Investigation Of Cyber Crimes: Introduction To Cyber Forensic

What if someone has to face cyber attack? What next? The next step is to report cyber crime. But if a person comes in contact with cyber forensic principles, then the possibility is reduced that the person accidentally destroys the important cyber evidence.

Computer Forensic: There is a branch of cyber forensic science related to equipment and techniques to examine digital data to find evidence against a crime that can be produced in court. This is a practice of preserving, extracting, analyzing and documenting evidence from digital devices such as computers, digital storage media, smartphones, etc., to be used to make specialist opinions in legal/administrative matters.

Computer forensic plays an important role in any organization because our dependence on computing equipment and internet is increasing day by day. According to a survey conducted by the University of California, 93% of all the information generated during 1999 was generated on a computer, produced on the computer, using only 7% paper of the remaining information, etc. It is not always easy to collect evidence because the data can be replaced, removed, hidden or encrypted. Digital forensic investigation is a highly efficient function, which requires the discovery of various devices, techniques, and guidelines to find and recover digital equipment from the crime site or to reconstruct digital devices. Due to the processing capacity of digital devices such as smartphones, tablets, pampatops, smart TVs, etc., the possibility of using these devices in cyber crime cannot be ruled out. A forensic investigator should not only have a deeper understanding of the functioning of these devices, but should also have a practical experience of the equipment for accurate data recovery, so that the value and interestingness of the data remains preserved.

Computer can be used intentionally or unknowingly for cyber crime. It is deliberately used to use your computer to send hate -filled mails or install a crafted version of any other licensed software in your computer. Inadvertently the use made is that the computer you are using has a virus and it spreads in the network and outside the network, causing a big loss to a person. Similarly, computers can be used directly to perform digital offenses. For example, your computer is used to access sensitive and classified data and data is sent to someone inside/outside the network who can use this data for its advantage. The indirect use of a computer is when downloading a software crack, a trojan horsepy in the computer is stored, while a rear door is made in the network to facilitate hackers. Now the hacker logs into your computer and uses it to commit cyber crime. An experienced computer forensic investigator plays an important role in differences in direct and indirect attacks. Computer forensic experts are also useful for recovery of casual data loss, industrial espionage, forgery etc.

In large organizations, as soon as the event management team detects cyber crime, which is responsible for monitoring and detection of safety event on computer or computer networks, initial event management processes are followed. This is an internal process. It has the following stages: 1. Preparation: The organization prepares guidelines for the event response and the event reaction assigns roles and responsibilities to the team. Most large organizations earn reputation in the market and any negative emotion can negatively affect the feelings of shareholders. Therefore, effective communication is required to declare the event. Therefore, it is important to specify roles based on the skill-set of a member. 2. Identification: Depending on the symptoms, the event response team verification whether an event actually occurred. One of the most common processes to verify the event is to check the log. Once the incident is confirmed to occur, the impact of the attack is to be assessed. 3. Prevention: Based on feedback received from the evaluation team, future proceedings are planned to react to the incident at this stage. 4. Abolition: In this stage, the abolition or mitigation of the cause of the danger is planned and implemented. 5. Recovery: This is the process of returning to normal operations after the abolition of the problem. 6. Learning: If a new type of event is encountered, it is documented so that this knowledge can be used to deal with such situations in future.

The second phase of the process is a forensic investigation to find evidence of crime, mostly done by third party companies. Computer Forensic Investigation includes the following stages: 1. Identify the event and evidence: This is the first step to a system administrator where he attempts to gather more information about the incident as much as possible. Based on this information, the scope and seriousness of the attack are assessed. Once the proof of the attack is found, its backup is taken for the purpose of the investigation. Forensic investigation is never done on the original machine but is done on the replaced data from backup. 2. Collect and preserve evidence: Various devices like Helix, Winhex, FKT imagers etc. are used to collect data. Once the data is received backup, evidence and backup are taken to them. To check the integrity of the data, the MD5 (message digest) of the backup is calculated and matched with the original. Other important sources of information such as the system log, network information, infiltration identification system (IDS) log, port and procedure information are also collected. 3. Investigation: The image of the disc is restored from the backup and log, system files, removed and updated files, CPU use and process log, temporary files, passwords protected and encrypted files, images, videos and data files for potential stegriographic messages etc. are investigated. 4. Summary and presentation: The summary of the incident is presented in the chronological order. Conclusions are drawn on the basis of investigation and the possible cause is explained.

Rules and procedures should be implemented while conducting digital forensic examination. Especially while collecting evidence. It should be ensured that there is no change in evidence from actions to collect data. The integrity of data should be maintained. It should be ensured that the equipment used to backup is free from contamination.

In addition, all activities related to seizure, access, storage or transfer of digital evidence should be fully documented, preserved and available for review. Prevention is always better than treatment. To avoid praying to the hacker, it is always recommended to fix its infiltration system such as firewalls and sometimes conduct admission tests on your network. Last but important, report crime.

Why should we report cyber crime: Some companies do not report the incident of cyber crime as they fear that this will harm their reputation among shareholders. Some data are very sensitive and its disclosure can negatively affect their business. However, the fact is that cyber criminals will never be caught by law enforcement agencies until the incident of cyber crime is reported. This will make the conditions worse and criminals will be encouraged to repeat such incidents with the same or other organizations. Therefore, it is very important to identify them and prosecute them. This will not only help in identifying the current threats for the economy and infrastructure but will also help in identifying new threats. Depending on the scope of cyber crime, cyber crime should be reported to international institutions like cyber cell, state cyber cell, CBI, IBs like Cyber ​​Cell, State Cyber ​​Cell, IB, or international institutions like Interpol.

1. Assam Address: CID Headquarters, DISP, Assam Police Contact Description: Phone: +91-252-618, +91 9435045242
2. Haryana Address: Cyber ​​Crime and Technical Investigation Cell, Police Joint Commissioner, Old SPOFIS Complex, Civil Lines, Gurgaon E-Mail: jtcp.Gn@hry.nic.in
3. Mumbai Address: Cyber ​​Crime Inquiry Sale, Police Commissioner Office, Annex-3 Building, First Manzil, near Cronford Market, Mumbai-01 Contact Description: +91-22-22630829, +91-22-22-22- 22641261 Web site: http://www.cyberycellmumbai.com E-Male ID: officer@cybercellmumbai.com
4. Thane Address: Third floor, Police Commissioner Office, near Court Naka, Thane West, Thane 400601. Contact Description: +91-22-25424444 web site: www.thanpolice.org e-mail: Police@
5. Chennai Address: Assistant Commissioner of Police, Cyber ​​Crime Cell, Veperi, Chennai 7 Contact Description: 04423452348, 04423452350 E-mail ID: Cybercrimechn@yahoo.com for the remaining Tamil Nadu, address: A-Ving, Third Manzil, Rajaji Bhavan, Basant Nagar, Chennai-600090 Contact Description: 044-24461959, 24468889, 24463888 e-mail ID: Hobeochn@cbi.gov.in
6. Address Bangalore (for the whole of Karnataka): Cyber ​​Crime Police Station, COD Headquarters, Carlton House, # 1, Palace Road, Bangalore-560 001 Contact details: +91-80-2220, 1026, +91-80-80-2238 7611 (Fax) Web Site: http://www.cyberpolicebangalore.nic.in email-id: ccps@blr.vsnl.net.in, ccps@kar.nic.in
7. Hyderabad Address: Cyber ​​Crime Police Station, Crime Investigation Department, Third Manzil, DGP Office, Lakdikapul, Hyderabad-500004 Contact Description: +91-40-2324 0663, +91-40- 2785 2274, +91-40-2785 2040, +91-40-2785 2040, +91-21-21-217474 (FAX) website: http://www.cidap.gov.in/cybercrimes.aspx
8. Delhi CBI Cyber ​​Crime Sale: Superintendent of Police, Cyber ​​Crime Inquiry Sale, Central Bureau, 5th Floor, Block No. 3, CGO Complex, Lodhi Road, New Delhi-3 Contact Description: +91-11-4362203, 011-4362203, 011- 268519998 011-2651515229, +91-11-4392424 Web Site: http://cbi.nic.in Assistant Commissioner of Police, Cyber ​​Crime Cell, EOW, Crime Branch, Second Manzil, Police Training School, Malviya Nagar, New Delhi-110 017 Email: Cibiccic@bol.Net.in, DCP- Eowdl@nic.in
9. Pune Address: Deputy Commissioner of Police (Crime), Commissioner Office, 2, Sadhu Vaswani Road, Camp, Pune 411001 Contact details: +91-20-26123346, +91-20-20-20-20-20-20-27277 +91-20-2616 5396, +91-2612 8105 (Fax) E-mail: crimecomp.pune@nic.in, punepolice@vsnl.com
10. Himachal Pradesh Address: CID Office, Dy.SP, Himachal Pradesh Contact Description: +91-94180 39449 E-Mail: Soodbrijesh9@gmail.com
11. Gujarat DIG, CID, Crime and Railways. Fifth floor, Police Building Sector 18, Gandhinagar 382 018 Contact details: +91-79-2325 4384, +91-79- 2325 0798, +91-79-2325 3917 (Fax)
12. Jharkhand Address: IG-CID, Organized Crime, Rajrani Building, Dornda Ranchi-834002 Contact Description :: +91-651-2400 737, +91- 651-2400 738
13. Kerala Address: Hi-Tech Cell, Police Headquarters, Thiruvananthapuram Contact Description: +91-471 272 1547, +91-471 272 2768 e-mail: Hitechcell@keralapolice.gov.in
14. Jammu Address: SSP-Crime, CPO Complex, Panjatirthi, Jammu-180004 Contact Description: +91-191-257-8901 E-mail: sspcrmjmu- jk@nic.in
15. Orissa Address: CID, Crime Branch, Orissa Contact Description: +91 94374 50370 E-mail: splcidcb.orpol@nic.in
16. Punjab Address: Cybercrime Police Station, DSP Cyber ​​Crime, SAS Nagar, Patiala, Punjab Contact Description: +91 172 2748 100
17. Bihar Address: Cyber ​​Crime Investigation Unit, Di.SPCotwali Police Station, Patna Contact Description: +91 94318 18398 E-mail: cciu-bih@nic.in
18. West Bengal Address: CID, Cyber ​​Crime, West Bengal Contact Description: +9133 24506163 E-mail: Occyber@cidwestbengal.gov.in
19. Uttar Pradesh Address: Cyber ​​Grievance Redressal Cell, Nodal Officer Cyber ​​Cell Agra, Agra Range 7, Kachheri Road, Baluganj, Agra-232001, Uttar Pradesh Contact Description: +919410837559 E-Mail: Info@cybercellagra.com
20. Uttarakhand Address: Special Work Force Office Police Sub Inspector, Dehradun contact details: +91 135 264098, +91 94123 70272 e-mail: DGC-POLICE-HUMNIC.IN PC CHECK