Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

Cyber law Introduction

Cyber law is the part of the overall legal system that deals with the Internet, cyberspace, and
their respective legal issues. Cyber law covers a fairly broad area, encompassing several
subtopics including freedom of expression, access to and usage of the Internet, and online
privacy. Generically, cyber law is referred to as the Law of the Internet.
The first cyber law was the Computer Fraud and Abuse Act, enacted in 1986. Known as
CFAA, this law prohibits unauthorized access to computers and includes detail about the
levels of punishment for breaking that law.
Why are cyber laws needed?
Like any law, a cyber law is created to help protect people and organizations on the Internet
from malicious people on the Internet and help maintain order. If someone breaks a cyber law
or rule, it allows another person or organization to take action against that person or have
them sentenced to a punishment.
What happens if you break a cyber law?
There are different forms of punishment depending on the type of cyber law you broke, who
you offended, where you broke the law, and where you live. In many situations, breaking the
rules on a website result in your account becoming suspended or banned and your IP
addressed blocked. To determine the consequences of your action for minor offenses, we
recommend reviewing the companies terms of service or rules.
If you've committed a more serious offense such as hacking, attacking another person or
website, or causing another person or company distress, additional action may be taken
against you.

Cyber security regulation

A cyber security regulation comprises directives that safeguard information technology and
computer systems with the purpose of forcing companies and organizations to protect their
systems and information from cyberattacks like viruses, worms, Trojan horses, phishing,
denial of service (DOS) attacks, unauthorized access (stealing intellectual property or
confidential information) and control system attacks.[1] There are numerous measures
available to prevent cyberattacks.
Cyber security regulations Cybersecurity measures include firewalls, anti-virus software,
intrusion detection and prevention systems, encryption, and login passwords.[2] There have
been attempts to improve cybersecurity through regulation and collaborative efforts between
the government and the private sector to encourage voluntary improvements to cybersecurity.
[1] Industry regulators, including banking regulators, have taken notice of the risk from
cybersecurity and have either begun or planned to begin to include cybersecurity as an aspect
of regulatory examinations.
State & Private Sector in Cyberspace

After three decades of widespread development in digital technologies and

telecommunications, it has become evident that cybersecurity cannot be adequately

1
Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

ensured by the market’s “invisible hand.” Cybersecurity market failures call for state
intervention to advance the public interest and mitigate cybersecurity risks .
These failures include underinvestment by companies in cybersecurity due to partial
externalization of data breach costs, lack of efficient information-sharing due to anti-
trust laws, and the absence of product liability for software and hardware solutions. In
contrast to the engaged role states play in advancing the public interest vis -à-vis other
high-risk domains such as food safety, transportation, health services, and financial
operations, states are yet to engage in systematic private-sector cybersecurity risk
regulation.

The creation of regulatory regimes to enhance cybersecurity entails the establishment of

norms, rules, monitoring procedures, and enforcement practices for minimizing harm to
the public. The vulnerability of digital technologies creates risks to critical
infrastructures, business continuity, intellectual property, trade secrets, and consumer
privacy. Cybertechnologies are used across all sectors and for an increasing number of
purposes, even though their security cannot be completely assured. Despite this, we
still lack the ability to completely understand and prevent software and hardware from
failing. This inability to measure cybersecurity makes regulatory intervention a
significant challenge and pushes regulators to avoid the traditional command and control
methods of state regulation. Such an issue is exacerbated by the rapid pace and
associated uncertainty of technology development, as well as the involvement of a vast
number of stakeholders from the government, private, and scientific communities.

A comparative analysis of cybersecurity regulations across the United States, European

Union, United Kingdom (UK), France, Germany, and Israel reveals a variety of risk
approaches, levels of investment, degrees of institutionalization, and positions on the
influence of intelligence bodies. Still, a common theme emerges: the lack of systematic
effort by those states to address cybersecurity in the private sector. Many states have
rapidly increased their cybersecurity budgets in recent years and have expanded efforts
to build capacities in the realms of information sharing, cybersecurity standardization,
and risk management plans. However, no state currently provides systematic guidance to
the private sector as a whole to ensure national security in the face of private-sector
cybersecurity breaches.

The EU has recently sought to expand its oversight of the private-sector through its
new Network and Information Security (NIS) Directive, which imposes strict and
unprecedented requirements on cloud service providers and online search engines. In
contrast to the EU, the United States applies government intervention on selective actors
within the private sector – such as companies that process health or financial records –
but does not regulate the private-sector as a whole. France and the UK work with a
selective set of private-sector actors as well, while Germany attempts to increase the
influence of the state over the private sector only in the case of critical infrastructures.
For such infrastructures, minimum standards of protection – based on global
frameworks, such as the ISO framework – are required across the supply chain of
service providers. In the absence of systematic approaches to the mapping and miti gation
of cybersecurity risks, this selective state approach over cybersecurity in the private -
sector constrains the ability of each state to ensure its national security.

Beyond mandatory state regulations, there is also variance in the types of incentive s
offered to advance cybersecurity in the private sector. In the United States, such

2
Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

incentives mainly consist of liability waivers for actors within the private-sector that
share information regarding cyber threats with the government. The EU is currently
developing its own certification regime to designate products as ‘cyber-secure’ in ways
that will be equally recognized across member states, decrease the fragmentation of the
market, and motivate product manufacturers to certify their products to increase potential
sales. The UK obligates government contractors to apply certain security controls and
France offers a voluntary labeling scheme for cybersecurity products to set a high
cybersecurity bar for product manufacturers who compete in providing services in the
country. Germany offers a similar security evaluation for products and also invests in
forms of public-private cooperation that include periodical round tables with key
cybersecurity stakeholders and free access for the private-sector to government
information on cyber threats.

The Israeli case suggests some unique regulatory characteristics. The nation benefits
from close and trustful relationships between public and private entities and its
regulatory strategy has recently shifted to a centralized and consolidated approach under
the newly established National Cyber Directorate. Until 2015, different regulators,
consisting of either governmental departments or dedicated authorities, were responsible
for the formulation of state guidance for cybersecurity within their jurisdictions.
Recently, however, the National Cyber Directorate made several attempts
to consolidate cybersecurity regulations under one sovereign authority to ensure proper
implementation of cybersecurity guidelines. For example, the Directorate has placed its
own personnel across eighteen governmental departments. Still, despite recent attempts
to categorize firms in the market and set their required cybersecurity levels, there exists
no systematic process to detect and measure in advance the potential damage caused to
national security by a private-sector cybersecurity breach.

For each of the states mentioned above, the lack of consistent government regulation
within the private sector is especially alarming since the private-sector is the most
dominant sector in cyberspace. Even though private companies are the types of
firms most vulnerable to cyberattacks, such companies continue to set their own
cybersecurity standards according to operational and economic constraints, even if their
negligence exposes the public to risks. Anti-trust laws fuel the inherent failures of the
cybersecurity market by preventing companies from freely sharing information regarding
cyber threats across the entire eco-system and from improving risk assessment. State
governments must act to address such deficiencies as they build their regulatory regimes
for private sector cybersecurity. Just as companies have come to face repercussions for
the negative impact of their operations on the environment, they should assume liability
in relation to cybersecurity breaches with the potential to cause damage at the national
level. Nonetheless, state intervention should adopt a ‘smart regulation’ approach and rely
on a mixture of regulatory tools that embrace incentive-based approaches of
certification, liability shifting, and risk spreading (insurance) to govern a rapidly
developing domain.

As decision-making processes and critical infrastructures gradually become digital,

every potential regulatory model for cybersecurity must advance the public interest in
cyberspace, regardless of any conflict of interest. Ensuring information security,
business continuity, national security, trade secrets, and individual privacy across the
entire spectrum of digital society is critical for future human prosperity.

3
Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

Cyber Security Standards

Introduction to Cyber Security Standards

Cyber Security Standards, in the modern and highly dynamic era, everything works in a
different way. If something is working in one direction, then probably the other things could
do the same thing by moving in some other direction. So the entire idea behind this is, though
the approach may be different, things could still make the work happen. In terms of
cybersecurity, every party of the region believes in implementing their own set of standards
but as the Internet is something used worldwide, there are various standards that have to be
unchanged regardless of wherever the internet is being used.

What is Cyber Security Standards?

Below is the detail explanation of Cyber Security Standards:
• Cyber Security standard may be defined as the set of rules that an organization has to
comply in order to gain right for some particular things like for accepting online
payment, for storing patient data and so on. The standards consist of some of the basic
rules that the organization is supposed to obey in order to maintain compliance with
any of the cybersecurity standards. Based on the requirement of the enterprise or the
organization, there are several different standards that they can opt for to bring special

4
Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

capabilities. In some places, the government has its own standard that anyone has to
obey who is willing to work for the government.
• Cybersecurity standards can also be explained as the list of policies that have to be
applied in the system to hold the compliance of any standard. For illustration, if any
organization wants to accept online payment, it is a must for them to comply with the
PCI DSS standard. There are some of the strict rules that fall under this compliance
that the organization must have to follow in order to be eligible to process online
payment. Their system has to be up to date, free of vulnerabilities, they should
generate network report very often and things like there are included in the standards.
If the organization is able to provide healthy reports, they are good to accept online
payments, else they will not be able to ask for the payment through their online
interface.

Cyber Security Standards

There are several cybersecurity standards out there that are supposed to protect the system
and its users in various ways. Based on what kind of data has to be protected, there are
different standards. Below are some of the common and important standards:
1. ISO 27001
This is one of the common standards that adhere to the organization to implement an
Information security management system. It is comprised of the set of procedures that states
the rules and requirements which has to be satisfied in order to get the organization certified
with this standard. As per this standard, the organization is supposed to keep all the
technology up to date, the servers should exist without vulnerabilities and the organization
has to be audited after the specified interval to remain compiled to this standard. It is an
international standard and every organization that serves other organization that complies
with this standard is supposed to comply with ISMS policy that is covered under ISO 27001
practice.
2. PCI DSS
PCI DSS stands for Payment Card Industry Data Security Standard. This can be considered
as the standard that has to be opted by the organization that accepts payment through their
gateway. The businesses that store user data like their name and card related information
must have to adopt this standard in their organization. As per this compliance, the
technologies used by the organization should be up-to-date and their system should

5
Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

continuously undergo the security assessment to ensure that it is not having any severe
vulnerability. This standard was developed by the cluster of card brands(American Express,
Visa, MasterCard, JCB, and Discover).
3. HIPAA
HIPAA stands for Health Insurance Portability and Accountability Act. It is the standard that
the hospitals are supposed to follow to ensure that their patient’s data are fully protected and
cannot be leaked anyway. In order to comply with this standard, the hospital must have a
strong network security team who takes care of all the security incidents, their quarterly
security reports should be healthy, all the transaction has to be done in encrypted mode and
so on. This standard ensures that the critical health-related information of the patient will
remain secure so that the patient can feel safe about their health.
4. FINRA
FINRA stands for Financial Industry Regulatory Authority. This standard is all about making
things secure for the financial bodies that handle the funds or aggressively engaged in
financial transactions. In this standard, the system is supposed to be highly secure and to
comply with this standard, various measures have to be considered in terms of data security
and the user’s data protection. It is one of the most essential standards that all the
organizations based on finance are supposed to comply with.
5. GDPR
GDPR stands for General Data Protection Regulation. It is a standard defined by the
Europian government which is concerned about the data protection of all the users. In this
standard, the body that has to manage the compliance has to make sure that the user’s data is
secure and cannot be accessed without proper authorization. As the name states, this standard
mainly focuses on the safety of the user’s data so that they can feel safe while sharing it with
any of the organizations that are complying with the General Data Protection Regulation.
Conclusion
The cybersecurity standards work as the set of policies that define the methods or approaches
that have to be followed in order to keep the system protected. There are several
cybersecurity standards available in the market and some of the new standards are expected
to be introduced by this year. Almost all of the organization that operates at a higher level are
bound to comply with the standards as it is the factors that ensure the security of the
organization.

6
Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

Indian Cyberspace
Indian cyberspace was born in 1975 with the establishment of National Informatics Centre
(NIC) with an aim to provide govt with IT solutions. Three networks (NWs) were set up
between 1986 and 1988 to connect various agencies of govt. These NWs were, INDONET
which connected the IBM mainframe installations that made up India’s computer
infrastructure, NICNET (the NIC NW) a nationwide very small aperture terminal (VSAT)
NW for public sector organisations as well as to connect the central govt with the state govts
and district administrations, the third NW setup was ERNET (the Education and Research
Network), to serve the academic and research communities.

New Internet Policy of 1998 paved the way for services from multiple Internet service
providers (ISPs) and gave boost to the Internet user base grow from 1.4 million in 1999 to
over 150 million by Dec 2012. Exponential growth rate is attributed to increasing Internet
access through mobile phones and tablets. Govt is making a determined push to increase
broadband penetration from its present level of about 6%1. The target for broadband is 160
million households by 2016 under the National Broadband Plan. An indication in support of
the rapid pace of adaptation to the Internet in India is that, India’s top e-commerce retailer,
Indian Railways, saw its online sales go up from 19 million tickets in 2008 to 44 million in
2009, with a value of Rs. 3800 crore ($875 million)2.

3. Even though the Indian govt took a while to convert to computerization, there has been an
increasing thrust on e-governance. The govts e-governance plan is seen as a cost-effective
way of taking public services to the masses across the country. Critical sectors such as
Finance, Energy, Space, Telecommunications, Defence, Transport, Land Records, Public
Essential Services and Utilities, Law Enforcement and Security all increasingly depend on
NWs to relay data for both communication purpose and commercial transactions. The
National e-governance Program (NeGP) is one of the most ambitious in the world and seeks
to provide more than 1200 govt services online.

India’s Cyber Security Initiative

Having visualized the cyber security threat & its impact on national security, Indian govt has
taken many initiatives to protect the critical infrastructure driven by IT within Indian
cyberspace domain. Some of the initiatives are as follows:-

(a) Legal Framework to include enactment of IT Act (Amendment) 2008.

(b) Policy Initiatives.

(c) Cyber Security Initiatives.

IT Act (Amendment) 2008. Information Technology Act (IT Act) was enacted in year 2000
to provide legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication. To establish a robust cyber
security and data protection regime in the country, the IT Act was amended in year 2008. It
provides a comprehensive definition of the computer system & tries to ascertain liability
based on the type of cyber crime committed ( Hacking, spamming, tampering, identity theft,
impersonation, cyber terrorism, pornography, child pornography). The act introduces the
concept of ‘sensitive personal information’ and fixes liability of the ‘body corporate’ to

7
Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

protect the same through implementation of ‘reasonable security practices’. In case a body
corporate fails to do so, it can be fined upto Rs. 5 crore (approx. USD 1.2 million) by the
Adjudicating Officer and civil court can fine amount greater than Rs. 5 crore. The rules
issued under the Act, also require body corporates to follow privacy principles such as notice,
choice & consent, access & correction, disclosure to third party, etc. The amended Act
provides provision for legal action against a person for the breach of confidentiality and
privacy, under lawful contract. Critical systems can be declared as ‘protected systems’ under
the Act. Security breaches of such systems attract higher prison sentences. The amended Act
also enables setting up of a nodal agency for critical infrastructure protection and strengthens
the role of CERT-In. This Act creates provision for the central government to define
encryption policy for strengthening security of electronic communications. Presently,
encryption of upto 40 bits is allowed under the telecom policy. Cyber Appellate Tribunal,
which is now operational, is expected to expedite legal proceeding of cyber crime cases.
Overall, the IT (Amendment) Act, 2008 is an omnibus and comprehensive legislation which
includes provisions for digital signatures, e-governance, e-commerce, data protection, cyber
offences, critical information infrastructure, interception & monitoring, blocking of websites
and cyber terrorism21.

Policy Initiatives. The draft version of National Cyber Security Policy was released by the
DIT in March 2011 for public consultation. The draft policy has been aimed to enable secure
computing environment and adequate trust and confidence in electronic transactions. The
draft policy tries to layout the cyber security ecosystem for the country. It covers the
following:-

(a) Based on the key policy considerations and threat landscape, the draft policy identifies
priority areas for action.

(b) Identifies PPP as a key component.

(c) Identifies key actions to reduce security threats and vulnerabilities

(d) Establishment of National Cyber Alert System for early watch and warning, information
exchange, responding to national level cyber incidents and facilitating restoration.

(e) Defines role of sectorial CERTs and establishment of local incident response teams for
each critical sector organization.

(f) Implementation of best practices in critical information and government infrastructure

protection through creation, establishment and operation of Information Security Assurance
Framework.

(g) Establishes framework for Crisis Management Plan for Countering Cyber Attacks and
Cyber Terrorism.

(h) Identifies priorities for action for legal framework and law enforcement capability
development.

(j) Defines priorities for international cooperation for information sharing.

8
 Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

(k) Identifies indigenous Research & Development as an essential component of cyber

security and enlists thrust areas for R&D.

(l) Identifies major actions and initiatives for user awareness, education, and training
(capacity building).

(m) Defines responsible actions for network service providers, large corporates and
small/medium & home users to secure information and systems.

(n) Identifies various stakeholders (ministries and government departments only) in cyber
security and their responsibilities.

The Ministry of Communications and Information Technology (MCIT), Govt of India, is

formulating a combination of three interdependent and synergistic policies for IT, Telecom
and Electronics "Triad of Policies to Drive a National Agenda for Information &
Communications Technology and Electronics (ICTE)". The three policies are as below:

(a) National Policy on Electronics, 2011.

(b) National Policy on Information Technology, 2011.

(c) National Telecom Policy, 2011.

Introduction to forensic
One of the biggest threats facing businesses and corporations today is that of Cyber-attacks
and threats. If these are large enough in scale and magnitude, it could even be considered as
an act of Cyber terrorism, in which a significant impact can be felt in both regarding cost and
human emotion. Whenever something like this occurs, two of the most common questions
that get asked are:

1. How did it happen?

2. How can this be prevented from happening again in the future?

The term forensics literally means using some sort of established scientific process for the
collection, analysis, and presentation of the evidence which has been collected. However, all
forms of evidence are important, especially when a Cyber-attack has occurred. Thus, a formal
definition of computer forensics can be presented as follows:

“It is the discipline that combines the elements of law and computer science to collect and
analyze data from computer systems, networks, wireless communications, and storage
devices in a way that is admissible as evidence in a court of law.” (https://www.us-
cert.gov/sites/default/files/publications/forensics.pdf)

9
 Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

Obviously, when a Cyber-attack has occurred, collecting all relevant evidence is of utmost
importance to answer the questions which were outlined in above. However, keep in mind
that the forensics examiner/investigator is particularly interested in a particular piece of
evidence, which is known specifically as “latent data.”

In the Cybersecurity world, this kind of data (also known as “ambient data”) is not easily
seen or accessible upon first glance at the scene of a Cyber-attack. In other words, it takes a
much deeper level of investigation by the computer forensics expert to unearth them.
Obviously, this data has many uses to it, but it was implemented in such a way that access to
it has been extremely limited.

Examples of latent data include the following:

1. Information which is in computer storage but is not readily referenced in the file allocation
tables;

2. Information which cannot be viewed readily by the operating system or commonly used
software applications;

3. Data which has been purposely deleted and is now located in:

• Unallocated spaces in the hard drive;

• Swap files;

• Print spooler files;

• Memory dumps;

• The slack space between the existing files and the temporary cache.

The importance of computer forensics to a business or a corporation is of paramount

importance. For instance, there is often the thinking that simply fortifying the lines of defense
with firewalls, routers, etc. will be enough to thwart off any Cyber-attack. To the security
professional, he or she knows that this is untrue, given the extremely sophisticated nature of

10
 Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

today’s Cyber hacker.

This premise is also untrue from the standpoint of computer forensics. While these
specialized pieces of hardware do provide information to a certain degree as to
what generally transpired during a Cyber-attack, they very often do not possess that deeper
layer of data to provide those clues as to what exactly happened.

This underscores the need for the organization also to implement those security mechanisms
(along with hardware above) which can provide these specific pieces of data (examples of
this include those security devices which make use of artificial intelligence, machine
learning, business analytics, etc.).

Thus, deploying this kind of security model in which the principles of computer forensics are
also adopted is also referred to as “Defense in Depth.”

By having these specific pieces of data, there is a much greater probability that the evidence
presented will be considered as admissible in a court of law, thus bringing the perpetrators
who launched Cyber-attack to justice.

Also, by incorporating the tenets of a “Defense in Depth,” the business or corporation can
come into compliance readily with the federal legislations and mandates (such as those of
HIPPA, Sarbanes-Oxley). They require that all types and kinds of data (even latent data) be
archived and stored for audit purposes. If an entity fails any compliance measures, they can
face severe financial penalties.

The Steps Involved in Conducting a Computer Forensics Case

• Readiness:

This first part ensures that the forensics investigator/examiner and his or her respective team
is always prepared to take on an investigation at literally a moment’s notice. This involves:

11
 Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

• Making sure that everybody has been trained in the latest computer forensic
research techniques;

• Being aware of any legal ramifications when it comes time to visit the scene of
the Cyber-attack;

• Planning ahead as best as possible any unexpected technical/non-technical

issues at the victim’s place of business;

• Ensuring that all collection and testing equipment are up to speed and ready to
go.

• Evaluation:

At this stage, the computer forensics team receives their instructions about the Cyber-attack
they are going to investigate. This involves the following:

• The allocation/assignment of roles and resources which will be devoted

throughout the course of the entire investigation;

• Any known facts, details, or particulars about the Cyber-attack which has just
transpired;

• The identification of any known risks during the course of the investigation.

3) Collection:

This component is divided into two distinct sub phases:

• Acquisition:

This involves the actual collection of the evidence and the latent data from the
computer systems and another part of the business or corporation which may
have also been impacted by the Cyber-attack. Obviously, there are many tools
12
 Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

and techniques which can be used to collect this information, but at a very
high level, this sub phase typically involves the identification and securing of
the infected devices, as well as conducting any necessary, face to face
interviews with the IT staff of the targeted entity. Typically, this sub phase is
conducted on site.

• Collection:

This is the part where the actual physical evidence and any storage devices
which are used to capture the latent data are labeled and sealed in tamper
resistant bags. These are then transported to the forensics laboratory where
they will be examined in much greater detail. As described before, the chain of
custody starts to become a critical component at this stage.

• Analysis:

This part of the computer forensics investigation is just as important as the previous step. It is
here where all of the collected evidence and the latent data are researched in excruciating
detail to determine how and where the Cyber-attack originated from, whom the perpetrators
are, and how this type of incident can be prevented from entering the defense perimeters of
the business or corporation in the future. Once again, there are many tools and techniques
which can be used at this phase, but the analysis must meet the following criteria:

• It must be accurate;

• Every step must be documented and recorded;

• It must be unbiased and impartial;

• As far as possible, it must be completed within the anticipated time frames and
the resources which have been allocated to accomplish the various analyses
functions and tasks.

13
 Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

• The tools and the techniques which were used to conduct the actual analyses
must be justifiable by the forensics team.

• Presentation:

Once the analyses have been completed, a summary of the findings is then presented to the IT
staff of the entity which was impacted by the Cyber-attack. Probably one of the most
important components of this particular document is the recommendations and strategies
which should be undertaken to mitigate any future risks from potential Cyber-attacks.

Also, a separate document is composed which presents these same findings to a court of law
in which the forensics evidence is being presented.

Conclusions
In summary, the field of computer forensics is a very broad one, and the specifics which go
into it can only be defined by the circumstances in which it is techniques are being used in.
This article has examined a specific definition of computer forensics, as well as some of the
reasons as to why it is so important for a business or a corporation to have a complete
understanding as to what it is all about, and why they need to adopt its principles into their
respective security models.

The general steps that are involved in conducting a computer forensics investigation were
also reviewed in some detail. However, it is important to note that once a case has been
completed and the evidence has been presented to a court of law, and the judicial findings
have been ascertained, the implications of the investigation then need to be further examined.
This will be examined in the next article, from both a technical and legal perspective.

Cyber Evidence
Cyber Evidence is the digital forensics expert of choice for corporations, law enforcement,
attorneys, and other professionals by providing full service digital evidence collection,
handling, examination, and reporting. Cyber Evidence also provides expert witness
testimony, data recovery, and education services. When law firms and companies need
Computer Forensics in the Houston area or around the world they turn to Cyber Evidence.

14
Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

Cyber Evidence has been able to track and recover millions in corporate dollars and has
trained thousands of the world’s elite investigators.

It is more than three years since law was passed in India to recognize electronic documents as
admissible evidence in a Court of law. The necessary amendments were made to the Indian
Evidence Act 1872 by the Information Technology Act 2000 (ITA-2000).

In the case of electronic documents produced as "Primary Evidence", the document itself
must be produced to the Court. However, such electronic document obviously has to be
carried on a media and can be read only with the assistance of an appropriate Computer with
appropriate operating software and application software.

In many cases even in non-electronic documents, a document may be in a language other than
the language of the Court in which case it needs to be translated and submitted for the
understanding of the Court by an "Expert". Normally the person making submission of the
document also submits the translation from one of the "Experts". If the counter party does not
accept the "Expert's opinion", the court may have to listen to another "Expert" and his
interpretation and come to its own conclusion of what is the correct interpretation of a
document.

In the case of the Electronic documents, under the same analogy, "Presentation" of document
is the responsibility of the prosecution or the person making use of the document in support
of his contention before the Court. Based on his "Reading" of the documents, he submits his
case. This may however be disputed by the counter party. In such a case, it becomes
necessary for the Court to "Get the document Read by an expert" to its satisfaction. It is
necessary to have some clarity on the legal aspects of such documents presented to the Court
because most of the court battles are expected to revolve around "Proper Reading " of the
documents and "Possible manipulation of the documents".

In making presentation of an "Electronic Document", the presentor may submit a readable

form of the document in the form of a "Print Out". Question arises in such a case whether the
print out is a "Primary Evidence" or a "Secondary Evidence".

According to Indian Evidence Act, section 65 refers to "Cases in which secondary evidence
relating to documents may be given". However, the modifications made to this section by
ITA-2000 have added Sections 65 A and Section 65 B.

Though these sections have been numbered as A and B of 65, these are not to be treated as
sub sections of Section 65. As per schedule II to ITA-2000, serial number 9, it appears that
65A and 65B are to be treated as independent sections.

According to Section 65 A therefore, " Contents of electronic records may be proved in

accordance with the provisions of Section 65B".

15
Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

Whether by design or otherwise, Section 65B clearly states that " Not withstanding anything
contained in this (Ed:Indian Evidence Act) Act, any information contained in an electronic
record which is printed on a paper, stored, recorded or copied in optical or magnetic media
produced by a computer (herein after called the Computer Output) shall be deemed to be also
a document...."

However, for the "Computer Output" to be considered as admissible evidence, the conditions
mentioned in the Section 65 B (2) needs to be satisfied.

Section 65B(2) contains a series of certifications which is to be provided by the person who is
having lawful control over the use of the Computer generating the said computer output and
is not easy to be fulfilled without extreme care.

It is in this context that the responsibility of the Law Enforcement Authorities in India
becomes onerous while collecting the evidence.

In a typical incident when a Cyber Crime is reported, the Police will have to quickly examine
a large number of Computers and storage media and gather leads from which further
investigations have to be made. Any delay may result in the evidence getting obliterated in
the ordinary course of usage of the suspect hard disk or the media.

Any such investigation has to cover the following main aspects of Cyber Forensics, namely,

1. Collection of suspect evidence

2. Recovery of erased/hidden/encrypted data

3. Analysis of suspect evidence

If the process of such collection, recovery and analysis is not undertaken properly, the
evidence may be rejected in the Court of law as not satisfying the conditions of Section 65B
of the Indian Evidence Act.

In the evolution of the Indian challenge to Cyber Crimes, it may be said that during the last
three years, Police in different parts of the Country have been exposed to the reality of Cyber
Crimes and more and more cases are being registered for investigation. However, if the Law
enforcement does not focus on the technical aspects of evidence collection and management,
they will soon find that they will be unable to prove any electronic document in a Court of
Law.

The undersigned who has been working with a missionary zeal for dissemination of
knowledge on Cyber Crime Risks and Cyber Law Compliance in India, has already
(through www.ceac4india.com) provided a mechanism for archiving Cyber evidence of
certain kind such as web pages and e-mails.

16
Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

Now he has embarked on the next step of assisting the Law Enforcement in India with
suitable Computer hardware and software that would enhance the quality of "Cyber
Evidence" that can be produced to a court of law in case of any Cyber Crime.

These Cyber Forensic gadgets are not only products that are required by the Law
Enforcement authorities, but also the IT Auditors in the Corporate world. Hence this
information is likely to be of interest to both the Law Enforcement Authorities as well as the
Information System Auditors.

Web Attack Investigation

Pdf document
Internet Crime Investigation

Cyber Crime Investigation

Cybercrime Investigation, or computer oriented crime, is crime that involves a computer and
a network. The computer may have been used in the commission of a crime, or it may be the
target. Cybercrimes can be defined as: "Offences that are committed against individuals or
groups of individuals with a criminal motive to intentionally harm the reputation of the victim
or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern
telecommunication networks such as Internet (networks including but not limited to Chat
rooms, emails, notice boards and groups) and mobile phones (Bluetooth/SMS/MMS)”.
Claims of leaks, fraud, cyber espionage, financial tampering, computer crime, employee
misconduct, and other illegal or wrongdoing actions require corporations, law firms, and
government agencies to deploy digital forensic methods to piece together facts that lead to the
truth.
Unauthorised access Investigation
We investigate and analyse unauthorised cyber access or hacking incidents such as when
someone gains access to your cloud, server or physical device without your permission.
Hackers may gain access to your computer or device through security weaknesses, malware
or phishing. Once they have compromised your email, banking or social media accounts, they
can change passwords preventing you from accessing your account. Scammers often send out
messages impersonating and directing people to fake websites, or asking them to send
money. Modern attacks are very sophisticated the fake websites may seem to be genuine.
Malware Analysis
Malware analysis is the study or process of determining the functionality, origin and
potential impact of a given malware sample such as a virus, worm, trojan horse, rootkit, or

17
Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

backdoor. Cyber Criminals may use malicious software (or malware) to monitor your online
activity and cause damage to the computer. Malware is often downloaded when people open
an infected email attachment or click a suspicious link in an email. Malware can also be used
to steal your usernames, passwords or other information, which is then forwarded to a third
party.
‘Malware’ is a catch all term to describe different types of malware which include viruses,
worms, spyware, trojans or bots.
Sophisticated attacks Investigation
Sophisticated criminals are active daily to exploit vulnerabilities on computers and other
devices. Some of the techniques they use include:
• unauthorised access or hacking – when someone gains access to your computer
or device without permission,
• malware – malicious software (such as viruses, trojans and spyware) which
monitor your online activity and cause damage to the computer,
• denial of service attacks – an attack which floods a computer or website with
data, causing it to overload and prevent it from functioning properly. This type of
attack is more frequently targeted at businesses, rather than individuals.
DDOS - Denial of service or distributed denial of service attacks Investigation
Cyber attacks are common and often a method seen is a denial of service attack which floods
a computer or website with data, which can overload the system or computer and prevent it
from functioning properly. Unlike hacking or malware, it generally doesn’t involve access to
the computer system. A distributed denial of service (DDoS) attack is a denial of service
attack that comes from multiple systems, often a network of compromised computers.
Phishing Attack Investigation
Phishing attacks, email fraud, scams, online fraud happens in most cases when cyber
criminals find ways to hack into the email servers or accounts of small and medium
companies, often targeting those with business in Asia countries. Cyber criminals gain access
to email accounts and search through email accounts looking for sensitive information such
as outstanding, unpaid invoices or data relating to financial transactions and business between
supplier, vendor and clients. When cyber criminals identify a sale or a due invoice, the
fraudsters then send various fictitious emails from the hacked email account or an email
address replicated to the original purporting to be in charge of the sale or due invoice to be
paid, the fraudster is then asking for transfers of funds into a nominated bank account, usually
giving an excuse that there is a problem at the bank and an alternative account needs to be
18
Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

used. It is common that the nominated account is in the same name as the company name or
with a very slight change such as an extra letter. It is common the bank account to be in the
same city as the victim or client.

Cyberwarfare
Cyberwarfare is the use of technology to attack a nation, causing comparable harm to actual
warfare. ‘Cyberwarfare’ does not imply scale, protraction, or violence which are typically
associated with the term ‘war’.

Internet forensic
Internet Forensics uses the combination of advanced computing techniques and human
intuition to uncover clues about people and computers involved in Internet crime, most
notably fraud and identity theft.

All those who own websites, store vital information online or transact over the internet are
always under constant threat of falling victims of internet attack. Internet forensic is therefore
very important in making the internet a safe platform of transacting.

Types :

1. Email Forensics

Studying the source and content of electronic mail as evidence, identifying the actual sender
and recipient of a message and the physical location from which it was sent through e-mail
routing, as well as finding out the date/time etc. Another part of email forensics is the
investigation of lost emails, i.e. at what point was an email interrupted on it's route
(blacklisting, spam filters etc.)

2. Web Forensics

Web forensics is mainly used to analyze things like browsing history and general web activity
of a PC to check for suspicious usage or content that has been accessed. Web forensics also
refers to the monitoring of traffic on a webpage (i.e. how many people have visited, how long
they visited for.) to help judge how effective your web presence is.

19
Komal Pardeshi Cyber Laws and Forensic CSE Dept , WIT Solapur

3. Network Forensics

Network forensics is concerned with the monitoring and analysis of computer network traffic,
both local and WAN/internet, for the purposes of information gathering. Used for
prevention/monitoring of unauthorized access to a network

Why has internet forensics become so prevalent?

Internet forensics has become an important part of safe and secure internet usage and an
integral part of criminal investigation, where money transfers and communication between
parties can provide evidence, especially in white-collar crime.
Internet forensic consultants can use their expertise to monitor the activities in which
employees engage while logged onto the company's network, this is especially important if
there are employee's who have access to information the company would consider as volatile
or sensitive.
As the internet is growing exponentially, with more people using it every day, there are more
people at risk, and more people looking to take advantage of others web insecurity. The need
to protect your internet presence has necessitated the emergence and emphasized the
importance of internet forensics.

References:
www.computerhope.com/
https://en.m.wikipedia.org/wiki/Cyber-security_regulation
https://www.georgetownjournalofinternationalaffairs.org/online-edition/2018/5/27/the-role-of-the-
state-in-the-private-sector-cybersecurity-challenge
https://www.educba.com/cyber-security-standards/
https://resources.infosecinstitute.com/category/computerforensics/introduction/#gref
https://resources.infosecinstitute.com/category/computerforensics/introduction/#gref
https://cyberevidence.com/
http://internetforensics.co.za/

https://www.naavi.org/cl_editorial_04/edit_6_jan_04_01.htm
https://digitpol.com/cybercrime-investigation/

20