Computer crime, also known as cybercrime, is any illegal activity that uses

computers or networks as tools or targets. Some examples of computer crimes

include:

 Hacking: Unauthorized access to a computer system or account to compromise computer

resources

 Financial fraud: Using computers to gain financial gain, such as through unauthorized access,
sabotage, or other means

 Identity fraud: Stealing and using personal information

 Ransomware: A type of cyberextortion, where a threat is made to prevent an attack unless

money is paid

 Cryptojacking: Hackers use resources they don't own to mine cryptocurrency

 Cyberespionage: Hackers access data from companies or governments

 Child pornography: Soliciting, producing, or possessing child pornography

Other types of computer crime include: Online and social media crimes, Publishing
or transmitting explicit material electronically, Copyright infringement, Illegal
gambling, and Selling illegal items online.

Cybercrime can be carried out by individuals or groups, and the level of technical
skill required can vary. Cybercriminals often operate in countries with weak or
nonexistent cybercrime laws to reduce the chances of detection and prosecution.

Elvidence provides a wide range of computer forensic services, ranging from data collection and analysis to
computer hacking investigations and expert witness services. Whilst this type of work is often linked to
gathering evidence for court cases it can have many other uses too. Here’s a look at some of what we can do
for businesses and individuals.

Computer Forensics

There’s been a significant rise in the amount of computer and internet related crime in recent years. This is
hardly surprising as we increasingly rely on computers and the internet to carry out transactions and store and
exchange information. The very nature of computers means that whatever you do leaves a trail of evidence, but
in order to be used in court this needs to be gathered and handled in such a way that it isn’t compromised. This
is where digital forensics comes into play.
Though the gathering of digital evidence now plays a key part in the investigation of many crimes, it’s also used
by a growing number of businesses. The skills of a computer investigator can be useful in uncovering misuse of
company computers or email, or the copying and leaking of data from within an organisation. Our services can
of course be adapted to meet the specific needs of the client.

Workplace and Fraud Investigation

Often abuses of computer and other digital systems happen in the workplace. This can take a number of forms
such as staff viewing inappropriate material using work internet connections, or passing commercially sensitive
information to competitors. In some cases maybe even setting up a new business in opposition to their
employer. Forensic examination of computers and mobile devices can reveal what has been happening.
Computer investigations are something that can be carried out covertly if required.

In some cases this activity may amount to actual fraud. Most financial and other transactions today are
recorded electronically and devices in an organisation may therefore need to be examined to determine if
fraudulent activity has taken place. Transaction information is only part of the story though. Often other
documents and emails can help identify the falsifying of stock records or invoices which in turn can indicate that
fraudulent activity has taken place.

Intellectual Property Theft

Thanks to technology it’s easier than ever to copy and distribute information and that leads to problems when it
comes to safeguarding intellectual property. It’s all too easy for employees to copy material to a flash drive or a
cloud storage service without the knowledge of the enterprise. However, the way computers work means that
these activities almost always leave a trace. Timely forensic investigation can provide evidence of the theft of
information allowing appropriate action to be taken.

Computer Hacking Investigations

Another problem faced by businesses today is unauthorised access to information. This can take place
internally through the misuse of legitimate credentials, or by someone trying to break into a system from
outside.

Hacking and unauthorised access can often go undetected until some other activity – such as actual theft of
data – has taken place. There are usually log files available that record access to a computer by particular
users or from particular internet addresses. The problem is that these logs are often overwritten on a rolling
basis so evidence can be wiped out. When signs of a problem are detected therefore it’s vital to act fast in
order to preserve information. Having an experienced digital forensic expert do this is essential as the
information may end up as evidence in a court case and if it’s incorrectly handled it could jeopardise the
outcome.
Expert Witnesses

When cases involving digital information come to court it may be that the services of an expert witness are
required. This is someone who – under the Civil Procedure Rules 2005 (CPR) – is required to have expert
knowledge from their skill and experience. They’re also required to be independent when delivering information
to the court. An expert witness may be required to produce a report and deliver evidence in court or at a
tribunal, arbitration hearing or other legal proceeding.
A computer forensic expert witness is likely to have experience and expertise in a number of areas including
theft, fraud, hacking malware and intellectual property theft. They may also be experienced in presenting digital
information in cases involving employment and family law or in criminal law areas including assault and drugs.

Under CPR the computer forensic expert witness is required to be independent and it’s therefore possible that
they could be instructed jointly by both parties. In this case the witness would outline the points of agreement
and disagreement between the parties in order to assist the court.

Authentication of Files

Computers have made it easy for almost anyone to create professional looking documents. Whilst this is an
undoubted benefit for businesses it can also lead to problems when it comes to determining the authenticity of
a document. It’s easy, for example, to change the date on a legal document like a will or a contract to make it
appear that it was created much earlier than it was. A computer investigator can determine the actual file
creation and modification dates from electronic copies in order to authenticate a document in the event of a
dispute.

Mobile Technology

Not so many years ago digital information was confined to computers located on desktops or in server rooms.
In recent times though technology has become much more ubiquitous and mobile. The smartphones and
tablets of today have more storage and processing power than the desktop machines of a decade or so ago.
The rise of mobile devices also makes it much more likely that personal equipment may be used for business
purposes, with many companies adopting Bring Your Own Device policies allowing employees to use their own
kit.

Removable storage media like USB sticks and SD cards comes into play too as they make it easy to carry
around and transfer relatively large volumes of information. When any of these devices is involved in a legal or
disciplinary issue it’s important that digital forensics is used so that the data can be recovered without being
compromised. Even if a device has been reset or formatted it may be possible to recover data, but if it’s done in
the wrong way the information could end up being worthless as evidence.

Recovering Data

The nature of electronic devices means that it’s easy to store data and equally easy to wipe it out again.
However, it’s remarkably difficult to remove information from a storage device completely. Elvidence’s
computer forensics experts have a lot of experience in recovering information even from devices that may be
physically damaged.

By using specialist tools data can be recovered from files or fragments whilst still preserving the integrity of the
data. Unlike paper documents a recovered digital file will still have information about its usage history, creation
dates, previous versions and so on. It’s also possible to recover deleted emails, internet history, uninstalled
software and more. This is useful for the legal areas we’ve already talked about but also for recovering
important business data from damaged or accidentally wiped storage.

eDiscovery

You may not have come across the term eDiscovery before. It’s used to describe the early stage of litigation
where the parties have to provide each other with records and other information relevant to a case. The
information included in an eDiscovery process may be documents, spreadsheets, email and multimedia files.
It can often be a complex process involving large quantities of data, so it’s important to have experts involved.
Elvidence will search for and extract relevant information and present it in a litigation-friendly format. These
procedures are applicable whether the case involves a small business with a couple of PCs or a large
corporate network.

Tracing Email

Email has in many cases replaced the telephone as the main means of business communication. But it’s all too
easy to create free email accounts with almost no verification taking place, it can therefore be difficult to know if
a message is from a legitimate sender.

It’s also easy for spammers, hackers and those with a criminal agenda to ‘spoof’ emails so that they appear to
come from somewhere else. A forensic investigation can in many cases lead to the true source of a suspicious
email.

Internet Investigation

We’ve come to rely on the internet for a whole range of day-to-day tasks from organising our social lives to
shopping and managing our bank accounts. But there’s a dark side to the internet too which might spark the
need for some sort of investigation. Cyber bullying or stalking for example, fake social media posts, defamation,
copyright theft and more can all take place online. Investigations in this area can be complex as sites may be
based overseas, but there are many things that can be done to trace posts and users.

IT Control and Audit

Whilst computers are now essential for most organisations, they often tend to be installed in a rather ad hoc
way over a number of years. Systems are bought to meet specific short-term needs without any sort of master
plan for their management or integration, especially in smaller businesses.
 Elvidence offers system audit services which help organisations to understand their systems and get back in
control. This can be especially useful following a restructure or merger or after the departure of an IT
administrator who set up the systems. By auditing and mapping out the IT infrastructure businesses can take
back control of their systems and put in places documentation and procedures to ensure they stay on top of
things.

Family Law

Digital forensic investigations aren’t just about criminal or disciplinary matters. Computer investigations can
have their place in other areas like family law too. Emails or text messages may provide evidence of marital
infidelity for example or analysis of computer contents may show that children are at risk of grooming or
viewing inappropriate content. Analysis of computer files can also uncover the existence of assets which
someone may be trying to hide in the event of a separation or legacy dispute.

Search Warrants

Sometimes the only way to get information in a legal matter is by using the force of the law. Elvidence staff can
help with the preparation and execution of Anton Piller Orders and search warrants to ensure that the right
data is targeted and recovered.

There are several rules of evidence in cyber forensics, including:

 Preserving evidence
Digital evidence must be acquired in a way that preserves its integrity, meaning it is
unaltered. This can be done by using tools and techniques that are valid and reliable, and by
identifying and considering the limitations of those tools.
 Admissibility
Digital evidence is admissible if it:
 Establishes a fact in the case
 Remained unaltered during the forensics process
 Has valid, reliable, and peer-reviewed examination results
 Is interpreted in an unbiased way
 Discloses errors, uncertainties, and limitations in the interpretations
 Authenticity
The evidence must be able to be tied to the incident in a relevant way.
 Completeness
Evidence should be collected that can prove the attacker's actions, as well as evidence that
could prove their innocence.
 Reliability
The evidence collection and analysis procedures must not cast doubt on the evidence's
authenticity and veracity.
 Believability
The evidence presented should be clearly understandable and believable by a jury.
 Confidentiality
Access to digital evidence should be limited to authorized personnel only.
 Hash values
Hash values can be used to identify and filter duplicate files, and to verify that a forensic image
was captured successfully.
The advancement of technology has made man dependent on internet for all his needs. Internet has given man
access to everything while sitting at one place. Social networking, online shopping, online studying, online jobs,
every possible things that Man can think of can be done through the medium of internet.

Using the computers for our day-to-day transactions is quite common now a days. For example, we pay our life
insurance premium, electricity bills, reserve flight or train or bus tickets, order book or any other product online
using personal computer, smart phones, public browsing centers etc.

The number of users doing online transactions are growing rapidly ever since, because of the convenience it
gives to the user to transact business without being physically present in the area where the transaction
happens. Criminals committing cybercrime are also growing day-by-day with the increased number of users
doing online transactions.

Ever since the creation of the Internet, people have been finding ways to conduct illegal activities using it as a
tool.

Online exploitation and abuse of girls and boys; the black cyber markets for the purchase and sale of illicit
drugs and firearms; ransomware attacks and human traffickers making use of social networks to attract victims.
The unprecedented scope of cybercrime - crossing borders in our homes, schools, businesses, hospitals and
other vital service providers - only amplifies the threats.

Motive behind the commission of cyber crime

Most cybercrime is committed by cybercriminals or hackers who want to make money. However, occasionally
cybercrime aims to damage computers or networks for reasons other than profit. These could be political or
personal.

How cyber crime is different from the other crimes

The cyber crime is different from any other crime happening in the society. The reason being, it has no
geographical boundaries and the cyber criminals are unknown.

Definition of cyber crime

Although it is universally agreed that cybercrime exists, there is no universal definition of what it means but still
we can say that

Cyber crime is a criminal activity that uses a computer to target the computer or it maybe defined as a crime
where a computer is the object of the crime and is used as a tool to commit an offense.

 Cybercrimes fall under State subjects as per the Seventh Schedule of the Constitution of India.

Types of cyber crime

Cyber crime can be basically divided into three major categories:

i. Cyber crimes against persons- like harassment occur in cyberspace or through the use of cyberspace.
Harassment can be sexual, racial, religious, or other.
ii. Cyber crimes against property- like computer wreckage (destruction of others' property), transmission
of harmful programs, unauthorized trespassing, unauthorized possession of computer information.
iii. Cyber crimes against government -like Cyber terrorism

Below are the Few examples of cybercrimes:

 Distributed Denial-of-Service (DDoS) Attacks: These are used to make an online service
unavailable and take the network down by overwhelming the site with traffic from a variety of sources.

 Botnets: Botnets are networks from compromised computers that are controlled externally by remote
hackers. The remote hackers then send spam or attack other computers through these botnets.

 Identity Theft: This cybercrime occurs when a criminal gains access to a user's personal information
or confidential information and then tries to tarnish reputation or seek a ransom.

 Cyberstalking: This kind of cybercrime involves online harassment where the user is subjected to a
plethora of online messages and emails. Typically, cyberstalkers use social media, websites, and
search engines to intimidate a user and instill fear.

 Phishing: It is a type of social engineering attack often used to steal user data, including login
credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity,
dupes a victim into opening an email, instant message, or text message.

Analysis Of Cybercrimes In India:

India is the second largest online market in the world with over 560 million internet users, Ranked only behind
China. And it is estimated that by 2023, there would be over 650 million internet users in the country. According
to the latest national crime records bureau NCRB data, a total of 27, 248 cases of cybercrime were registered
in India in 2018.

In Telangana, 1205 cyber crime cases where registered in the same year. According to FBIs report, India
stands third among top 20 cybercrime victim. The national cyber crime reporting portal (cybercrime.gov.in)
which was started last year by the central government received 33,152 complaints till now resulting in lodging
of 790 FIRs.

Total number of cyber crimes reported in India from 2012-2020

The above table clearly shows the increasing number of cybercrimes cases in India..

How to file a cyber crime complaint

By following below-mentioned steps, one can report a cyber-crime online:
Step 1: Go to https://www.cybercrime.gov.in/Accept.aspx.

Step 2: Click on 'Report Other Cyber Crimes' on the menu.

Step 3: Create 'Citizen login'.

Step 4: Click on 'File a Complaint'.

Step 4: Read the conditions and accept them.

Step 5: Register your mobile number and fill in your name and State.

Step 6: Fill in the relevant details about the offence.

What is Cybercrime Investigation?

Investigation of a Cybercrime is process consisting of investigating, analysing, and recovering forensic data for
digital evidence of a crime. It involves the use of specialized tools and techniques to investigate various types
of cyber crimes, such as hacking, phishing, malware, data breaches, and identity theft.

Examples of evidence in a cyber crime investigation include a computer, cell phone, automobile navigation
system, video game console, or other networked device found at the scene of a crime. This evidence helps
cyber crime investigators determine the perpetrators of a cyber crime and their intent.

The investigation process is conducted by cyber crime investigators, who are responsible for conducting
thorough and accurate investigations, preserving evidence, and collaborating with law enforcement agencies to
bring cybercriminals to justice. Cybercrime investigation is essential for businesses and individuals to protect
against the growing threat of cybercrime, and to ensure that justice is served for victims of cybercrime.

Cybercrime investigation is a complex and constantly evolving field, as new threats and technologies emerge.
As a result, investigators must stay up-to-date with the latest techniques and tools in order to effectively
investigate and mitigate cyber crimes.

For conducting cyber-crime investigation, certain special skills and scientific tools are required without which
the investigation is not possible. Investigating a crime scene is not an easy job. It requires years of study to
learn how to deal with hard cases, and most importantly, get those cases resolved.

Cyber Crime Investigation Techniques

While techniques may vary depending on the type of cybercrime being investigated, as well as who is running
the investigation, Activities that a computer crime investigator performs include recovering file systems of
hacked computers, acquiring data that can be used as evidence to prosecute crimes, writing reports for use in
legal proceedings, and testifying in court hearings.

Cyber crime investigation techniques include:

 Performing background checks:

Establishing the when, where, and who of a crime sets the stage for an investigation. This technique
uses public and private records and databases to find out the backgrounds of individuals potentially
involved in a crime.

 Gathering information:
One of the most important things any cybersecurity researcher must do is grab as much information as
possible about the incident.

Was it an automated attack, or a human-based targeted crime? Was there any open opportunity for
this attack to happen? What is the scope and impact? Can this attack be performed by anyone, or by
certain people with specific skills? Who are the potential suspects? What digital crimes were
committed? Where can the evidence be found? Do we have access to such evidence sources?

This technique is one of the most critical in cyber crime investigations. Here, investigators ask
questions such as: What evidence can be found? What level of access to sources do we have to
gather the evidence? The answers to these and other questions provide the foundation for a
successful investigation.

 Running digital forensics:

Cyber crime investigators use their digital and technology skills to conduct forensics, which involves
the use of technology and scientific methods to collect, preserve, and analyze evidence throughout an
investigation. Forensic data can be used to support evidence or confirm a suspect's involvement in a
crime.
 Once researchers have collected enough data about the cybercrime, it's time to examine the digital
systems that were affected, or those supposed to be involved in the origin of the attack. This process
involves analyzing network connection raw data, hard drives, file systems, caching devices, RAM
memory and more. Once the forensic work starts, the involved researcher will follow up on all the
involved trails looking for fingerprints in system files, network and service logs, emails, web-browsing
history, etc.

 Tracking the authors of a cyber crime:

With information about a crime in hand, cyber crime investigators work with internet service providers
and telecommunications and network companies to see which websites and protocols were used in
the crime. This technique is also useful for monitoring future activities through digital surveillance.
Investigators must seek permission to conduct these types of activities through court orders.

Cybercrime Investigation Tools

Cybercrime investigation requires the use of specialized tools and software to collect, preserve, and analyse
digital evidence. These tools can be used to identify suspects, track their activities, and gather evidence to
build a case against them.

Here are some of the most common cybercrime investigation tools used by investigators:

1. Digital Forensics Software:It is used to recover deleted files, analyze metadata, and examine
network traffic logs. Popular digital forensics software includes tools like EnCase, FTK, and Autopsy.
Digital forensics helps investigators piece together evidence and determine the timeline of events in a
crime. It is mainly made up of network forensics and memory/disk analysis. By analyzing information
found on disks and through networks, investigators can learn about other potential conspirators in the
crime. This could help them track down these individuals and stop them before another crime is
committed.

2. Network Analysis Tools They are used to monitor network traffic, identify suspicious activity, and
track the flow of data. Network analysis tools include tools like Wireshark, tcpdump, and Netscout.

3. Malware Analysis Tools They are used to analyze and reverse engineer malware to understand its
behavior and identify its source. Malware analysis tools include IDA Pro, OllyDbg, and Binary Ninja.

4. Password Recovery Tools They are used to recover passwords from encrypted files, databases, or
other sources of digital evidence. Password recovery tools include tools like Cain and Abel, John the
Ripper, and Hashcat.

5. Social Media Analysis Tools They are used to track suspects' activities and gather evidence from
social media platforms. Social media analysis tools include tools like Hootsuite, Followerwonk, and
Mention.

Above are the few examples of the many cybercrime investigation tools available to investigators. It's important
for investigators to have a deep understanding of these tools, as well as knowledge of the latest trends and
techniques in cybercrime investigation.

By using these tools effectively, investigators can help to identify and prosecute cyber criminals and protect
individuals and organizations from the growing threat of cybercrime.

Cyber Crime Investigation Training:

Cybercrime investigation is a complex and rapidly-evolving field that requires specialized training and expertise.
There are a variety of training programs available to individuals interested in pursuing a career in cybercrime
investigation.
  Law enforcement agencies often offer specialized training programs for cybercrime investigation.
These programs can provide investigators with the knowledge and skills they need to identify and
investigate cyber crimes, as well as the legal and regulatory requirements for handling digital evidence.

 Industry certifications are also available in cyber crime investigation, such as the Certified Cyber Crime
Investigator (CCCI) or the Certified Computer Examiner (CCE). These certifications can demonstrate
an investigator's expertise and help them stand out in a competitive job market.

 Many colleges and universities offer degree programs in cyber security, digital forensics, or other
related fields. These programs can provide students with a strong foundation in cyber crime
investigation, as well as the technical and analytical skills needed to succeed in this field.

 Private companies and organizations also offer training programs in cybercrime investigation. These
programs can provide specialized training in areas such as digital forensics, network analysis, or
malware analysis.

It's essential for individuals interested in pursuing a career in cyber crime investigation to seek out training
programs that align with their career goals and interests. By investing in specialized training and education,
individuals can develop the skills and knowledge needed to succeed in this exciting and important field.

Cybercrime investigators must be experts in computer science, understanding not only software, file systems
and operating systems, but also how networks and hardware work. They must be knowledgeable enough to
determine how the interactions between these components occur, to get a full picture of what happened, why it
happened, when it happened, who performed the cybercrime itself, and how victims can protect themselves in
the future against these types of cyber threats.

Crime Scene Investigation: Search and Seizure

The sequences of steps for digital crime scene investigations are:

 Identifying and securing the crime scene- Obtain IP Address, Locating the IP address of the suspect,
and Gaining access to the IP address, through the Internet service provider by way of either a warrant,
subpoena, or court order;

On identifying the internet Service Provider (ISP) (i.e. the IP Network provider), contact the provider's
management, (In some countries, this is done through the Police); to request to be able to gain access to the
call detail records (CDRs), through the allotted IP address used by the suspect(s) - The Internet Service
Provider (ISP) may cooperate fully, or you may need to obtain a subpoena, warrant, or court order, for this
purpose.

(NOTE that ISPs have records of everything a subscriber does on the Internet!

 Procedure for gathering evidences from Switched-off Systems

 Procedure for gathering evidence from live systems
 Forensic duplication
 Conducting interviews
 Labeling and documenting of the evidence
 Packaging and transportation of the evidence
 Panchanama (Seizure Memo) and Seizure Proceedings T - The legal provisions empowering the IOs
to conduct search and seizure are provided under Section 165 Cr PC and Section 80 of the ITAA 2008
 Make sure one of the technical people from the responder side along with two independent witnesses
is part of the search and seizure proceedings, to identify the equipment correctly and to guide the IO
and witnesses
 Please refer to the notes made during the pre-investigation assessment for cross verifying and
correctly documenting the technical information regarding equipment, networks, and other
communication equipment at the scene of crime
  Time Zone/System Time play a very critical role in the entire investigation. Please make sure this
information is noted carefully in the panchanama, from the systems that are in Switched on condition
 Please don't switch ON any device
 Make sure a serial number is allotted for each device, and the same should be duly noted not only in
the panchanama but also in the Chain of Custody and Digital Evidence Collection forms
 Make sure each device is photographed before starting the investigation process at their original place
along with respective reference like cubicle number or name room surroundings, etc
 Make sure to photograph the Hard Disk Drive or any other internal part along with the system, once
removed from the system
 If possible, please paste the serial number along with PF number/Crime number/section of law
 Capture the information about the system and data you are searching and seizing in the panchanama
 Brief the witnesses regarding the tools used to perform search and seizure of the digital evidence
 Make sure that the panchas have some knowledge and ability to identify various digital devices
 Document the Chain of Custody and Digital Evidence Collection forms explained below, apart from
your regular panchanama as a Best practice, for digital evidences
 Please make sure all the details mentioned in the forms are completely filled

This chart shows the process of cyber crime investigation in India.

Chain of custody
Chain of custody refers to the documentation that shows the people who have been entrusted with the
evidence. These would be people who have seized the equipment, people who are in charge of transferring the
evidence from the crime scene to the forensic labs, people in charge of analyzing the evidence, and so on.

Once the evidence is collected and every time the evidence is transferred, it should be documented and no one
else other than the person entrusted with the exhibit shall have access to the evidence.

Conclusion:
We are living in a digital age and cyberspace is not limited to one's boundaries, rather it covers an entire world.
As a result cybercrime is increasing day by day in all the countries including India. The biggest challenge
relates to cybercrime being its dynamic nature because of the ongoing evolution of digital technology. As a
result new cybercrime methods and techniques come into practice.

Therefore cybercrime should be given as much importance as other crime happening in our society be it theft,
rape, murder etc