Beruflich Dokumente
Kultur Dokumente
Cyber terrorism
Hacking and sabotage
Credit card frauds Crime against Government
Phising
Cyber pornography
Sale of illegal articles-narcotics, weapons,
wildlife
Online gambling Crime against property
Intellectual Property crimes- software piracy,
copyright infringement, trademarks violations,
theft of computer source code
Email spoofing
Forgery
Defamation Crime against persons
Cyber stalking
Individual
sector
society
State level
Global
Malware
Identifying
Preserving
Analysing
Presenting evidence in a legally
admissible manner
Classification of computer forensics
Disk based forensics
Network based forensics
Mobile forensics
E-mail forensics etc
Existing Files
Deleted Files
Logs
Special system files (registry etc.)
Email archives, printer spools
Administrative settings
Internet History
Chat archives
Misnamed Files
Encrypted Files / Password Protected files
Steganography /hidden files
E-mail forensics
E-mail composed of two parts- header and body
Examine headers
Request information from ISP
Trace the IP
Tools-Encase,FTK,Final email
Sawmill groupwise
Automation for logging
Cracking the password- brute force attack, smart search, dictionary search,
date search, customised search, guaranteed decryption, plaintext attack
Passware, ultimate zip cracker,office recovery enterprise,etc
The criminal prosecution pyramid
Conviction/acquittal
Trial
Contents of charge
By virtue of provision of Section 65A, the contents of electronic records may be proved in evidence
by parties in accordance with provision of 65B.
Held- Sub section (1) of section 65B makes admissible as a document, paper print out of electronic
records stored in optical or magnetic media produced by a computer subject to fulfillment of
conditions specified in subsection 2 of Section 65B .
a) The computer from which the record is generated was regularly used to store or process
information in respect of activity regularly carried on by person having lawful control over the
period, and relates to the period over which the computer was regularly used.
b) Information was fed in the computer in the ordinary course of the activities of the person having
lawful control over the computer.
c) The computer was operating properly, and if not, was not such as to affect the electronic record or
its accuracy.
d) Information reproduced is such as is fed into computer in the ordinary course of activity.
In the context of Section 65B(2)(c) the condition that throughout the material part of the period to
which the computer operations related, the computer was operating properly has to be complied
with.
Secondary evidence can be led apart from certification procedure in Section 65B(d)
State v Mohd Afzal,
2003 (7) AD (Delhi)1
Mohd Afzal case- Parliament attack case-
cyber terrorism
I-Cards, slips of papers containing telephone numbers and mobile phones were seized from
accused. The laptop which was seized from the two terrorists, who were gunned down when
Parliament was under siege on December 13 2001, was sent to Computer Forensics Division
of BPRD after computer experts at Delhi failed to trace much out of its contents.
The laptop contained several evidences that confirmed of the two terrorists motives, namely
the sticker of the Ministry of Home that they had made on the laptop and pasted on their
ambassador car to gain entry into Parliament House and the fake ID card that one of the
two terrorists was carrying with a Government of India emblem and seal.
The emblems (of the three lions) were carefully scanned and the seal was also craftly made
along with residential address of Jammu and Kashmir. But careful detection proved that it was
all forged and made on the laptop.
investigate about the mobile numbers found written on the slips of paper recovered from the
terrorists-also the mobile phones recovered from the terrorists and the three SIM cards
recovered from the purse of terrorist-a) SIM cards corresponding to telephone number
9810693456 recovered from the purse of Mohd. was used in six instruments.
b) Last call made from this mobile number 9810693456 was made to mobile No. 9811489429
(the number on the I. Cards recovered from the terrorists) at 11.25 A.M. on 13.12.2001 (Time
was when attack was on).
Phone tapping was adopted and accused were found to have connections from Srinagar.
State vs Mohd Afzal
Held- The testimony of PW.35 and PW.36 establishes that the call details
Ex.PW.35/2 to Ex.PW.35/8 and Ex.PW.36/1 to Ex.PW. 36/5 were computer
generated and pertained to the respective periods indicated in the print
outs. Testimony establishes that they related to the services provided by
the respective companies in respect of the different mobile phone numbers.
It is true that neither witness made a positive statement that during the
relevant period, the computers worked properly but reading the statement
as a whole, the same is implicit. No suggestion was given to the witness
that their computers were malfunctioning.
We are satisfied that on the evidence on record, the prosecution has duly
proved the electronic record Ex.PW.35/2 to Ex.PW.35/8 and Ex.PW.36/1 to
36/5. The technical flaw whereby on four occasions double entries have
been recorded are explainable, in that,they are double entries pertaining to
the called and caller numbers. Even otherwise as held in Ana Marcolino
(Supra) the malfunction is not sufficient to cast a doubt upon the capacity
of the computer to process information correctly. It does not establish in
any way that the capacity of. the computer to process, store and retrieve
information used to generate the statement, tendered in evidence, was
effected.
State v Navjot Sandhu
(2005)11 SCC 600
Held, while examining Section 65 B Evidence Act, it may be
that certificate containing details of subsection 4 of Section 65
is not filed, but that does not mean that secondary evidence
cannot be given.
Q.3 Electronic Evidence in form of affidavit by Chief Technology officer as per Section 65A
and B of evidence Act is-
(1) admissible as secondary evidence (2) admissible as primary evidence (3) not admissible
(4) depends on facts of a case
Q.4 Forging of electronic document is punishable under Section 470 read with Section 465
IPC with a period of imprisonment of a term that may extend to
(1) five years (2) three years (3) two years (4) one year
Q.5 using a digital signature of a director malafidely without permission to sign a document
amounts to a
(1) identity theft (2) negligence (3) perfectly legal act (4) tort
Thank you!
SETH ASSOCIATES
ADVOCATES AND LEGAL CONSULTANTS
New Delhi Law Office:
C-1/16, Daryaganj, New Delhi-110002, India
Tel:+91 (11) 65352272, +91 9868119137
Corporate Law Office:
B-10, Sector 40, NOIDA-201301, N.C.R ,India
Tel: +91 (120) 4352846, +91 9810155766
Fax: +91 (120) 4331304
E-mail: mail@sethassociates.com