disasters 
  • Conducting background checks 
  • Criminal investigation

Recent Trends

Determining use of illegal drugs: 

Researchers from the University of Surrey in England have developed a method to test the residue left in a fingerprint for cocaine using mass spectrometry. 

Fingerprint Molecular Identification (FMI) technology to identify gender, narcotics and nicotine: 

North Carolina’s ArroGen Group has developed FMI technology, again using mass spectrometry, to identify gender biomarkers, as well as metabolites of nicotine, heroin, methamphetamine, marijuana, temazepam, ecstasy and even some legal medications. 

Developing Technique Bacteria:  

Certain bacteria, for example acinetobacter calciacatieus, can be used to develop prints on valuable oil paintings, without harming the painting in the process.  The bacteria in a nutrient gel are pasted onto the surface of the painting, making the print visible as they multiply.  The gel can then simply be wiped off, leaving the painting unaffected. 

Autoradiography:  Radioactive atoms are incorporated into the fingerprint by placing the piece of fabric into a container containing radioactive gases, such as iodine or sulphur dioxide, at a humidity of less than 50%.  The fabric is then put into contact with photographic film, and the radioactive atoms cause a picture to become clear.

The Identification of Prisoners Act 1920

Section 1: An act to authorize the taking of measurements and photographs of convicts and others. 

Section 2: Definitions “ Measurements” include Finger impressions and foot print impressions 

(a) “Police Officer” means an officer in charge of a Police Station, a Police Officer making an investigation under chapter XIV of the Code of Criminal Procedure, 1898 or any Police Officer not below the rank of Sub – Inspector. 

(b) “Prescribed” means prescribed by rules made under this Act.

Section 3: the SHOs and investigating officers are empowered to take the finger prints of every person who has been convicted of any offence punishable with rigorous imprisonment for a term of one year or upwards or of any offence which render him liable to enhanced punishment on a subsequent conviction.

Section 5: A First Class Magistrate can direct to give the FPs of any person arrested in or for the purposes of any investigation or proceeding.

Collection of Fingerprint for comparison

Under the provisions of 73 IEA and Section 5 & 6 of Identification of Prisoners Act, the law enforcing authorities and courts have been empowered to take finger prints of a person for the purpose of investigation or identification.

On refusal,

Section 6 of Identification of Prisoners Act:If any convict resists to give finger prints necessary measures should be to taken to secure his finger prints.If he still refuses, he can be charged u/s 186 IPC and he is liable for punishment.

Expert Testimony

In 1899 amendment was made to Evidence Act, Section 45 & 73 and evidence of finger Print Expert was given a statutory recognition. 

Section 45 of IEA, when the court has to form an opinion upon a point of foreign law, or of science or art or as to identity of handwriting or finger impressions, the opinion upon that point of persons specially skilled in such foreign law, science or art or in questions as to identity of handwriting or finger impressions, are relevant facts. Such persons are called Experts.

Under Section 293 Cr.P.C.Report submitted by Director, FPB as Expert opinion may be used as evidence.The court may, if it thinks fit, summon and examine any such Expert.If the Director, FPB is summoned by a court and he is unable to attend personally, he may, unless the court has expressly directed him to appear personally, depute another Expert who is conversant with the facts of the case.

Palm prints comes within the section of 45 IEA and opinion of Experts as to identity or non-identity of palmer impressions are admissible in court.

Section 60 of IEA, if oral evidence refers to an opinion or to the grounds on which that opinion is held, it must be the evidence of the persons who holds that opinion on those grounds (i.e. Expert need not be present in the court).

Under section 20 (b) of Cr.P.C. any document produced before the Magistrate on which prosecution to rely, provided that Magistrate is satisfied that any such document is voluminous, he shall, instead of furnishing the accused with a copy thereof, direct that he will only be allowed to inspect it either personally or though pleader in the court.

The Exciting World of Cyber Forensics

The Exciting World of Cyber Forensics

Introduction

Cyber criminals seem to be everywhere these days. They lurk in the deepest corners of the internet, practically secretly defrauding individuals, hacking, cheating, and fleeing from the authorities. Cyber Forensics is a method for computer discovery used to assess and expose specialized criminal evidence. For legal purposes, it also requires electronic data storage retrieval. People who work in cyber security with digital forensics are on the front lines in the fight against cybercrime. They are the ones who gather, store, archive, and evaluate evidence relevant to computers. They help find flaws in the network and then establish methods of reducing them.

What do people in Cyber Forensics do?

  1. Recovering data from hard drives that are corrupted or erased.
  2. Hacks tracing.
  3. Collecting evidence and preserving it.
  4. Reading investigation reports and analyzing them.
  5. Acting around computers and other technological gadgets.
  6. Along closely with other detectives and police officers. 

History of Cyber Forensics

It is difficult to establish when the history of computer forensics begins. Most researchers believe that more than 30 years ago, the electronic forensics sector started to develop. The sector started in the United States, where law enforcement and military agents begin to see perpetrators getting technical, in large part.

What became known as digital forensics was widely called ‘data forensics’ until the late 1990s. Law enforcement agents, who were also computer hobbyists, were the first computer forensic technicians. Work on the FBI Data Analysis and Response Team started in the USA in 1984. (CART).

Why is Cyber Forensics budding and has great potential now?

The key purpose of computer forensics is, from a scientific point of view, to locate, capture, store and interpret data in a manner that maintains the credibility of the obtained information such that it can be used successfully in a court case.

In their day-to-day lives, technological advances have led to over half of the world’s population dependent on computers and other technologies, from monetary control to global connectivity. Technology has unfortunately grown with a double weapon, introducing a new criminal platform: Cybercrime. Without adequate evidence, digital cyber criminals can be very difficult to accuse.

Still, a wide range of offences, including child pornography, theft, espionage, cyber-stalking, murder, and rape, are being prosecuted. In civil litigation, the discipline also serves as a form of evidence collection (for example, Electronic discovery).

Why choose a career in Cyber Forensics?

The ever-increasing pace of carrying out most online personal and technical operations has contributed to a cybercrime boom. In the execution of computer-based crimes or cybercrimes, the use of computers and/or mobiles is required. Therefore, the need for cyber and digital forensics expertise is on the rise. Explore in this blog the possibilities of a Cyber Forensics career.

Under the “information security analyst” group, the Bureau of Labour Statistics (BLS) categorizes the job electronic forensics examiners perform. The demand for this job is projected to rise by 32 percent from 2018 to 2028, according to data from 2019, which is extraordinarily high. In other words, in the Internet era, it is an important part of law and enterprise and can be a satisfying and profitable career direction.

Career aspects in Cyber Forensics with respect to India
In jails around the world, nearly a quarter of a million under-trials are languishing. Of these, about 2,069 have been in custody for over five years, even though their guilt or innocence is yet to be identified. There are also cases that do not necessarily need to be referred to the police or the judiciary. Most analysts believe that, in many forensic areas and crime investigations, India faces an acute shortage of qualified forensic experts and scientists. Forensic research has more than 27 sub-branches and is an applied science. The lack of trained Indian forensic experts, scientists, and prosecutors. Cyber Forensic experts can help by helping the decision-makers before a lawsuit enters the court, forensic sciences help to reduce the number of lawsuits entering the overwhelmed court system. There is, thus, broad space for careers, private jobs, own profession, etc.

While Computer Forensics is still in India in its formative years, there is a surge in job opportunities for such professionals. Professionals from Cyber Forensics are also employed to help improve an organization’s data and information management.

Computer Forensics Researcher, Computer Forensics Technician, Digital Forensics Specialist, Computer Forensics Researcher, Computer Forensics Specialist and so on are some common examples of cyber forensics jobs.

Future directions in Cyber Forensics

The world of Cyber Forensics is evolving quickly in terms of research and technology. The fundamental technology is not only increasingly emerging, but the legal climate is also changing. How an analyst investigates may be modified by new rules. Techniques grow over time as Research frameworks should be introduced to the specifications of digital forensics to better tackle the backlog by more effectively allocating scarce Cyber Forensic specialist time by enhancing and expediting the digital forensic process itself. The backlog is one of the greatest obstacles of today’s Cyber Forensics career. 

Guide for Setting up State-of-the-Art Cyber Forensic Laboratory

Setting up a cyber forensics lab texial

Introduction

Texial Cyber Security is an organization that provides specialized services to Law Enforcement agencies. Texial offers a complete range of forensic services and solutions, including litigation consulting, electronic discovery and forensic casework. We have a futuristic cybercrime and digital forensic center which offers solutions catering to different segments of the society such as law enforcement agencies, private investigators, individuals, corporate and the government.

We combine in-depth experience and comprehensive capabilities to provide consulting, software solutions and services across multiple verticals. 

Crime has taken on new forms around the country, with the nature of crimes varying sharply and a burgeoning youth demographic. Statistics point to new trends across the country, with unscrupulous entities employing hi-tech and discreet methods to break the law. Law Enforcement personnel and Investigations officers find the skills they have to be inadequate to deal with this new wave. Therefore, there exists a need for equipping investigating agencies in the latest forensic practices and technologies. 

In this regard, We want to Guide on How to set up an end-to-end infrastructure for Digital Forensics that would provide essential tools and equip their students to learn and educate in the field of Digital and Cyber forensics. 

They would mainly involve imparting skills and digital forensics tools usage to stay competent in streamlining investigative processes. The lab is to incorporate end-to-end infrastructure with necessary equipment’s and tools.
Texial, proposes to set up Digital Forensic Lab that would impart quality tools in digital forensics. We have the requisite expertise with regards to setting up of facilities as well as training – right from procurement and supply of hardware, to installation and commissioning of state-of-the-art infrastructure. We utilize cutting edge technologies and holistic processes for perfect execution of all operations. We look forward to setting up and staffing a state-of-the-art facility covering various practices of Digital Forensics.

Cybercrime or a digital crime is one of the most common types of crime in our world. 

Every year the cyber-related crimes are increasing. So we must need a proper lab setup for the
investigation. Nowadays the labs are more advanced than in the olden day. So the investigation
process is also become easy because of the investigation of certain tools. So let’s look into
how to set up a digital forensic lab deeply.

There are mainly six-phase for developing a digital forensic lab that are:

  1. Planning
  2. Identification of proper space for the construction of a lab
  3. Select the equipment’s and things need for the lab
  4. Installation and purchase of the software tools
  5. Security controls
  6. Lab Management

Phase-1: Planning

We need to have a proper plan about how to set up a lab, what are the things needed for the creation of the lab, you should have an idea approximate budget for the construction of
the lab etc. should be identified in this stage. After proper planning only we can go to the next
step. If you have a proper plan the construction with happens easily. After planning you got an idea about how a lab has been developed.

 

Phase-2: Identification of the proper space for the construction of a lab

In this you need to look for a proper location or building with a neat environment
because you need to keep our lab always clean, digital things always need a cold environment
for proper functioning. The lab should be in an air-conditioned room.

 

Phase-3: Select equipment’s need for the lab

The most important things need in a digital forensic lab includes Computers with
a licensed operating system, Intrusion alarm should be there in entrance, Monitoring camera,
every computer must have UPS etc. and common things like tables chairs etc. will be needed.

 

Phase-4: Installation of tool

Digital forensic is a vast area. So there we need more tools for investigation. Based on
different variety of digital evidence number of tools is there. Digital forensic have different
categories like Mobile forensic, Cloud forensic, Network forensic video forensic, etc. Number
of tools are available, some of them are open source for some tools we need to pay for. Some
important tools needed for a lab include:

  • Disk and data Capturing Tools
  • Registry analyzing Tools
  • Email analyzing Tools
  • Network analyzing Tools
  • Mobile analyzing Tools

Disk and data capturing tools:

These tools mainly used to extract the image of certain systems, pen drive, etc. and data
capturing tools are used to extract the potential artifacts from the email, pen drive, Mobile
phones etc.

  • Autopsy:

    It is an open-source tool used to extract the data from image files, emails, etc. It
    is easy to use and we can use it in both Unix and windows.

  •  X-Way forensics:

    X Way forensics is an imaging and disk cloning tool it is not an open-source tool we
    need to pay for it.

  • FTK Imager:

    FTK Imager is an open-source tool that is used to create the image of the computer,
    mobile phone pen drive, etc. and we can also use it to analyze

  • Bulk Extractor:

    It is an open-source tool for data carving. It scans the image file and finds email
    addresses, URLs, and credit card numbers. We can use it in windows and link.

  • Foremost:

    Foremost is another open-source tool for data carving and data recovery. It carves
    files based on their headers, footer and internal data. It is not available in windows it
    only runs in UNIX.

  • Scalpel:

    It is also a file carver it reads the database of the header and footer and extracts files. It is an open-source tool. It runs in both Windows and Linux. 

     These are some important data carving and disk imaging tools need in the digital forensic lab for analyzing the sample. So many tools are in the built-in Linux operating system.

     

Registry analyzing tool 

 The registry is a box of information that may contain some treasure-like information for the investigation of digital evidence. It’s a database contain information like user name,  browser details, unauthorized entries, etc. It also shows about malicious information like  Trojan and malware information were also found in the registries. Let’s see some important registry analysis tools. 

  1. Windows Registry: 

It is a registry analyzing tool in windows it’s an in-build software in windows. It contains the database of the things we did in the system. We can able to edit the registry by using this software. 

  1. Regshot: 

It is an open-source tool used for analyzing the registry. It is also a malware analysis tool. It notifies if there is any change on the windows registry. 

 

Email analyzing tool 

 There are so many free tools and payable tools are available for email analysis. Some  of them are mention below; 

  1. Xtractor:

    It is a software developed to extract email addresses, telephone numbers, and messages from multiple sources. It is an open-source tool used in windows. 

  1. Stellar Email Forensic:

    Stellar offers mail recovery solutions in case of data loss due to damage and corruption of Email. It is also an open-source tool.  

Some other email forensic tools include: 

  • Bulk extractor 
  • Xplico 
  • Adi4mail etc.

     

Network analyzing tool: 

In forensic, network analyzing tools play an important role. So a digital forensic lab must need some network analyzing tool for analyzing each network.

  1. Wireshark:

    It is a commonly used network analyzing tool. It is an open-source tool and we can easily handle it. It shows the packets of the network very clearly. We can use this in both Windows and Linux. 

  1. Network miner:

    It is a network analyzing tool for windows (also works in Linux Mac os/ FreeBSD). It analyses the network and it is helpful for passive network sniffing, packet capturing to detect operating systems, sessions, hostnames, open ports, etc. It is easy to use and it’s a less time-consuming software. 

     

Mobile analyzing tools: 

 Mobile Forensic tools are very important in a digital forensic lab. Because the crime related to mobile is increasing day by day. So here we are going to present some important mobile forensic tools. 

Open source tools: 

  1. AF Logical OSE:

    It is an application in APK format that is installed beforehand within the Android terminal. It extracted all the detail from a phone and also extracted from the SD card.

  2. Open source android forensic:

    It is a framework that brings together various tools that permit the analysis of the mobile device.
    Some other tools are: 

  • FTK Imager
  • Lime Memory Extractor
  • Android data extractor
  • Whatsapp extractor
  • Skype extractor etc. 

Paid tools include: 

  • Cellebrite 
  • Encase
  • Oxygen forensic 
  • MOBILedit 
  • Elcomsoft IOS Forensic Toolkit etc. 

Phase- 5: Security Controls

 In the lab, we need to maintain security. It is an important concern in forensic. We need to maintain physical security and data security. Data security deals with making sure that all the information processed and developed will be secured. Physical security is nothing but you should avoid unauthorized person entry etc. 

 

Phase-6: Lab management

 This is the final step for creating a digital forensic lab. After completing all the above steps we need to look for lab management. Now the lab is operational. The key to the success of the lab is how it is maintained and managed. So we need to manage the lab well by appointing proper employees, applying certain policies and procedures, proper maintenances, etc. will help the development of the lab. 

What makes a Cybercriminal? Understanding the profiling of a Cybercriminal.

What makes a Cybercriminal? Understanding the profile of a Cybercriminal.

What is a psychological profile?

The psychological profile is a tool guide that helps criminal detectives tell them the type of suspect they are looking for. The emergence of psychological profiling started in the Behavioural Research Unit of the Federal Bureau of Investigation (FBI) in the 1960s to explain the aggressive criminal activity. 

What are Cybercrimes?

Cybercrime, also known as cybercrime, the use of a computer as an instrument for more criminal purposes, such as fraud, trading in child pornography and intellectual property, misuse of identity, or breach of privacy. Cybercrime, specifically across the Internet, has increased in importance as computers have become integral to business, culture, and government.

History of cyber-crime

Throughout the evolution of cybercrime, the sophistication of offences and motivations has also grown. In the early days of cybercrime, most of the offences were perpetrated by angry workers who inflicted physical damage to computer systems. 

Unhappy workers will express their feelings by vandalizing the machines while costing thousands of dollars to the businesses. These incidents are known to be the early stages of insider attacks. The tradition of malicious destruction of the inner workings of computing networks started in the 1960s at the Massachusetts Institute of Technology (MIT). MIT students interacted with and studied trains from their Tech Model Railroad Club and were interested to learn how to manipulate train anatomy.

This interest has moved to the need to dissect computers in the MIT Artificial Intelligence Lab. These students have successfully discovered ways to customize and adjust basic computer functions without the need to re-engineer them. This was perceived to be the first move of hacking. However, the term “hacking” was perceived to be a constructive process by the public since it was simply a means of solving or changing a computer problem. As the hardware used by telecommunications started to expand in popularity, computer users, in particular users who considered themselves programmers, began to use malicious computers. 

What Psychological Profile can a Cybercriminal have?

There is increasing insecurity of individuals and vulnerabilities in the cyber world, and the public is concerned about Internet security.

Cybercrime is an especially dangerous offense that happens in different parts of society and has a significant effect on it in a variety of ways – societal disorganization, economic damage, and psychological illness.

The profile of a suspect is a result of a study and examination focused on the characteristics of a criminal offense, the recognition of the personality attributes, behavioral patterns, and demographic statistics of an accused criminal. In this scenario, the felony act will take priority over cybercrime. 

Personality traits play a crucial role in the behavior of the personality. A man’s features are both innate and typical. The identity of the perpetrator is a collection of undesirable personal traits that are unique to the category of crime and individual offender.

Cybercrime is not only a person with a certain status who has rights, obligations, liabilities but an entity as a dynamic system with a variety of structures:
1) needs – interests.
2) emotions – thought – will.
3) temperament – behavior – value orientation.

Major Cybercrime trends victims fall prey to. 

It is easy to get confused if one is/was a victim of cybercrime, so the first move is to realize what nature of cybercrime one has been targeting and what kind of details one has been subjected to. Understanding the categories will provide insight into the types of victims and, thus, direct us to the types of offenders and eventually to understanding the offender’s personality. 

Breaking down the different forms of Cybercrime.

  • Phishing Attack-

    In a phishing attack, cyber attackers use email or malicious websites to request sensitive information from a person or corporation while acting as a trustworthy agency.
    Phishing attempts mostly come in the form of an email but can also come in the form of a text message (called SMiShing) or a voicemail (Vishing). Phishing attacks normally tend to come from a source whom you trust, like individuals or organizations that you partake with daily.
    Recognition and mitigation are the strongest protections against phishing attacks. One of the safest ways to secure oneself is never to click connections or attachments in emails before the author is checked. 

  • Malware-

    This is one of the most common forms of cybercrime because it can be manifested in a wide variety of formats.
    Malware could include anything from Trojan viruses to worms to spyware and is also a core component of most cyber-crime activities, including phishing attacks, password abuses, and more.
    Fortunately, most malware attacks can be avoided with a successful offense. Being vigilant on what email attachments one opens, avoiding questionable websites, and downloading and maintaining antivirus programming for all the computers and smart phones as well will keep one protected from such crimes. 

  • Online Credential Violation (username and password)

    Becoming a victim of an online credential violation could appear in several ways – ransomware, phishing attacks, credential stuffing, etc. – but the result is still the same: cyber attackers have access to the personal online credentials of employees or consumers (username and password).
    Helping to avoid a breach of credential continues with the use of solid, personalized passwords for the different accounts. By not posting or copying these passwords on a public computer.
    Never use the same password for banking as for other non-financial sites, such as social media or email.
    Trying to have a separate banking device versus other day-to-day operations to minimize the risk of a computer hack, which otherwise could lead to misuse of your online banking credentials. 

How Psychological Profiles are usually done.

Unlike the rest in society, offenders are not in a capacity to follow norms correctly due to diversions during their socialization or to embrace “specific terms” of the criminal climate.

It is influenced by numerous factors: heritage/genes, education, society, lifestyle, and socio-economic factors. According to the criminal investigation opinion, it may be claimed that criminal profiling depends strongly on a combination of implicit and evidence-based professional insight. This will make the guidance of the profiler more vulnerable to cognitive bias and defective decision-making. 

Criminal profiling is reactive by the analysis of the patterns seen at crime scenes. The offender profiles the characteristics of the offender in the internment of his or her crime scene practices. For example, a profiler might try to infer the age, gender, or employment history of a criminal from the way he or she behaved during a crime. Clinical profilers draw their findings on the characteristics of the offender from their clinical experience of working with offenders.

The aim of the statistical approach, working with statistical data, databases, is to establish the relationship between the information recorded in the statistical reports and the characteristics of the offender, using data on similar crimes, and detected criminal offenses.

How the Psychological Profile of a Cybercriminal is similar and different than other types of Criminal Profiles.

One must accept that profiling is more effective in serial cases than single criminal cases. Cybercriminals are not a monocultural group of criminals. Cybercrime can be committed by a woman, a man of any age, economic class, color, religion, or nationality. 

Nowadays, in the case of cybercrime, the detective must consider an immense volume of information in electronic or digital form. The crime scene, in relation to the physical scene, involves information devices or computer networks. A collection of scene factors and other investigative details may include information on the offender’s personality, motivation, and characteristics. Considering the diversity of cybercrime and profiling approaches-forensic aspects, psychological aspects, the technological aspects-the collaborative collaboration of multidisciplinary experts is important. It is fair to point out that the criminal profiling of cybercriminals is multidisciplinary in nature. 

Cybercrime has many advantages compared to most criminals:
1) Worldwide accessibility
2) Anonymity
3) Disproportion between the offender’s acts and the victim’s security – the offender chooses the moment, location, style, and approach to annoy the victim. There is no overt interaction between the perpetrators and the victims, no physical use of the weapons;
4) Distance and versatility – there is no reason to leave the crime scene, low risk, but potentially significant material benefits or income. Many cybercriminals are of a serial type in that the offender is used to their actions and commits multiple offenses. For example, an overview of the “digital crime scene” markers will define and provide insight into the intrusion behavior of computer hackers. As such, this is an important method for classifying police investigations. 

Psychological Profile of Cyber Criminals.

The cybercrime profile can be described by including key elements such as:

Characteristics/Traits of personality-

Characteristics of personality are defined as a broad individual psychological dimension that describes the interpersonal, stable, and common individual differences in behavior, thoughts and feelings of the individual. The personality of a cybercriminal is closely linked to the enhanced internal need to risk in violation of the law, and to such behaviour to achieve some personal benefit or gain material benefit, profit. The impact of the micro-environment is important.

For example, family influences that adversely impact the development of personality and thereby increase cybercrimes include failures in the process of raising children (lack of guardians, lack of support and understanding), family deformity (neglecting children, etc.), adverse families (addiction issues, financial problems) and/or social problems.

Criminal professionalism-

That is, personality characteristics that lead to a stable and successful approach to cybercrime. It requires four mandatory features: specific personality qualities; expertise and skills; fearlessness, bravery, and self-confidence; efficacy and feasibility of action; the commission of a criminal offense, and the accomplishment of a specific goal. Any financially driven cybercriminals, for example, usually have two key goals – input data and user identities in order to obtain access to finance from the identification they have gained.

Technical knowledge-

This is related to technical knowledge and technical abilities in the control of advanced cybercrime-enabled systems and computers.

The most famous cyber offenders are often found to be university students or students from other educational institutions. It is widely agreed that the level of education among cybercriminals could be higher than among other groups of criminals.

When cyber offenders have the highest qualifications, expertise, and skills that can be used to commit cybercrime, the social risk of the crime will not only rise but increase gradually. In this case, intelligence is a central aspect of cybercrime.

It must be accepted that a person with criminal experience, based on the experience, talents, and abilities gained, who engages in criminal activity, causes more harm both in daily circumstances and in evolving environments.

Social Characteristics-

Ethnic characteristics, socio-economic status, socio-psychological and moral characteristics exist.
The basic elements are gender, age, ethnicity, socio-economic class, for example, the characteristics of a traditional fraudster are a middle-aged man with a higher education history and a significant job experience in his business (Almost half had six or more years of experience, about a third – three to five years of experience).

Characteristic of motivation-

In criminology, motivation is understood as a collection of motives of behavior in which each of the motives defines the aspect of motivation and resides in both consciousness and subconsciousness. Motives are developed and created under the control of individual thoughts and emotions.

The motivations are internal-chosen by the individual and external-driven by others. Research has demonstrated that human action is motivated by a variety of reasons – different internal and external influences. The motive is the directing and encouraging role of the action (internal encouragement) which, while creating the subject of the activity, guides human activity. Hackers often can hack for the benefit of their pride, to assert a self that is unique from the self of others. Offenders in this group are typically irritated by social rivalry here and then pursue an excuse to compensate by using their computer techniques. 

Gaps in literature

Cybercrime profiling has been described as “promising but immature science.” This term can be taken as an inspiration to advance the topic and fill the holes in current studies. Present literature focuses on criminal profiling in criminal cases, and few scholars dedicate time to cybercrime.

Multiple forms of cybercrime are closely connected to multiple types of cybercrime. These cybercriminals will vary from “rookies” to experts with differentiating agendas. Analysis has shown an effort to profile cyber-criminals but has struggled to attempt to integrate the features of each form of criminality into a single outline. However, this would not rule out the effectiveness of cyber-criminal profiling. Minimal analysis has been seen on the implementation of a different methodology and the presentation of different suspect profiles for several cybercrime types in one paper.

Present literature focuses on criminal profiling in criminal cases, and few scholars dedicate time to cybercrime. It is important to remember that criminal profiling in cybercrime cases is never going to be an exact science.

This argument also extends to profiling in every investigation. With strategies and methods focused on modes of inference and hypothesis, an error is difficult to avoid where the error appears to be predicted. Often with a high estimated error figure, prosecutors avoid forming a relationship with digital forensics and criminal profiling while forensics appears to have a lower error number.

Owing to the general lack of studies into cyber-crime criminal profiling, trends of cyber-crime activity have not been established. In fact, this may have a role to play in why cybercrime is on the rise and catching a suspect is on the decline.

Limitations 

Limitations have arisen because of the studies undertaken for this study. The problem of criminal profiling continues to evolve in cybercrime investigations.

A few sources have found that access to local law enforcement cases has been granted in their revered nations. This helped them to perform their study and exchange patterns of behavioral traits. There was a lack of analysis using case files to back up their suggested motivations and personality traits for the cyber-crime types presented.

Early studies have based their attention and energy on hackers and how they work. It was not before other offenses, such as cyber data fraud, were committed. The public interest that analysts have looked at the study of other possible cyber-crime profiles. The bulk of academic papers focused on one big cybercrime.

When investigating, there was a limited number of publications that addressed numerous cybercrimes and related criminal profiles. 

Conclusion

Cybercrime activity is affected by the presence of a variety of variables. Such activity is the product of reciprocal contact, which includes human, social, environmental influences and disputes between individuals and communities. It is affected by a variety of different factors: Genes/heredity, education, society, lifestyle, and socio-economic factors. Consequently, cybercrime is often triggered by an individual’s display of anger and bitterness at the social system and status of the person in it.

While the field of cyber-crime profiling is still in its incipient stages, it still looks and expands with leaps and bounds. The present thesis is a small step in the direction of its full growth. As this study has been included it is the view of only students and not experts that its application is limited to academic purposes. It is an attempt to establish a framework for further studies. Profiling a cybercriminal is just the first step in the even slower and tougher process of apprehending the wrongdoers.

It is an important move, no matter what. It is going to help the authorities in restricting their search, which helps them to concentrate the other tools used in intense search operations.

Although technology remains the key shield against cyber threats, a deeper understanding of the psychological, criminological, and sociological dimensions of the broader picture will complement security efforts and capture a criminal before he travels a distance. 

Top 5 Cyber Forensics Case Studies in India

Cyber forensic or computer forensic is important to find out of the cybercriminal. It plays a major role nowadays. As compare with normal forensics we cannot find any blood splatters, cloths, hairs, etc in cyber forensic cases. In cyber forensics we need to examine the computer or related things and identify the evidence from it. So, I am taking you to the 5 cyber forensic case studies.

Case no:1 Hosting Obscene Profiles (Tamil Nadu)

Here I am starting with a case which happened in Tamil Nadu. The case is about the hosting obscene profiles. This case has solved by the investigation team in Tamil Nadu. The complainant was a girl and the suspect was her college mate. In this case the suspect will create some fake profile of the complainant and put in some dating website. He did this as a revenge for not accepting his marriage proposal. So this is the background of the case.

Investigation Process

Let’s get into the investigation process. As per the complaint of the girls the investigators started investigation and analyze the webpage where her profile and details. And they log in to that fake profile by determining its credentials, and they find out from where these profiles were created by using access log. They identified 2 IP addresses, and also identified the ISP. From that ISP detail they determine that those details are uploaded from a café. So the investigators went to that café and from the register and determine suspect name. Then he got arrested and examining his SIM the investigators found number of the complainant.

Conclusion

The suspect was convicted of the crime, and he sentenced to two years of imprisonment as well as fine.

 

Case no:2 Illegal money transfer (Maharashtra)

The second case is about an illegal money transfer. This case is happened in Maharashtra. The accused in this case is a person who is worked in a BPO. He is handling the business of a multinational bank. So, he had used some confidential information of the banks customers and transferred huge sum of money from the accounts.


Investigation Process

Let’s see the investigation process of the case. As per the complaint received from the frim they analysed and studied the systems of the firm to determine the source of data theft. During the investigation the system server logs of BPO were collected, and they find that the illegal transfer were made by tracing the IP address to the internet service provider and it is ultimately through cyber café and they also found that they made illegal transfer by using swift codes. Almost has been  The registers made in cyber café assisted in identifying the accused in the case. Almost 17 accused were arrested.

Conclusion

Trail for this case is not completed, its pending trial in the court.


Case no:3 Creating Fake Profile (Andhra Pradesh)

The next case is of creating fake profile. This case is happened in Andhra Pradesh. The complainant received obscene email from unknown email IDs. The suspect also noticed that obscene profiles and pictures are posted in matrimonial sites.

Investigation Process

The investigators collect the original email of the suspect and determine its IP address. From the IP address he could confirm the internet service provider, and its leads the investigating officer to the accused house. Then they search the accused house and seized a desktop computer and a handicam. By analysing and examining the desktop computer and handicam they find the obscene email and they find an identical copy of the uploaded photos from the handicam. The accused was the divorced husband of the suspect.

Conclusion

Based on the evidence collected from the handicam and desktop computer charge sheet has been filed against accused and case is currently pending trial.


Case no:4 Intellectual property theft (Karnataka)

 Let see an intellectual property theft happened in software based company situated in Bangalore. The complainant complains that some of the company’s employs had used the company’s IT system and destoryed with the source code of the software under development.

Investigation Process

As per the complaint received from the company the investigating team visit the company and scanned the logs of email. They found the IP address and using tracing software trace out the ISP and the address of the place where the email has been sent. This information leads the investigation to the Hyderabad based company. The investigation team went to that company and found 13 computers and a server, using specialized tools the disk were imaged and analysed by the team. The analysis revealed that the original source code and its tampered version had been stored from the system.

Conclusion

Based on the collected evidence the investigation has completed and arrested the accused. Case is in its final stage waiting for the opinion report from C-DAC.


Case no:5 Hacking (Karnataka)

Here is the fifth case which is a hacking case it happened in Bangalore Karnataka. In this case the complainant receives the obscene pornographic material at her email address and mobile phone. She also stated that she had a doubt somebody has hacked her accounts.

Investigation Process

The investigating team analyse the mail received by the suspect, and they sent message to different email using complainant email address. Subsequently the investigating team was able to identify the ISP address of the computer system and it was also tracked on an organisation in Delhi from its server logs, through this log they get to know about the system from which the obscene material was sent. Using disk imaging and analysing tool the email were retrieved from the system.

Conclusion:

On the basis of the collected evidence the accused was arrested. The case has been finalised and currently pending administrative approval.