Docstoc

ppt04 - PowerPoint

Document Sample
ppt04 - PowerPoint Powered By Docstoc
					                          November 15, 2011




       Cyber Crimes
GUJARAT POLICE


                      1   MANOJ AGARWAL
                                     IPS
                                          November 15, 2011


                 The transformation
    • Two years ago,
      we were afraid of
      rockets
      destroying
      buildings and         • Today, we should
      computer                be aware of
      centres...              software
                              destroying
                              rockets and
                              missiles!
GUJARAT POLICE


                         2                MANOJ AGARWAL
                                                     IPS
                                    November 15, 2011




                 IT Act 2000
                 Cyber Cases
                 Investigation & Forensics
                 Issues to ponder

GUJARAT POLICE


                        3           MANOJ AGARWAL
                                               IPS
                                                      November 15, 2011
                             IT Act 2000
                              Objectives
        • Legal Recognition for E-Commerce
             – Digital Signatures and Regulatory Regime
             – Electronic Documents at par with paper documents
        • E-Governance
             – Electronic Filing of Documents
        • Amend certain Acts
        • Define Civil wrongs, Offences, punishments
             – Investigation, Adjudication
             – Appellate Regime
GUJARAT POLICE


                                     4                      MANOJ AGARWAL
                                                                       IPS
                                                           November 15, 2011




                             Wrongs


            Moral Wrongs    Civil Wrongs    Legal Wrongs

            Feeling of         Aggrieved    Crimes
            guilt              approaches      Police has a
                                                Punishment
                Police has a very
                                               defined role
                  limited role the STATE
                               to               Fine
                                                  to play
                        play Compensation       Or both
                                            Criminal Court

GUJARAT POLICE


                                  5                        MANOJ AGARWAL
                                                                      IPS
                                                          November 15, 2011




                               Crimes


            Non-Cognizable Offences     Cognizable Offences


                Police has
            Minor offencesa very        Serious ones
                 limited role
            Aggrieved seeks to          Responsibility of the
            redressal play              STATE to to get the
                                        offender punished



GUJARAT POLICE


                                   6                      MANOJ AGARWAL
                                                                     IPS
                                                                     November 15, 2011




                 Cognizability and Bailability
         • Not mentioned in the Act
                 – Rely on Part II of Schedule I of CrPC
                    • If punishable with death, imprisonment for life or
                      imprisonment for more than 7 years: Cognizable,
                      Non-Bailable, Court of Session
                    • If punishable with imprisonment for 3 years and
                      upwards but not more than 7 years: Cognizable, Non -
                      Bailable, Magistrate of First Class
                    • If punishable with imprisonment of less than 3 years:
                      Non-Cognizable, Bailable , Any Magistrate (or
                      Controller of CAs)

GUJARAT POLICE


                                         7                          MANOJ AGARWAL
                                                                               IPS
                 Civil Wrongs under IT Act
        • Chapter IX of IT Act, Section 43
        • Whoever without permission of owner of the computer
             – Secures access (mere U/A access)
                 • Not necessarily through a network
             – Downloads, copies, extracts any data
             – Introduces or causes to be introduced any viruses or contaminant
             – Damages or causes to be damaged any computer resource
                 • Destroy, alter, delete, add, modify or rearrange
                 • Change the format of a file
             – Disrupts or causes disruption of any computer resource
                 • Preventing normal continuance of

GUJARAT POLICE


                                             8                          MANOJ AGARWAL
                                                                                   IPS
           – Denies or causes denial of access by any means
                 • Denial of service attacks
           – Assists any person to do any thing above
                 • Rogue Websites, Search Engines, Insiders providing
                   vulnerabilities
           – Charges the services availed by a person to the account
             of another person by tampering or manipulating any
             computer resource
                 • Credit card frauds, Internet time thefts
      • Liable to pay damages not exceeding one crore to
        the affected party
      • Investigation of
           – ADJUDICATING OFFICER
           – Powers of a civil court
GUJARAT POLICE


                                               9                        MANOJ AGARWAL
                                                                                   IPS
                 Section 65: Source Code
        • Most important asset of software companies
        • “Computer Source Code" means the listing
          of programmes, computer commands,
          design and layout




GUJARAT POLICE


                            10                MANOJ AGARWAL
                                                         IPS
                      Section 65.. Contd.
        • Ingredients
             – Knowledge or intention
             – Concealment, destruction, alteration
             – computer source code required to be kept or maintained
               by law
        • Punishment
             – imprisonment fine up to Rs 2 lakh
             – up to three years, and / or
        • Cognizable, Non Bailable, JMIC

GUJARAT POLICE


                                    11                        MANOJ AGARWAL
                                                                         IPS
                                                              November 15, 2011



                       Section 66: Hacking
          • Ingredients
                 – Intention or Knowledge to cause wrongful loss
                   or damage to the public or any person
                 – Destruction, deletion, alteration, diminishing
                   value or utility or injuriously affecting
                   information residing in a computer resource
          • Punishment
                 – imprisonment up to three years, and / or
                 – fine up to Rs 2 lakh
          • Cognizable, Non Bailable, JMFC

GUJARAT POLICE


                                     12                       MANOJ AGARWAL
                                                                         IPS
                                                             November 15, 2011




                           Hacking (contd.)
         • Covers crimes like
                 –   Trojan, Virus, worm attacks
                 –   Logic bombs and Salami attacks
                 –   Internet time theft
                 –   Analysis of electromagnetic waves generated
                     by computers




GUJARAT POLICE


                                      13                    MANOJ AGARWAL
                                                                       IPS
                                                                                November 15, 2011


                                       Examples
        •   State versus Amit Pasari and Kapil Juneja
        •   Delhi Police
             – M/s Softweb Solutions
             – Website www.go2nextjob.com hosted
             – Complaint of hacking by web hosting service
        •   State versus Joseph Jose
             – Delhi Police
                   • Hoax Email - Planting of 6 bombs in Connaught place
        •   State vesus Aneesh Chopra
             – Delhi Police
                  • Three company websites hacked
                  • Accused: An ex -employee
        •   State versus K R Vijayakumar
             –   Bangalore Cyber Crime Police Station, 2001
                   • Criminal intimidation of employers and crashing the company’s
                     server
                   • Phoenix Global solutions
             –
GUJARAT POLICE


                                                 14                            MANOJ AGARWAL
                                                                                          IPS
           Sec. 67. Pornography
• Ingredients
   – Publishing or transmitting or causing to be published
   – in the electronic form,
   – Obscene material
• Punishment
   – On first conviction
      • imprisonment of either description up to five years and
      • fine up to Rs 1 lakh
   – On subsequent conviction
      • imprisonment of either description up to ten years and
      • fine up to Rs 2 lakh
• Section covers
   – Internet Service Providers,
   – Search engines,
   – Pornographic websites
• Cognizable, Non-Bailable, JMIC/ Court of Sessions
        Sec 69: Decryption of information
      • Ingredients
           – Controller issues order to Government agency to
             intercept any information transmitted through any
             computer resource.
           – Order is issued in the interest of the
               •   sovereignty or integrity of India,
               •   the security of the State,
               •   friendly relations with foreign States,
               •   public order or
               •   preventing incitement for commission of a cognizable offence
               – Person in charge of the computer resource fails to
                 extend all facilities and technical assistance to decrypt
GUJARAT POLICE   the information.
                                        16                             MANOJ AGARWAL
                                                                                  IPS
           Decryption of information (contd.)
        • Applicability
             –   Email messages (If encrypted)
             –   Encrypted messages
             –   Steganographic images
             –   Password protected files (?)
        • Punishment
             – Imprisonment up to 7 years
        • Cognizable, Non-Bailable, JMIC
GUJARAT POLICE


                                      17         MANOJ AGARWAL
                                                            IPS
              Sec 70 Protected System
      • Ingredients
         – Securing unauthorised access or attempting to secure
           unauthorised access
         – to ‘protected system’
      • Acts covered by this section:
         –   Switching computer on / off
         –   Using installed software / hardware
         –   Installing software / hardware
         –   Port scanning
      • Punishment
               – Imprisonment up to 10 years and fine
         • Cognizable, Non-Bailable, Court of Sessions
GUJARAT POLICE


                                  18                      MANOJ AGARWAL
                                                                     IPS
                                                 November 15, 2011




                            BUT……..
             • All cyber crimes do not come under the
               Information Technology Act, 2000.

             • Many cyber crimes come under the Indian
               Penal Code



GUJARAT POLICE


                              19                 MANOJ AGARWAL
                                                            IPS
                                                                   November 15, 2011



                 Computer Related Crimes under IPC
                        and Special Laws
           Sending threatening messages by email   Sec 503 IPC

           Sending defamatory messages by email    Sec 499 IPC

           Forgery of electronic records           Sec 463 IPC

           Bogus websites, cyber frauds            Sec 420 IPC
           Email spoofing                          Sec 463 IPC

           Online sale of Drugs                    NDPS Act

           Web -Jacking                            Sec. 383 IPC

           Online sale of Arms                     Arms Act

GUJARAT POLICE


                                      20                          MANOJ AGARWAL
                                                                             IPS
                                               November 15, 2011



                 COMPUTER CRIME
                   STATISTICS
         l Average Computer Crime - $500K
                 Average Bank Robbery - $13K


         l 80% of computer crime involves
           Internet
         l - Internet is in 70 countries
              - over 25 million users
              - 10%/month growth rate
GUJARAT POLICE


                               21              MANOJ AGARWAL
                                                          IPS
                 Frequency of incidents
                                       Denial of Service: Section
                                       43
                                       Virus: Section: 66, 43
                                       Data Alteration: Sec. 66
                                       U/A Access : Section 43
                                       Email Abuse : Sec. 67,
                                       500, Other IPC Sections
                                       Data Theft : Sec 66, 65


                    Source: Survey conducted by ASCL
GUJARAT POLICE


                                22                              MANOJ AGARWAL
                                                                           IPS
                                                            November 15, 2011



            No. of Indian web-sites defaced
                  8000
                                                     7039
                  7000
                  6000
                  5000
                  4000
                  3000                        2219
                  2000
                                  1002
                  1000   441
                     0
                         1998     1999        2000   2001

                 “Not very serious-some one has just pasted a
GUJARAT POLICE
                 poster over my poster”
                                    23                      MANOJ AGARWAL
                                                                       IPS
                                                              November 15, 2011


                 Number of Indian sites hacked

                 25                                      25


                 20

                 15
                                                  12
                 10
                                    6
                  5

                  0       0
                        1998       1999          2000   2001
                      Site of BARC-panic all around
GUJARAT POLICE


                                        24                     MANOJ AGARWAL
                                                                          IPS
                                                                     November 15, 2011



                    2001 CSI/FBI Computer Crime and Security Survey

      Of the organizations suffering security compromises in the last
                 year– 95% had Firewalls and 61%had IDSs
                                                    !

                                                    1998 1999 2000 2001
                 SECURITY TECHNOLOGIES
                 USED                                 %      %      %      %
                 Intrusion Detection Systems          35     42     50     61
                 Firewalls                            81     91     78     95
                 Encrypted Files                      50     61     62     64
                 Anti-virus software                  96     98    100     98
                 Access Control                       89     93     92     90



                 • False sense of security      – “We already have a Firewall

GUJARAT POLICE


                                           25                        MANOJ AGARWAL
                                                                                IPS
                                                              November 15, 2011




          COMPUTER CRIME STATISTICS
                 2002 Computer Crime and Security Survey (CSI)
                  – 91% of respondents detected breaches of
                    their computer security policy.
                  – 64% of respondents acknowledged financial
                    losses due to the breaches.
                  – 35% of respondents quantified financial
                    losses amounting to $377M (up 41% from
                    $266M).
                  – 60% may not have sufficient instrumentation
                    to detect breaches.
GUJARAT POLICE


                                     26                       MANOJ AGARWAL
                                                                         IPS
                                                November 15, 2011




                   WHY CRIMES WERE NOT
                        REPORTED

                 56% of crimes NOT REPORTED
                 – Embarrassment.
                 – loss of public confidence.
                 – False arrest concerns .


GUJARAT POLICE


                                 27             MANOJ AGARWAL
                                                           IPS
                                             November 15, 2011



            COMPUTERS CAN PLAY
            THREE ROLES IN A CRIME
        Weapon/Target
                                 • Storage Facility




                        • Tool


GUJARAT POLICE


                            28              MANOJ AGARWAL
                                                       IPS
                            November 15, 2011




                 CASE - I




GUJARAT POLICE


                    29      MANOJ AGARWAL
                                       IPS
                                      November 15, 2011



                      FAKE E-MAIL ID




        • FAKE E-MAILS
        • SMS MESSAGES THROUGH NET.


GUJARAT POLICE


                      30              MANOJ AGARWAL
                                                 IPS
                      November 15, 2011




GUJARAT POLICE


                 31   MANOJ AGARWAL
                                 IPS
                          November 15, 2011




                 CASE 2



GUJARAT POLICE


                   32     MANOJ AGARWAL
                                     IPS
                                          November 15, 2011



                                FAKE POLICE
                                CONSTABLES
        • CASE:
             – A PERSON CAUGHT WITH FAKE
               MOTOR VEHICLE LICENCE
             – POLICE SEIZED TWO HARD DISKS




GUJARAT POLICE


                           33             MANOJ AGARWAL
                                                     IPS
                      November 15, 2011




GUJARAT POLICE


                 34   MANOJ AGARWAL
                                 IPS
                      November 15, 2011




GUJARAT POLICE


                 35   MANOJ AGARWAL
                                 IPS
                      November 15, 2011




GUJARAT POLICE


                 36   MANOJ AGARWAL
                                 IPS
                          November 15, 2011




                 CASE 3



GUJARAT POLICE


                  37      MANOJ AGARWAL
                                     IPS
                                          November 15, 2011



         SPECIAL CELL, NEW DELHI

       • DELHI POLICE ARRESTED
            – PRESS REPORTER CHANGED IN TO ISI
              AGENT
            – SEIZED A LAPTOP AND WRIST WATCH




GUJARAT POLICE


                          38              MANOJ AGARWAL
                                                     IPS
                          November 15, 2011




                 CASE 4




GUJARAT POLICE


                  39      MANOJ AGARWAL
                                     IPS
                                          November 15, 2011



             A VICTIM OF WORLD CUP?
      • Ms. MANDIRA BEDI
           – POOR KNOWLEDGE IN CRICKET
           – A SHOW PIECE
           – CRICKET LOVERS ARE AGAINST FOR
             HER COMMENTRY , BUT LOVES HER ----
             --
      • PHOTO APPEARED IN SITE
        WWW,INDIANSEX4U.COM
GUJARAT POLICE


                          40              MANOJ AGARWAL
                                                     IPS
                          November 15, 2011




                 CASE 5



GUJARAT POLICE


                   41     MANOJ AGARWAL
                                     IPS
                                        November 15, 2011

                 NOT SAFE TO GIVE
                  VISITING CARD
      • IS IT SAFE TO GIVE VISITING CARD
        TO SOME BODY?

            – DETAILS KEPT UNDER
              INDIATIMES.COM UNDER ROMANCE
              COLUMN:
      • THE ACCUSED HER “FORMER
        COLLEAGUE “
      • THE MISTAKE SHE HAS DONE
GUJARAT POLICE

        GIVING VISITING CARD
                      42                MANOJ AGARWAL
                                                   IPS
                          November 15, 2011




                 CASE 6



GUJARAT POLICE


                   43     MANOJ AGARWAL
                                     IPS
                                              November 15, 2011

                   FIR.NO 581/2001 PS
                 KOTWALI SPECIAL CELL
                             • WASIM AHMED LILY@
                               WASIM           ASRAF
                               ARRESTED ON 12/10/01
                               ALONG WITH A TWO
                               SUIT CASES CONTAING
                               FAKE CURRENCYTO THE
                               TUNE OF 18.3 LAKHS
                               (1000,            500
                               DENOMINATIONS)
                             • POLICE    SEIZED    A
                               COMPUTER,   SCANNER,
                               PRINTER   FROM    THE
                               ACCUSED.
GUJARAT POLICE


                        44                    MANOJ AGARWAL
                                                         IPS
                                          November 15, 2011



                                    CONTD….
        • FORENSIC ANALYSIS REVEALED
             – HOW THE COMPUTER WAS USED IN
               THE PRODUCTION OF COUNTERFEIT
               CURRENCY
             – CURRENCY NOTES OF
               DENOMINATION OFNOT ONLY 500,1000
               BUT ALSO RS 50, 100.
        • FAKE POSTAL STAMPS
        • THE ADDRESSES OF THE AGENTS
          WHO ARE CIRCULATING
GUJARAT POLICE


                           45             MANOJ AGARWAL
                                                     IPS
                          November 15, 2011




                 CASE 7



GUJARAT POLICE


                  46      MANOJ AGARWAL
                                     IPS
                                         November 15, 2011

                 A CASE OF A PLASTIC
                           COMPANY
        • THE DIRECTORATE OF CENTRAL EXCISE
          INTELLIGENCE PERSONS RAIDED A
          PLASTIC COMPANY OWNER RESIDENCE
          ON 10/11/2001 AND SEIZED AN AMOUNT OF
          RS.2 CRORE.
        • PRODUCED 6000 CASH BILLS DATED
          PRIOR TO DATE OF RAID.
        • THE BILLS WERE DATED TO APRIL-
          OCTOBER 2001

GUJARAT POLICE


                         47              MANOJ AGARWAL
                                                    IPS
                                             November 15, 2011



                                      CONTD….
        • THE DGCEI OFFICILS SEIZED 12
          COMPUTERS WITH THE HELP OF
          COMPUTER FORENSIC EXPERTS
        • FORENSIC EXAMINATION OF
          COMPUTER SYSTEMS REVALED
             – EXCISE EVASION TO THE TUNE OF 26
               CRORES FROM 2000 ONWARDS
             – BACK MONEY DETAILS
             – THE BRIBES PAID TO THE EXCISE
GUJARAT POLICE
               OFFICILS
                            48               MANOJ AGARWAL
                                                        IPS
                          November 15, 2011




                 CASE 8



GUJARAT POLICE


                  49      MANOJ AGARWAL
                                     IPS
                                           November 15, 2011
                FIR NO 76/02 PS
             PARLIAMENT STREET
    • Mrs. SONIA GANDHI RECEIVED
      THREATING E-MAILS
    • E- MAIL FROM
          – missonrevenge84@khalsa.com
          – missionrevenge84@hotmail.com
    • THE CASE WAS REFERRED
    • ACCUSED PERSON LOST HIS
      PARENTS DURING 1984 RIOTS
GUJARAT POLICE


                            50             MANOJ AGARWAL
                                                      IPS
                            November 15, 2011




                 CASE - 9




GUJARAT POLICE


                   51       MANOJ AGARWAL
                                       IPS
                 PARLIAMENT ATTACK CASE

       • - Delhi police seized a laptop where they
         stored the incriminating material.
       • ON FORENSIC ANALYSIS:
          – ROLE OF Lo e T
          – IP ADDRESSES OF PAKISTAN
          – TELEPHONE NUMBERS
          – CODED MESSAGES
GUJARAT POLICE


                            52                  MANOJ AGARWAL
                                                           IPS
GUJARAT POLICE


                 53   MANOJ AGARWAL
                                 IPS
GUJARAT POLICE


                 54   MANOJ AGARWAL
                                 IPS
                           November 15, 2011




                 CASE-10




GUJARAT POLICE


                    55     MANOJ AGARWAL
                                      IPS
                                             November 15, 2011


           KARNATAKA MEDICAL
            EXAM(K- CET) SCAM
            -    OCR BASED ANSWERED SHEET.
            -    MODIFIED THE computer
                 (ANSWERS) PROGRAM AS PER
                 THE STUDENT ANSWERS SHEET.
            -    MADE FAILED CANDIDATES
                 SUCCESSFUL.
            -    --- THE AP INTERMEDIATE BOARD
                 MARKS SCANDAL.
GUJARAT POLICE


                             56             MANOJ AGARWAL
                                                       IPS
                                       November 15, 2011



                  President CLINTONS
                 IMPEACHMENT TRIAL




GUJARAT POLICE


                       57              MANOJ AGARWAL
                                                  IPS
                                                    November 15, 2011



                 CLINTONS IMPEACHMENT
                         TRIAL

                 – Forensic experts recovered deleted
                   data from Monica Lewinsky’shome
                   computer as well as “her” computer at
                   the pentagon
                 – Computer examinations of deleted
                   White House e - mail records exposed
                   the Clinton- Monica Lewinsky scandal

GUJARAT POLICE


                                58                  MANOJ AGARWAL
                                                               IPS
                   INVESTIGATION
     A good investigation need network forensic, hardware forensic and
     software forensic.

     The general approach to investigating the technical aspects of any
     computer related crime is:

 •    Eliminate the obvious.
 •    Hypothesize the attack.
 •    Collect evidence, including, possibly, the computer themselves.
 •    Reconstruct the crime.
 •    Perform a trace back to the source computer.
 •    Analyze the source, target, and intermediate computer.
 •    Turn your finding and evidentiary material over corporate
      investigators or law enforcement for follow-up.
GUJARAT POLICE


                                  59                         MANOJ AGARWAL
                                                                        IPS
                                                            November 15, 2011
            Cyber Crimes ?
                 Any crime that involves computers and networks

                 Includes crimes that do not rely heavily on computers
                        Alibi
                       Harassment
                       Black mail
                       Extortion
                       Frauds
                       Murder
                       etc....
GUJARAT POLICE


                                     60                     MANOJ AGARWAL
                                                                       IPS
                                                                 November 15, 2011
           What are we looking for ?
                 Hardware as contraband or fruits of crime.
                   Stolen computer system
                 Hardware as in instrumentality
                   Hardware designed exclusively to commit crime-sniffer
                 Hardware as evidence.
                   CD Writer to copy blue movies – Pornography
                 Information as contraband or fruits of crime.
                   Pirated software
                 Information as an instrumentality
                   Hacking program
                 Information as evidence.
                   Key of investigation- we are searching this
GUJARAT POLICE


                                     61                          MANOJ AGARWAL
                                                                            IPS
                                                             November 15, 2011
          How to Proceed ?
              Pre-investigation intelligence.
                 A must
             Visualize and access what you would encounter.
                 Prepare accordingly..
             Computer may be on / off
                 Blank screen does not indicate a off computer
             If computer is on
                 Note what all is on the screen
                 If the screen saver is operational, move the mouse
                 slightly..
             Map all the connections & mark the matching ends
                 Find out whether it is connected to the network.
             Decide on the next course of action..
GUJARAT POLICE


                                    62                       MANOJ AGARWAL
                                                                        IPS
                                                             November 15, 2011

         Strategy
            If you shut down the computer in the usual way
                Fall in a trap
            If you pull out the chord
                 Loose vital information on the RAM
           Good documentation of the Screen (photograph) will help
           resolve some of the discrepancies.

           Recommended strategy

                 Ensure that all drives are empty
                 Pullout the Chord from the computer (not from the
                 electric board as it may be connected to a UPS)

GUJARAT POLICE


                                    63                       MANOJ AGARWAL
                                                                        IPS
                                                             November 15, 2011

                 Seizing the computer
                   Computers do not have unique identity

                      It will not help also
                      Contents have to be seized uniquely.

                   Hashing
                      Only solution

                  Requirements are
                     Algorithm should run in an trusted environment
                     Suspect disk should be write-blocked
                     No time stamps should be altered

GUJARAT POLICE


                                      64                     MANOJ AGARWAL
                                                                        IPS
                 INVESTIGATION OF SEIZED
                        MATERIAL

        INTERNET CRIME               WEBSITE RELEATED CRIME

• In a 'simple' case of hacking it   • Confirm identity of suspect by
  would be possible to trace out       running the "who is' query".
  the IP address by the 'who is'
  query.

• The IP address may be found        • The "who is”details generated
  in the " page Source " head          may be genuine or that of a
  (Netscape)and "source" head          "compromised" machine.
  in Internet Explorer
GUJARAT POLICE


                                65                       MANOJ AGARWAL
                                                                    IPS
                  E-MAIL CRIMES
• The header will give the IP address. Run "who is" to ascertain the
    details of the service provider, whose Mail service was used by the
    suspect.
• If by analyzing circumstances, it is felt that the "who is "result is
    genuine, the location of suspect can be traced with the help of ISP.
• In case of forged/bogus or disguised/number letter mix-up e-mail
    identities, the ISP can help in identifying, the suspect with the
    help of the E-mail header by analyzing its contents and "message
    ID "(see boxes for forged/bogus, disguised senders details).
• The ISP will be able to help in locating a suspect, because when a
    person dials up to connect with an ISP, he/she is logged on to one
    of the Servers of the ISP. This server assigns ( depending on the
    port of entry) a specific IP address to the user. This IP address
    temporarily becomes the IP address of the user for that specific
GUJARAT POLICE
    session.                                                 MANOJ AGARWAL
                                  66
                                                                       IPS
                                            November 15, 2011


                   CARDINAL RULES OF
                 COMPUTER FORENSICS
                 -   NEVER TRUST THE SUBJECT
                     OPERATING SYSTEM
                 -   NEVER MISHANDLE EVIDENCE
                 -   NEVER WORK ON ORIGINAL
                     EVIDENCE
                 -   USE PROPER SOFTWARE
                     UTILITIES
                 -   DOCUMENT EVERYTHING
GUJARAT POLICE


                               67           MANOJ AGARWAL
                                                       IPS
                                              November 15, 2011



                     NEVER TRUST THE
                     SUBJECT SYSTEM
                 -   DONOT BOOT FROM SUSPECT
                     SYSTEM
                 -   DONOT USE SUSPECT OS
                 -   CRIMANALS MAY MODIFY ROUTINE
                     OPERATING SYSTEM COMMANDS TO
                     PERFORM DESTRUCTIVE COMMANDS.
                 -   DISCONNECT HARD DRIVE & BOOT
                     FROM FLOPPY (THE BIOS MAY
                     MODIFIED TO ALLOW BOOT FROM A
GUJARAT POLICE
                     FLOPPY
                                68            MANOJ AGARWAL
                                                         IPS
                                                  November 15, 2011

             STEPS TAKEN BY
           COMPUTER FORENSIC
                EXPERT
     -        PROTECT THE SUBJECT SYSTEM DURING
              EXAMINATION FROM ALTERATION,
              DAMAGE, DATA CORRUPTION OR VIRUS
              INTRODUCTION
         - DISCOVER & RECOVER ALL FILES      (active &
              deleted)
         - ACCESS THE CONTENTS OF PROTECTED OR
              ENCRYPTED FILES
         - ANALYZE ALL RELEVANT DATA

         - PRINTOUT AN OVERALL ANALYSIS

         - PROVIDE TESTIMONY IN COURT OF LAW
GUJARAT POLICE


                            69                    MANOJ AGARWAL
                                                             IPS
                                                      November 15, 2011
          Where do we find Evidence ?
                 In
                   The Computer
                      Suspect
                      Victim
                   The Server
                      Suspect
                      Victim
                  ISP’s
                     Who logged from where & when ?
                     Computers visited
                  Backbone Computers

GUJARAT POLICE


                                   70                 MANOJ AGARWAL
                                                                 IPS
                                                                November 15, 2011
         Issues to address
                 We cannot be masters of all trade
                 Fighting cyber crimes has to be a team effort involving
                    Law enforcement agencies
                       Handle cyber evidence
                       Use it to generate investigate trails
                       Know when to call an expert for assistance
                    Computer expert
                       How to handle cyber evidence
                       Generate investigative leads
                       Call enforcement agencies for assistance
                    Attorneys
                       How to defend cyber evidence
                       Determine whether it is admissible
                   Forensic Scientists
GUJARAT POLICE
                       How to process it
                                       71                       MANOJ AGARWAL
                                                                           IPS
                           November 15, 2011



                      QUESTIONS




GUJARAT POLICE


                 72        MANOJ AGARWAL
                                      IPS
                 THANK YOU
                             November 15, 2011




GUJARAT POLICE


                     73      MANOJ AGARWAL
                                        IPS

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:2
posted:11/15/2011
language:English
pages:73