1 of 31

  • Litigation -hearing, process
  • Judicial proceeding – legal, court, official,
  • Proper diligence – thoroughness, attentiveness
  • Victim – sufferer
  • Allegation – claim, charge , complaint
  • Offender – lawbreaker, wrongdoer, criminal
  • Illegitimate – unlawful, illegal, criminal

2 of 31

4-Digital Evidences

Digital Evidence: Digital evidence is any information or data that can be confident or trusted and can prove something related to a case trial, that is, indicating that a certain substance or condition is present.

some of the popular electronic devices which are potential digital evidence are: HDD,CD/DVD media, backup tapes, USB drive, biometric scanner, digital camera, smart phone, smart card, PDA etc.

3 of 31

Forms of digital evidence:

Text messages, emails, pictures, videos and internet searches are most common types of digital evidences.

Digital evidence are used to establish a credible link between the attacker, victim, and the crime scene. Digital evidences may be in the form :

  1. Email messages(may be deleted one also)
  2. Office file
  3. Deleted files of all kinds.
  4. Encrypted file

4 of 31

Forms of digital evidence:

5. Compressed files

6. Temp files

7. Recycle bin

8. Web history

9. Cache files

10. Cookies

13. Registry

14. Unallocated space

15. Slack space

16. Web/email server access logs

17. Domain access logs

5 of 31

Best Evidence Rule

Original copy of the document is considered as superior evidence.(such as any printout, data stored in a computer or similar devices or any other output)

Best evidence, complete copy or a copy which includes all necessary parts of evidence.

6 of 31

Rules of Digital evidence(Law of Evidence)

These are legal principles that govern all the proof of facts. This rule helps us to determine what evidence must or must not be considered by a trier of fact.

The rules must be:

  1. admissible
  2. Authentic:
  3. Complete
  4. Reliable
  5. believable

7 of 31

Types of Digital evidence

  1. Illustrative evidence(demonstrative evidence) : photographs, videos, sound recording, x-rays, maps, drawing, graphs , charts , simulations and model.
  2. Electronic evidence: proofs obtained from electronic sources is called as digital evidence(email, hard drives etc).
  3. Documented evidence: it is same as demonstrative evidence. However here, the proof is presented in writing like contracts, wills, invoices etc.

8 of 31

Types of Digital evidence

4. Explainable evidence : It is used in criminal cases in which it supports the dependent.

5. Substantial evidence: A proof that is introduced in the form of a physical object, whether whole or in part is referred to as substantial evidence. Also called physical evidence.

6. Testimonial(declaration) : It is the kind of evidence spoken by the spectator(viewer, watcher, observer) under the oath, or written evidence given under the oath by an official declaration that ia affidavit.

9 of 31

Characteristics of Digital evidence

  1. Locard’s exchange principle: According to edmond locards’ principles, “when two items make contact, there will be an interchange”. The Locard principle is often cited in forensic sciences and is relevant in digital forensics investigations.

2. Digital stream of bits

cohen refers to digital evidence as a bag of bits, which in turn can be arranged in arrays to display the information.

10 of 31

Challenges in evidence handling

  1. Authentication of evidence

2. Chain of custody :

  • It is also referred as forensic link.
  • It is chronological documentation of electronic evidence.
  • It indicates the collections, sequence of control, transfer and analysis.
  • It also documents each person who handled the evidence, the data/time it was collected or transferred and the purpose for the transfer.

11 of 31

Importance to the court

It is possible to have the evidence presented in court dismissed if there is a missing link in the chain of custody. It is therefore important to ensure that a wholesome and meaningful chain of custody is presented along with the evidence at the court.

12 of 31

Following procedure is followed to establish the chain of custody.

  • Save the original documents.
  • Take photos of physical evidence.
  • Take screenshots of digital evidence content.
  • Document date, time and any other information of receipt.
  • Inject a bit-by-bit clone of digital evidence content into our forensic computers.
  • Perform a hash test analysis to further authenticate the working clone.

13 of 31

Consideration are involved with digital evidence

  1. Never work with the original evidence to develop procedures.
  2. Use clean collecting media.
  3. Document any extra scope.
    1. Identity of reporting agency.
    2. Case identifier or submission number
    3. Case investigator
    4. Date of receipt
    5. Date of report
    6. Descriptive list of items submitted for examination, including serial number,make and model
    7. Identity and signature of the examiner
    8. Results/conclusions.

14 of 31

4. Consider safety of personnel at the scene.

    • Identify the number and type of computers.
    • Determine if a network is present.

3. Interview the system administrator and users.

4. Identify and document the types and volume of media, including removable media.

5. Document the location from which the media was removed.

6. Identify offsite storage area and/or remote computing locations.

7. Identify proprietary software.

8. Determine the operating system .

15 of 31

Volatile evidence

Order of volatility :

  1. Registers and cache
  2. Routing tables
  3. Arp cache
  4. Process table
  5. Kernel statistics and modules
  6. Main memory
  7. Temporary file system
  8. Secondary memory
  9. Router configuration
  10. Network topology

16 of 31

Case Studies

Case 1 : Credit card fraud

State : Tamil Nadu

City : chennai

Section of Law : Section of Law:66 of Information Technology Act 2000 & 120(B), 420,467,468,471 IPC

17 of 31

Background

The assistant manager ( the complainant) with the fraud control unit of a large business process outsourcing(BPO) organization filed a complaint alleging that two of its employees had conspired with a credit card holder to manipulate the credit limit and a s a result cheated the company of INR 0.72 million.

18 of 31

Case 2:Hosting obscene profiles

Stae: tamil nadu

City: chennai

Sections of law : 67 of information technology

Act 2000 469, 509 of the Indian

Panel code

19 of 31

Background

The complainant stated that some unknown person had created an email ID using her name and had used this ID to post message on five web pages describing her as a call-girl along with her contact numbers

As a result she started receiving a lot of offending calls from men

20 of 31

Case 3: illegal money transfer

State : maharashtra

City : pune

Sections of law : 467,468,471,379,419,420,34 of IPC & 66 of IT ACT

21 of 31

BACKGROUND:

The accused in this case were working in a BPO, that was handling the business of a multinational bank. The accused, during the course of their work had obtained the personal identification numbers (PIN) and other confidential information of the bank’s customers. Using these the accused and their accomplices, through different cyber cafes, transferred huge sums of money from the accounts of different customers to fake accounts.

22 of 31

CASe- 4 : Take Travel Agent

State: Maharashtra

City : Mumbai

Sections of Law: 420,465,467,468,471,34 of IPC 143 of Indian railway Act 1989.

23 of 31

Background

The accused in this case was posing to be a genuine railway ticket agent and had been purchasing ticket online by using stolen credit cards of non residents. The accused created fraudulent records/profiles, which he used to carry out the transactions. The tickets so purchased were sold for cash to other passengers. Such event occurred for aperiod of about four months.

The online ticket booking service provider took notice of this and lodged a complaint with cyber crime investigation cell.

24 of 31

CASe- 5 : Creating fake profile

State: Andhra pradesh

City : Hydrabad

Sections of Law: 67 Information Technology Act 2000 507,509 of the Indian panel code

25 of 31

Background

The complainant received an obscence e-mail from an unknown e-mail ID. The complainant also notice that obscene profile along with photographs of his daughter had been uploaded on matrimonial sites.

26 of 31

  • The digital evidence are used to establish a credible link between _________
  • Attacker and victim and the crime scene
  • Attacker and the crime scene
  • Victim and the crime scene
  • Attacker and information

27 of 31

  • digital evidence must follow the requirement of the _________

  • Ideal evidence rule
  • Best evidence rule
  • Exchange rule
  • All of the mentioned

28 of 31

  • The evidences or proof that can be obtained from the electronic source is called the _________
  • A. digital evidence
  • Demonstrative evidence
  • Explainable evidence
  • Substantial evidence

29 of 31

  • Which of the following is not a type of volatile evidence
  • routing tables
  • Main memory
  • Log files
  • Cached data

30 of 31

  • The digital evidence are used to establish a credible link between _________

31 of 31

Business and Job