Topic: - Digital evidence and computer crime

The first Electronic Integrator and computer (ENICAC) was switched on over 60 year
ago.
Beneficial contribution of new technologies are usually the first to be noticed, negative
ramification become apparent only much later

What is Cyber Crime & Computer crime?

The Encyclopedia Britannica defines Cyber crime as any crime that is committed by
means of special knowledge or expert use of computer technology.
Computer crime, or cybercrime, refers to any crime that involves a computer and
a network, where the computers may or may not have played an instrumental part in the
commission of a crime.
Net crime refers, more precisely, to criminal exploitation of the Internet

Computer crime encompasses a broad range of potentially illegal activities, it may be divided
into one of two types of categories.
1) crimes that target computer networks or devices directly

Computer viruses

Denial-of-service attacks

Malware
2) Crimes facilitated by computer networks or devices, the primary target of which is
independent of the computer network or device.
Drug trafficking
Fraud
Obscene or offensive content
Cyber Crimes differ from most terrestrial crimes in four ways:
1.
2.
3.
4.

They are easy to learn how to commit.

They require few resources relative to the potential damage caused.
They can be committed in a jurisdiction without being physically present in it.
They are often not clearly illegal.

Digital evidence or electronic evidence is any probative information stored or transmitted

in digital form that a party to a court case may use at trial.
A computer can be a source of evidence. Even though the computer is not directly used for
criminal purposes, it is an excellent device for record keeping, particularly given the power to
encrypt the data. If this evidence can be obtained and decrypted, it can be of great value to
criminal investigators

The use of digital evidence has increased in the past few decades as courts have allowed the use
of e-mails, digital photographs, ATM transaction logs, word processing documents, instant
message histories,
files
saved
from accounting programs, spreadsheets, internet
browser histories, databases, the contents of computer memory, computer backups,
computer printouts, Global Positioning System tracks, logs from a hotels electronic door locks,
and digital video or audio files
Digital evidence encompasses any and all digital data that can establish that a crime has been
committed or can provide a link between a crime and its victim or a crime and its perpetrator
Intrusion Detection Systems are a great source of digital evidence.
There are two types of Intrusion Detection Systems
1. Host-Based:- Host-based intrusion detection architecture, the system is used to analyze
data that originates on computers (hosts). Host-based systems examine events like what
files are accessed and what applications are executed. Logs are used to gather this event
data.
2. Network-Based:- In the network-based intrusion detection architecture, the system is
used to analyze network packets, This architecture consists of sensors deployed
throughout a network
If the investigation of an offence leads to a court case, the forensic specialist needs to be in a
position to explain how and why tools like these are used. In any case, he/she must be prepared
to vouch for and possibly to demonstrate the integrity of all these aspects of investigation:
1. Collection: to describe processes by which the evidence was gathered, showing that the
collection process does not alter it;
2. Chain of evidence: to show that the evidence remained uncontaminated after it was
gathered, and during analysis;
3. Authentication: to show the evidence is unaltered in any way from its state on the original
computer, typically with file signatures;
4. Recovery: to explain how deleted files and file fragments are recovered, what the system
logs, swap files and temporary files contain, and how the perpetrators actions can be
inferred from these;
5. Verifiability: to confirm that these inferences are standard, and can be confirmed by an
independent third party analysis
The nature of digital evidence
Evidence is what distinguishes a hypothesis from a groundless assertion. Evidence can confirm
or disprove a hypothesis, so evidence reliability and integrity is the key to its admissibility and
weight in a court of law. There are several special characteristics of digital or computer evidence,

and of the computer systems and proprietary and public networks involve, that make evidence
interpretation especially challenging:
1. Too many potential suspects: With traditional offences, the offending act or event is
usually manifestedthere is a corpse, a theft or at least a complaint to work with.
Usually, as well, there is a starter list of potential suspects: Who knew the victim? Who
had physical access to the scene? Who had a motive?
2. Identifying the crime: In computer crime and in computer-related or evidenced crime,
the nature of the event is often less obvious and immediate. For example, when a hacker
steals confidential information, victims may not find out what has been stolen unless
informed by the system administrators, who in turn may not notice until long after the
hacker has gone. Identity theft, described as the fastest-growing financial crime in
America and perhaps the fastest-growing crime of any kind in our society, may take
years to be exposed.
3. The evidence is easily contaminated: Traditionally, evidence at the scene is sent for
independent forensic laboratory testing while investigators pursue their enquiries
elsewhere until the results come back. But in computer forensics, all investigatory
aspectsnaming the crime, identifying the perpetrator, following the evidence trail, and
constructing the modus operandiuse the same digital analysis techniques. Hence,
computer forensic handling is especially vulnerable to errors. Just as blood samples or
fingerprints can be contaminated at the scene, digital evidence can be damaged during
collection unless strict procedures are followed. Rebooting a system, for example,
immediately changes the system state and destroys possible traces.
Cyber Laws & their roles
It seems very difficult to make only territorial laws applicable to online activities that have no
relevant or even determinable geographic location
To meet the challenges posed by new kinds of crime possible by computer technology, many
countries have also reviewed their respective domestic criminal laws so as to prevent computer
related crimes.
In India, Information Technology Bill (2000) came into focus for regulating cyber world.

REFERENCES
1. Computer and instruction forensic , George Mohay, Alison Anderson, Byron Collie,
Olivier de Vel, Rodney, Mc Kemmish.
2. Cyber crime Investigation , Anthony Rays

Atul yadav