1 / 18

Digital Evidence Prospects

Digital Evidence Prospects. Investigation issues and the Indian Evidence Act summarized in a nut-shell. The Organized Crime Industry. White Collar Crimes. Criminals are the well educated ones. Knowledgeable of the crime scene and the act. Increasing rapidly (refer CERT/NCRB website)

amartino
Télécharger la présentation

Digital Evidence Prospects

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Digital Evidence Prospects Investigation issues and the Indian Evidence Act summarized in a nut-shell. shivam387@yahoo.com

  2. The Organized Crime Industry • White Collar Crimes. • Criminals are the well educated ones. • Knowledgeable of the crime scene and the act. • Increasing rapidly (refer CERT/NCRB website) • Financially motivated/disgruntled feeling. • Intentional attempts and not in the heat of the moment. shivam387@yahoo.com

  3. Conspriated Ones Some of the most challenging case studies are these conspiratedonesas they are thoroughly organised. • Competing and rival companies opt for data theft. • Eaves dropping and data surveillance. • Espionage and sabotage attempts through identified intruders • Cyber scouting for others. • Data fiddle (3rd party attempts). • Economic blows and grinds (usually in capital markets) shivam387@yahoo.com

  4. shivam387@yahoo.com

  5. Ground Zero (Field Investigation) • Usually literate people are Cyber criminals. • Well planned attempts. • Coordination with ISP and Intermediaries is late indeed. • Pre established channels are certainly beneficial. • Investigating workforce may lack expertised skill. • Late incident response tends to a voidable investigation. • Victims don’t know of their victimized status. • Most Computers have pirated softwares, infected applications, etc etc shivam387@yahoo.com

  6. Court Scene and Law Enforcement. • Thousands of cases listed everyday • A few hundred awaiting a Bail. • Few waiting hearing. • Time consuming process of understanding the technicalities of Cyber crime and allied aspects. • Courts/Prosecutors and Law enforcement agencies find it difficult to catch tech specific attempts. • Prosecution and the Police find it challenging to explain in details/educate. • Benefit of doubt may slip away. shivam387@yahoo.com

  7. Allied Forensics • Little knowledge of the Digital evidence procedures. • Digital Evidence is almost volatile. • Forensic equipments are not available. • Authorised personnel are not available 24*7. • Most Computers have pirated softwares, infected applications, etc • Not all gadgets are compatible or examinable. • Evidence and IT Act Laws are too flexed, not all examiners know it all. • SOP on Forensic examination is still awaited. shivam387@yahoo.com

  8. Hilarious hurdles ! • What is the meaning of a Hotmail ? • “Mouse mane eedur” (i.e.Rat) • The Soft disk examination report has not been submitted. • I don’t know what is Internet. • Explain what is IP Address and where is it found. …BE PREPARED FOR THIS… shivam387@yahoo.com

  9. The Indian Evidence Act • Governs the relevancy of digital evidence. • Lays the procedure for identifying evidence. • Demarcates a relevant evidence • Deals with admissibility issues. • Describes the validity of a proper evidence. • Has merged the meaning assigned to all “documents” with the word “electronic”, hence virtual data is also admissible. shivam387@yahoo.com

  10. Important sections • Section 22A : Oral admissions as to the contents of an electronic record are not relevant unless its genuineness is in question. • Section 39 : When an evidence to be produced is a part or segment of a larger part of conversation, book, mails or a series of transactions etc….the Court has its discretionary power to tender what is necessary and in the interest of justice. shivam387@yahoo.com

  11. Section 47 A : The opinion regarding the Digital Signature of a person can be determined from its Certifying authority, and the same tantamounts to a relevant fact. • Section 65 A : The contents of electronic record MAY be proved in accordance with section 65 B. • Section 65 B : Admissibility issues. • (1) All e-records if printed, copied or stored in an optical medium SHALL be deemed to be a document and shall be admissible if the conditions of section 65 B (2) are met with. shivam387@yahoo.com

  12. (2) (a) The computer output was produced by the person who regularly used it and under lawful occupancy,(even multiple computers shall bear a singular construction) (b) The said use was continuous for the data in relevance, (c) The computer should have been working properly or atleast to the extent as not to hamper the authenticity of the data in question. (d) The said data in question was fed into the computer in the ordinary course of the use. • (3) As enunciated in Sub sec 2 (a) regarding the use of a computer, where there are more than one computers in use…then such multiple computers shall bear a singular meaning for the purpose of interpretation within this provision. • (4) For the purpose of this section, If a statement is required to be given, a certificate is required to be provided with specific particulars and the nature of the deposition by the appropriate person in charge of the said device/computer. shivam387@yahoo.com

  13. Section 73 A : The Court has powers to direct the purported owner of a Digital signature, or the Controller or the Certifying Authority to produce the DSC or instruct such other person to use the public key to verify the details. • Section 85 A : The Court shall presume such records purporting to be an agreement where digital signatures are affixed, were so affixed by the parties to make the agreement conclusive. • Section 85 B : The Court shall presume unless otherwise proved that (1) a secure electronic record has been unaltered, since the time of its secure status relates to. (2) that the subscriber has affixed the digital signature himself with the intent of approving the contents. (3) For the purpose of this section, authenticity shall never be a presumption except for secure electronic record and secure digital signature. shivam387@yahoo.com

  14. Section 88 A : The Court may presume that a given piece of electronic message was transmitted from a computer “X” to Computer “Y” and that the message corresponds the same, but there shall be no presumption as to the person who used the computer “X”. • Section 90 A : Where the electronic record is more than 5 years old, the Court may presume that the purported digital signature was affixed by the said subscriber in due course at that time. • Section 131 : No person shall be compelled to produce a record which another person would be entitled to refused if the said would have been in custody of the same. shivam387@yahoo.com

  15. What does law say about FRED ? • Nothing … • All digital evidence examiners are merely appointed under the sec 79A of the IT Act 2000. • There are no prescriptions by the Law to adopt a specific forensic process. shivam387@yahoo.com

  16. However… • The opinion tendered by any cyber forensic expert is a mere opinion which is to be duly examined by the Court. • It is not a final or binding evidence. • No other person can tender an experts opinion under sec 45 of the Evidence Act, but the authenticity of the evidence opined can be always rebutted…that is for ends of Justice. shivam387@yahoo.com

  17. If you think you can… You can… The given subject is not Nuclear physics ! shivam387@yahoo.com

  18. Thank You Shankey Gupta 91 94339 22172 91 91635 22172 shivam387@yahoo.com shivam387@gmail.com shivam387@yahoo.com

More Related