The Cybercrime has no physical boundaries. The criminals seeking information stored in computers with dial-in-access can access the information virtually from anywhere. The quantity of data that can be stolen or the level and amount of damage that can be caused by malicious programming code may be limited only by the speed of the network and the criminal’s equipment.
- Advance Planning for Search:
The plan should include following:
The place where the Investigating Officer is required to carry out search;·
List of computer or computer networks or any other electronic memory devices that are suspected to be found;·
Mostly, a forensic team accompany them in that search, but when it is not possible information may be collected about the type, make, model, operating system, network architecture, type and location of data storage, remote access possibilities etc., which may be passed on to Forensic. Experts as that might help making necessary preparation to gather and preserve evidence.·
The Investigator or expert must carry necessary media, software, and other specialized items, also some special packing materials which can prevent loss of data as that can be destroyed by dust, jerks and electrostatic environment.·
- Precautions at the search location
Taking control of the Location: The IO must ensure that suspect or an accused do not touch any part of the computer or accessory attached to it either physically or through wireless means. The Investigator needs to be extremely alert and may seek guidance from an expert and take steps as per their instructions. This should be paid attention that individuals present at the site of the search are separated from their·
computers and all devices must be kept out of their reach. The information in a computer network need not be stored at the same site. The data could reside at a foreign location even in a different country. Therefore, it may be important to find out the location of storage and take action accordingly. If in case, storage of data is suspected to be located outside the country, it will be necessary to alert the
Interpol and take necessary steps to issue letters under Section 166A of Code of Criminal Procedure. Before starting the search, the Investigator needs to decide whether to seize data on site, or seize hardware for examination at a Computer Forensic Laboratory. When there is any doubt, a Computer Forensics Specialist at the scene is used, to determine whether they need to seize data or seize hardware, if a specialist is not available, then they have to seize everything.
Networked Computers: The computer must not be disconnected if networks or mainframes are involved, disconnecting a computer from a network may damage the network, and cause harm to the data. It is generally not suggested to seize a mainframe because it requires disconnecting all the computers attached to it. Hardware seizure with computers on a network can be very complicated. They are required to take the help of a Computer Forensics Specialist in these cases.·
iii. Preparation for the Search
The Investigators must carry the following items with them that will facilitate the search:
Disks or Cartridges: To store copies of files from the computer.·
Labels: to label cables, where they plug in, disks, various parts of the computer and to write or protect disks.·
Screwdrivers and other tools: To dismantle the hardware for seizure.·
Gloves: To take latent prints from disks or other storage media or hardware.·
Packing materials: Rubber bands, tape, boxes, bubble wrap, anti-static wrap or paper bags.·
Camera equipment: to videotape and photograph the place of investigation.·
Custody report sheets and other paper to make a list of seized evidence.·
- Steps for the Search:
Labelling· & Photographing the Set-up: IO is supposed to take some general photographs of the search place to document its pre-search condition for legal purposes, and to provide it as a reference during investigation. This documentation may prove essential when the system will be re-connected in the Forensic Laboratory. The IO should make sure to get close-ups of the front and back of all equipment and the way it is connected. He should pay special attention to DIP switches on the rear of certain equipments that must be in a certain configuration. These switch settings could accidentally move in transport that might create problems for the examiner.
Labelling all Parts: The IO is supposed to label each part before he starts dismantling any of the equipment. All the connectors and plugs at both ends, the computer are supposed to be labelled so that re-assembly is easy and accurate.·
- Power System Down: If a computer is off, it should not be turned on. Hackers can make those computers erase data if a particular disk is not in the drive when the machine is booted up or if a particular password is not entered. One should check before turning off, if it is on, otherwise it may destroy data. The IO needs to shut the machine down through the operating system rather than just pulling the plug or he can instead disconnect it from the back of the machine, this is because if the machine is plugged into a back-up power supply it may initiate a shutdown process that could destroy files.
- Dismantle the System: The system can be dismantled into separate components for transportation, once it is labeled and powered down. If a computer is at a business location and a part of a network, then a proper procedure should be followed to properly disconnect the computer from the network.
- Seize Documentation:All manuals for the computer, its peripheral devices, and especially the software and operating system are seized. The examiners at the Forensic Laboratory need to refer to the manual to know the kind of hardware and its technicalities. Other documents like notes, passwords, and journals are also seized. Sticky notes, or other pieces of paper around the computer that may have passwords or login
ID’s written on them, are also supposed to be seized.These are the techniques to search and seizer in investigation of cyber crime. Application of these techniques of search and seizer can make the investigation effective.
The word ‘forensic’ can be understood as, the application of scientific methods and techniques in the investigation of crime. It provides a new and different way to the investigator for investigating the crime by using modern technique. Use of forensic tools is important to make the investigation in technical crimes. The criminals these days are using modern techniques to commit crimes. Therefore, Forensic Science offers a useful way to trace the truth. This technology is very useful in the traditional offences also, because it has invented and discovered various things, which can be used to know the truth behind the incident, act or crime.
- Computer Forensics
Computer forensics is the study of computer technology. Computer forensics is the science of applying computer science to aid the legal process. It is more than the technological, systematic inspection of the computer system. Computer forensics requires expertise and tools that goes beyond the traditional data collection and preservation techniques available to end-users or system support personnel. Computer Forensics is just the appliance of computer investigation and analysis techniques within the interests of determining potential legal evidence.