Category Archives: Uncategorized

Techno Legal Cyber Forensics Skills Development In India By PTLB

Cyber Forensics

Forensic science is a comparatively new field and cyber forensics is even newer. There are different fields of cyber forensics and every field in itself is very difficult to practice. Nevertheless, significance of cyber forensics cannot be undermined especially in contemporary times of space laws, artificial intelligence and Internet of Things (IoT).

India has launched projects like National E-Governance Plan (NeGP), Digital India, etc that are technology driven. From simple cases of broadband theft to sophisticated cases of satellite hacking, cyber forensics is going to play a major role. Of course, India is a beginner in this field so we must start with basics of cyber forensics.

Even for basic application of cyber forensics principles, we find law enforcement agencies, public prosecutors and judges struggling. The entire case against a cyber criminal is jeopardised the moment a faulty police investigation is started. We have police officers and intelligence officers in India who have wonderful investigation capabilities. However, not all of them can apply these investigation technologies in cyberspace.

We at Perry4Law Techno Legal Base (PTLB) firmly believe that there is a wide gap between traditional investigation capabilities and cyber crimes investigation capabilities in India. We tried to fill this gap but found that the policies of government are not conducive for successful implementation of our techno legal courses on cyber law, cyber forensics, etc.

As a result our techno legal training and skills development initiatives could not get the desired results. Without getting discouraged, we simply kept our research materials and skill development projects in abeyance for future use. It seems that time has come and soon PTLB would reintroduce its techno legal courses individually and in collaboration with national and international stakeholders.

MPPEB Scam Investigation Raises Interesting Cyber Forensics Issues

MPPEB Scam Investigation Raises Interesting Cyber Forensics IssuesThe MPPEB scam’s is a curious development of cyber forensics and related aspects in India. The Special Investigation Team (SIT) monitoring the probe has already informed the Madhya Pradesh High Court that documents used by Digvijaya Singh to target Shivraj Singh Chouhan are forged. However, this fact is vociferously contested by the whistleblower of the case known as “Mr X”.

Obviously, there was an urgent need on the part of SIT to examine the whistleblower and record his statements. This was not done so far and this was casting doubts upon the theory of SIT regarding use of forged documents by Digvijaya Singh. Now SIT has realised that examination of whistleblower is a must to the successful completion of the investigation.

As per a media report, Madhya Pradesh Special Task Force (STF) has on Saturday issued summons to the whistleblower for recording his statement. Previously SIT had submitted before the Madhya Pradesh High Court the contents of Mr X’s pen drive and contended that they appear to be forged and this has been done with the intent to mislead investigating agency.

STF officer D K Tiwari went to Mr X’s official residence and served him a notice asking to appear at agency’s office for statements in three days. He has been informed through the notice that AICC general secretary Digvijaya Singh has named him as his source behind documents that he submitted in the court and the same has to be testified. At Perry4Law Organisation (P4LO) we believe that this is the proper method to do investigation involving digital evidences and cyber forensics methodologies.

It is very important to maintain a “chain of custody” and “proper documentation” of the acquisition of such digital evidence and investigation authorities must ensure that the evidence acquired by them is “admissible” in a court of law. Till now, handling of digital evidence is a big challenge for the law enforcement agencies of India. We have already witnessed that cyber forensics issues have troubled our law enforcement agencies in Aarushi Talwar’s murder case, IPL Match Fixing case, Bitcoins websites investigation, Nokia’s tax violation case, Rajnath Singh Son’s case, Amrita Rai’s G-Mail account hacking case, etc. Indian government must seriously consider empowering law enforcement agencies of India with suitable trainings and technologies.

STF had already given an undertaking in writing to the Delhi High Court that investigation agencies do not have to question whistleblower and only needed original documents allegedly in his possession. Surprisingly, neither SIT nor STF questioned the whistleblower despite the fact that he was always available. Now STF has rectified that error and has asked the whistleblower to appear before the agency.

However, the crucial question is who is right regarding the contents of the excel sheet that seems to be the core document for investigation and punishing the culprits. Right now we have two conflicting opinions in this regard and we at Perry4Law Organisation believe that this issue must be resolved by the investigation agency on a priority basis. If needed the investigation agency or Indian government can also ask for a second opinion from another cyber forensics laboratory in this regard. The bottom line is who has undergone for the “forensically sound image” of the hard disk in question by using the bit by bit image method.

Cyber Crime Investigation Trainings In India Needed

Cyber Crimes Investigation Training In IndiaCyber crimes investigation is a tedious task that requires both technical and legal knowledge. Further, since cyberspace is boundary less, a single instance may invoke the laws of different countries. This creates a situation of conflict of laws in cyberspace that makes the cyber crime investigation exercise cumbersome and complicated.

Take the example of cracking of e-mail account of Amrita Rai. Although Delhi Police got the IP address logs of Amrita Rai’s G-Mail account from Google yet the cyber crimes investigation problem of police will continue due to conflict of laws in cyberspace. Similarly, the Home Ministry of India intends to take legal action against person posting misleading news at Facebook regarding Rajnath Singh’s son. However, this task would not be easy and the efforts in this regard may even not be successful as well at the end of the investigation.

The importance of cyber crimes investigation training in India cannot be undermined in these circumstances. However, there is a policy paralysis in this regard. Whether it is modernisation of police force of India or formulation of regulations and guidelines for effective investigation of cyber crimes in India, Indian government has to cover a long road. Indian government has yet to formulate a cyber crimes prevention strategy of India.

Similarly, India has also to initiate policy and legal initiatives in the fields of e-discovery, digital evidence, cyber forensics, cyber security, etc. India is also following outdated laws like cyber law and telegraph law and is not investing effectively in the field of intelligence agencies and law enforcement technology for India. In the absence of scientific approach towards digital evidence and cyber crime investigation, there are very few cyber crimes convictions in India.

On the other hand, cyber crimes have significantly increased in India. The trends in this regard are not very promising. For instance, the cyber law (PDF), cyber security (PDF) and cyber forensics (PDF) trends in the year 2013 have showed poor performance of Indian government in these fields. This position has not changed in 2014 as well. For instance, the cyber forensics trends of India 2014  still show inability of India to deal with cyber forensics related issues.

We at Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) believe that cyber crimes investigation requires sound techno legal expertise. Skills development through online training and skills development courses in urgently required for Indian law enforcement agencies. Cyber crimes investigation training in India is one such skills development activity that must be imparted to make law enforcement agencies of India modern and upto date. Other stakeholders must also have basic level cyber law and cyber security awareness so that cyber crimes can be minimised in India.

Cyber Forensics Trends And Developments In India 2014-Part 1

Cyber Forensics Trends And Developments In India 2014-Part 1Skills development is an area where India is lagging far behind than the required demand and market. There is no second opinion that skills development and entrepreneurship must be strengthened in India. This is more so regarding the techno legal skills development in India that is almost missing as on date. In India people prefer a degree or diploma over skill that is counterproductive in the long run. Cyber forensics is one such skill that is rarely found in the Indian environment. This is an interim cyber forensics trends and development analysis that is discussing the weaknesses and possible measures to strengthen cyber forensics in India.

Cyber forensics is an upcoming field in India and Indian legal and judicial system has to adapt itself according to the same. Till now cyber forensics is not widely and appropriately used by the law enforcement agencies, lawyers, judges, etc in India. As a result most of the cyber criminals are either not prosecuted at all or they are acquitted in the absence of adequate evidence.

Cyber forensics cannot be used in isolation and allied fields like cyber law, cyber security, e-discovery, digital evidence, cyber crime investigations, etc are also applicable in a majority of cases. Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have already covered the Cyber Law Trends and Developments of India 2013 (PDF), Cyber Security Trends and Developments in India 2013 (PDF) Cyber Forensics Trends and Developments in India 2013 (PDF).

This is the interim cyber forensics trends of 2014 by Perry4Law and PTLB and we would come up with the complete and annual trend and development analysis subsequently. To start with there is urgent need to ensure cyber forensics skills development of police force, prosecution lawyers and judges in India.  Further, modernisation of police force of India urgently needed.

There have been incidences in India where the law enforcement agencies of India have not conducted proper e-discovery and cyber forensics exercises. This has made their cases weak and the accused may escape the punishment. Some of the present cases where effective cyber forensics could have been used are E-Bay’s cyber breach case, enforcement directorate’s Bitcoins investigation case, Aarushi’s murder case by CBI, IPL match fixing case, Nokia’s software download case, etc. The list is just expanding as cases of improper cyber forensics investigations are in abundance in India.

Clearly the Indian approach towards cyber forensics is not upto the mark and there is an urgent need to change this mentality. The concerned stakeholders must be well versed with techno legal concepts like basics of Internet protocol addresses, IP address spoofing and its defenses, IP address tracking methods and techniques for e-mails, hidden Internet cyber forensics, cloud computing cyber forensics, social media cyber forensics, audio, video and media forensics, etc.

We need to develop cyber forensics investigation solutions in India to encourage digital and scientific evidences in India. The cyber forensics best practices in India are also missing as on date and they must be formulated urgently. The regulations and guidelines for effective investigation of cyber crimes in India must also be drafted as soon as possible. While tracking the IP address in question is the first step in cyber crime investigation yet IP address should not be the sole criteria for arrest and conviction.

We at Perry4Law and PTLB believe that there is an urgent need to formulate an effective techno legal framework that can take care of techno legal issues of contemporary times. Further, colonial and constitutionally unsound laws like telegraph and cyber law must be repealed urgently and dedicated and suitable laws must be enacted for the fields of cyber law, cyber security, cyber forensics, e-discovery, etc. Presently, neither technological not legal issues pertaining to cyber forensics are taken care of by Indian government.

E-Bay Asks For Change Of Password After Breach Of Its Database Containing Account Information

E-Bay Asks For Change Of Password After Breach Of Its Database Containing Account InformationIt has become a common practice among cyber criminals to target big corporations and e-retail companies. Recently Target Corporation was targeted by cyber criminals and as a result of that Target Corporation faced litigation threats around the world.  The corporate compliances in India and e-commerce regulatory requirements have become very stringent.

The cyber breaches in India would raise serious cyber law issues for corporations and e-commerce business houses operating in India. E-commerce stakeholders must adhere to e-commerce due diligence and cyber law due diligence (PDF) requirements prescribed by Information Technology Act, 2000 (IT Act 2000) and other laws of India to stay on the right side of Indian laws.

As per media report, auction site eBay is asking all users to change their passwords following a “cyber attack” that compromised a database containing account information.  The company has claimed that no financial data was accessed and that credit card information is stored separately in an encrypted format. “Our customers are our highest priority; and to ensure they continue to have a safe, secure and trusted experience on eBay, we will be asking all eBay users to change their passwords,” the company told the Telegraph this afternoon.

The blog post of eBay says that it will be asking eBay users to change their passwords because of a cyber attack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

As per eBay the cyber attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.

The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.

The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.

Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts.

Cyber Forensics Trends And Developments In India 2013

Cyber Forensics Trends And Developments In India 2013The Cyber Law Trends and Developments of India 2013 (PDF) and Cyber Security Trends and Developments in India 2013 (PDF) have already been covered by Perry4Law and Perry4Law’s Techno Legal Base (PTLB). In this research work we are covering the Cyber Forensics Trends and Developments in India 2013 (PDF).

Our readers can read more about Cyber Forensics at the Computer Forensics Research Centre of India managed by PTLB and our Cyber Forensics Linkedin Group that is Open Group.

Some of the significant Trends and Development covered by this research paper include cyber forensics in India, cyber forensics skills development in India, cyber forensics education in India, cyber crimes in India, cyber crimes investigation in India, cyber forensics best practices in India, e-mail policy of India, compulsory filing of FIR in India, Bitcoins crimes investigation in India, money laundering investigations in India and serious frauds investigation in India.

It is a techno legal cyber forensics trend and development analysis by Perry4Law and PTLB and we hope that our viewers and readers would find it worth reading.

Enforcement Directorate (ED) Must Use E-Discovery And Cyber Forensics Methods To Detect Possible Legal Violations By Bitcoin Websites

Enforcement Directorate (ED) Must Use E-Discovery And Cyber Forensics Methods To Detect Possible Legal Violations By Bitcoin WebsitesCorporate frauds investigations in India are still trying to accommodate the use of information and communication technology (ICT) related investigation tools. Scientific and techno legal methodologies like e-discovery and cyber forensics practices are still not used in a full fledged manner in India. The growing importance and use of e-discovery for ascertaining corporate frauds cannot be ignored any more.

Law enforcement agencies of India have not used the cyber forensics best practices while engaging in techno legal investigations. Whether it is CBI’s investigation or IPL match fixing case or forensic analysis of Nokia’s computers, a lack of techno legal and scientific approach was very much apparent. In the absence of clear regulations and guidelines for effective investigation of cyber crimes in India this task has become even more difficult to achieve.

Recently the Reserve Bank of India (RBI) cautioned users of virtual currencies against various risks. Reacting immediately, the Enforcement Directorate (ED) immediately searched the office and website of Seven Digital Cash LLP. The ED officials raided the premises of Mahim Gupta in Ahmedabad, who provides a trading platform through his website During the preliminary investigation, the ED found that it is in clear violation of the Foreign Exchange Management Act (FEMA) rules of the country as central bank does not permit such transactions.

”We have found that through the website 400 persons have recorded 1,000 transactions worth a few crores of rupees. We are gathering the data of the transactions and name of the people who have transacted in the virtual currency from Gupta’s server that is hired in the US. At present, we believe that this is a violation of foreign exchange regulations of the country. If we are able to establish money laundering aspect then he can be arrested,” said a top ED official.

A separate raid was also conducted in Satellite area of the city. However, the person the investigation agency was looking for could not be found. ”When we reached his office, he was not there. We have sealed the premises,” the official added.

As per the sources, the owners of the both the Bitcoin trading firm would be booked under FEMA Act initially. However, after detail investigation of the data collected, if any hawala transaction or criminal nature transaction is detected then they would be booked under the appropriate Act. Even the provisions of Information Technology Act, 2000 can be invoked against these websites.

Bitcoin users in India are vulnerable to legal actions of diverse nature. Even other Bitcoin websites in India can be prosecuted in due course of time. Even Income Tax Overseas Units (ITOUs) of India have been established in foreign countries to curb black money. With the present corporate environment of India fast changing, taking Indian laws for granted by the Bitcoin websites is not a good strategy.

The Enforcement Directorate (ED) must also use e-discovery and cyber forensics methods to detect possible legal violations by Bitcoin websites so that only legitimate and law abiding websites can operate. It is high time for the ED to use e-discovery and cyber forensics methodologies to gather crucial evidence against the guilty website and successfully prosecute them for violating Indian laws.

CBI Committed The Cyber Forensics Blunder In Aarushi Talwar’s Murder Case

CBI Committed The Cyber Forensics Blunder In Aarushi Talwar’s Murder CaseCyber forensics and Indian approach has always been of indifference. There are very few cyber forensics institutions in India and they are heavily overburdened due to lack of manpower to manage the ever growing cases of cyber crimes, white collor crimes and corporate frauds.

At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we have been managing the exclusive techno legal cyber forensics research centre of India. We believe that Indian government must formulate cyber forensics best practices in India. We also believe that cyber forensic investigation solutions in India must be developed by Indian government in association with private industry.

In India the law enforcement agencies are still struggling to gain cyber forensics expertise. They need to be trained properly to manage cyber forensics issue in a more effective manner. Issues like IP address tracking and audio, video and media forensics in India are still not very much part of the investigation procedure of law enforcement agencies of India. For instance, lack of use of cyber forensics best practices in IPL match fixing case may jeoparadise it. Similarly, forensics analysis of Nokia’s computer used to download software in India has also not been undertaken properly.

The latest to add to this list is the defective cyber forensics approach of central bureau of investigation (CBI) in Aarushi Talwar’s murder case. As per IBNLive the defence counsel in the Aarushi Talwar’s murder case has challenged the prosecution version of CBI that Rajesh Talwar was awake on the night of the crime and had used Internet connection at regular intervals.

The defence counsel alleges that CBI did not provide technical details to the expert who was inconclusive about the use of router. The counsel also argued that to prove its Internet router theory, CBI never sent computer seized from Talwars’ home to experts to ascertain whether it was on or off with small gaps in the intervening night of May 15-16, 2008. Rajesh Talwar, during the recording of his statement, had said that he went to sleep after 11.30 pm and did not use Internet.

The defence counsel has also asked why has the probe agency so far not revealed which sites Talwar was using on Internet? He maintains that to confirm Internet router activity, whether it was switched on or off with small gaps, it is required to examine detailed ICP log, detailed computer log and router or modem log, but these details were never provided to experts by the CBI.

The defence counsel also alleges that although CBI seized computer from Talwars’ house, it did not seize router and modem logs from there. That is why CBI’s theory of internet router activity was repeatedly switched on or off gets demolished here.

CBI has yet to come up with its version of these accusations by the defence counsel. There may be possibilities where the evidence provided by CBI may be enough to vindicate its claims in the court of law.

Perry4Law Organisation believes that a cyber crime investigation manual must be drafted by CBI and all future investigations and prosecutions must be made in compliance with the same. Recently the rules pertaining to inspection, inquiry and investigation (PDF) have been released by Ministry of Corporate Affairs (MCA) and Perry4Law has provided its suggestion in this regard to the MCA.

The rules have rightly relied upon using the public private partnership (PPP) model to deal with sophisticated cyber crimes and corporate crimes in India. Indian government and serious fraud investigation office (SFIO) would also hire private experts on contractual basis. SFIO would also draft a manual of investigation to investigate various offences falling within its jurisdiction. CBI must also act in similar manner to get more effective results.

How To Trace A Cyber Criminal And Accused From Internet Protocol (IP) Address

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBThe Internet Protocol Address (IP Address) is one of the core components of the Internet. All computers or devices communicate through the IP Address that is allotted either on a Static or Dynamic basis. This is the reason why Law Enforcement Agencies throughout the World use IP Address to trace a Cyber Criminal or Accused.

An IP Address may not be what it appears to be on the first look. For instance, IP Address Spoofing may also be involved in many cases. This is the reason why we cannot reply solely upon an IP Address to convict a Cyber Criminal or Accused.

However, this starting point cannot be ignored while conducting a Cyber Crime Investigation. In India as well Law Enforcement Agencies have been using Cyber Forensics Techniques to solve various cases. For instance, Cyber Forensics Analysis of Nokia’s Computer used to download software in India is presently in progress. In many cases the Cyber Forensics Investigation is not done properly and this results in loosing of crucial Evidence.

IP Address Tracking for E-Mails is the most common form of exercise in this field. Most E-Mail Providers provide useful Headers Information in the received field. However, there are some E-Mail Services Providers like Gmail that substitute their own IP Address for the sender’s IP address. In that case a person has to approach Google through Legal or Judicial Mode to get the relevant information. The present procedure of Google to obtain information is “Time Consuming” and “Cumbersome” in nature and Google must urgently act to make the same “Justice and Victim Friendly”.

Other incidences of IP tracking may involve Cloud Computing Incidences, Social Media Investigations, E-Discovery Requests, etc. Every such IP tracking exercise is different from each other and a different set of procedure is applicable to each of them. There is no universally applicable procedure for all IP Address tracking exercises.

The starting point is to look at the Terms and Conditions and Policies of the Website or Services that you are using and comply with the requirements to get information from that platform. In many case a judicial intervention is required. It is of utmost significance that Judicial Orders must be appropriate and relevant for the investigation. A casual or general judicial order would not serve the purpose.

For getting a Supportive and Conducive Judicial Order the Attorney must draft the Plaint/Petition properly reflecting all the Facts and Requested Remedies in clear and unambiguous terms. The Judicial Order cannot serve any purpose if it is Defective, Vague and Deficient on the aspects and evidences to be requested through it.

The most crucial aspect about gathering Electronic Evidences is that they are “Time Sensitive” and “Fragile” in nature. The more time you spend in getting them the lesser are the actual chances of obtaining the same. In short, acting at the earliest possible period of time is the best practice to get the best Digital Evidence.

Lack Of Use Of Cyber Forensics Best Practices In IPL Match Fixing Case May Jeoparadise It

Lack Of Use Of Cyber Forensics Best Practices In IPL Match Fixing Case May Jeoparadise ItProper digital evidence acquisition and its analysis are of tremendous importance for the successful conviction of an offender. If the chain of evidence is not properly maintained, it may draw an adverse inference against the prosecution’s case.

The process starts with a sound e-discovery procedure where legally relevant digital evidence is put on hold. Once the digital evidence is put on hold, the relevant material is further analysed for evidence of commission of the crime. If the entire digital information is seized instead of selective digital evidence, the prosecution’s case is weakened.

Recently the New Zealand High court held that the procedure of seizing the entire digital evidence by the New Zealand’s police was illegal and the Court directed the police to return back the digital material that was not connected with the investigation. The Court also held that the accused Kim Dotcom is entitled to see the evidence seized by the investigation authorities to properly defend his case.

Digital evidence is also present in numerous forms. It may include a social media account like Facebook or in the form of a fraudulent banking transaction or in the form of paper evidence converted into an optical character recognition (OCR) or in cloud computing form, etc.

Unfortunately, India has no implementable e-discovery and cyber forensics best practices. Even guidelines for effective investigation of cyber crimes in India are missing. The forensics analysis of many cases is still pending due to overload of work in few governmental forensics laboratories. For instance, the forensics analysis of Nokia’s computer used to download software in India is yet to be made available.

We need to develop cyber forensics skills and investigation solutions in India. Take the example of the recent IPL match fixing case during which digital evidence has been collected. But, there are doubts whether police follow the cyber forensics best practices. An improper handling of digital evidence could result in it being held irrelevant and inadmissible in the court of law.

The audio, video and media forensics in India must follow well defined cyber forensics principles. It is very important to maintain a “chain of custody” and “proper documentation” of the acquisition of such digital evidence and media forensics professionals must ensure that the evidence acquired by them are “admissible” in a Court of law.

Of late cyber crimes, financial frauds and IT frauds have increase tremendously in India but till now the conviction ratio for these crimes is really poor. Indian government must provide adequate cyber forensics trainings to law enforcement officials so that they acquire and produce the relevant evidence in an admissible manner before the Courts and criminals can be successfully prosecuted and convicted.