The advancement of technology has made man dependent on internet for all his
needs. Internet has given man access to everything while sitting at one place.
Social networking, online shopping, online studying, online jobs, every possible
things that Man can think of can be done through the medium of internet.
Using the computers for our day-to-day transactions is quite common now a days.
For example, we pay our life insurance premium, electricity bills, reserve
flight or train or bus tickets, order book or any other product online using
personal computer, smart phones, public browsing centers etc.
The number of
users doing online transactions are growing rapidly ever since, because of the
convenience it gives to the user to transact business without being physically
present in the area where the transaction happens. Criminals committing cybercrime are also growing day-by-day with the increased number of users doing
Ever since the creation of the Internet, people have been finding ways to
conduct illegal activities using it as a tool.
Online exploitation and abuse of girls and boys; the black cyber markets for the
purchase and sale of illicit drugs and firearms; ransomware attacks and human
traffickers making use of social networks to attract victims. The unprecedented
scope of cybercrime - crossing borders in our homes, schools, businesses,
hospitals and other vital service providers - only amplifies the threats.
Motive behind the commission of cyber crime
Most cybercrime is committed by cybercriminals or hackers who want to make
money. However, occasionally cybercrime aims to damage computers or networks for
reasons other than profit. These could be political or personal.
How cyber crime is different from the other crimes
The cyber crime is different from any other crime happening in the society. The
reason being, it has no geographical boundaries and the cyber criminals are
Definition of cyber crime
Although it is universally agreed that cybercrime exists, there is no universal
definition of what it means but still we can say that
Cyber crime is a criminal activity that uses a computer to target the computer
or it maybe defined as a crime where a computer is the object of the crime and
is used as a tool to commit an offense.
Types of cyber crime
Cyber crime can be basically divided into three major categories:
- Cybercrimes fall under State subjects as per the Seventh Schedule of the
Constitution of India.
Below are the Few examples of cybercrimes:
- Cyber crimes against persons- like harassment occur in cyberspace or
through the use of cyberspace. Harassment can be sexual, racial, religious,
- Cyber crimes against property- like computer wreckage (destruction of
others' property), transmission of harmful programs, unauthorized
trespassing, unauthorized possession of computer information.
- Cyber crimes against government -like Cyber terrorism
Analysis Of Cybercrimes In India:
- Distributed Denial-of-Service (DDoS) Attacks: These are used to make an online service unavailable and take the network down by overwhelming the site with traffic from a variety of sources.
- Botnets: Botnets are networks from compromised computers that are controlled externally by remote hackers. The remote hackers then send spam or attack other computers through these botnets.
- Identity Theft: This cybercrime occurs when a criminal gains access to a user's personal information or confidential information and then tries to tarnish reputation or seek a ransom.
- Cyberstalking: This kind of cybercrime involves online harassment where the user is subjected to a plethora of online messages and emails. Typically, cyberstalkers use social media, websites, and search engines to intimidate a user and instill fear.
- Phishing: It is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
India is the second largest online market in the world with over 560 million
internet users, Ranked only behind China. And it is estimated that by 2023,
there would be over 650 million internet users in the country. According to the
latest national crime records bureau NCRB data, a total of 27, 248 cases of
cybercrime were registered in India in 2018.
In Telangana, 1205 cyber crime cases where registered in the same year.
According to FBIs report, India stands third among top 20 cybercrime victim. The
national cyber crime reporting portal (cybercrime.gov.in) which was started last
year by the central government received 33,152 complaints till now resulting in
lodging of 790 FIRs.
Total number of cyber crimes reported in India from 2012-2020
The above table clearly shows the increasing number of cybercrimes cases in
How to file a cyber crime complaint
By following below-mentioned steps, one can report a cyber-crime online:
Step 1: Go to https://www.cybercrime.gov.in/Accept.aspx.
Step 2: Click on 'Report Other Cyber Crimes' on the menu.
Step 3: Create 'Citizen login'.
Step 4: Click on 'File a Complaint'.
Step 4: Read the conditions and accept them.
Step 5: Register your mobile number and fill in your name and State.
Step 6: Fill in the relevant details about the offence.
What is Cybercrime Investigation?
Investigation of a Cybercrime is process consisting of investigating, analysing,
and recovering forensic data for digital evidence of a crime. It involves the
use of specialized tools and techniques to investigate various types of cyber
crimes, such as hacking, phishing, malware, data breaches, and identity theft.
Examples of evidence in a cyber crime investigation include a computer, cell
phone, automobile navigation system, video game console, or other networked
device found at the scene of a crime. This evidence helps cyber crime
investigators determine the perpetrators of a cyber crime and their intent.
The investigation process is conducted by cyber crime investigators, who are
responsible for conducting thorough and accurate investigations, preserving
evidence, and collaborating with law enforcement agencies to bring
cybercriminals to justice. Cybercrime investigation is essential for businesses
and individuals to protect against the growing threat of cybercrime, and to
ensure that justice is served for victims of cybercrime.
Cybercrime investigation is a complex and constantly evolving field, as new
threats and technologies emerge. As a result, investigators must stay up-to-date
with the latest techniques and tools in order to effectively investigate and
mitigate cyber crimes.
For conducting cyber-crime investigation, certain special skills and scientific
tools are required without which the investigation is not possible.
Investigating a crime scene is not an easy job. It requires years of study to
learn how to deal with hard cases, and most importantly, get those cases
Cyber Crime Investigation Techniques
While techniques may vary depending on the type of cybercrime being
investigated, as well as who is running the investigation, Activities that a
computer crime investigator performs include recovering file systems of hacked
computers, acquiring data that can be used as evidence to prosecute crimes,
writing reports for use in legal proceedings, and testifying in court hearings.
Cyber crime investigation techniques include:
Cybercrime Investigation Tools
- Performing background checks:
Establishing the when, where, and who of a crime sets the stage for an
investigation. This technique uses public and private records and databases
to find out the backgrounds of individuals potentially involved in a crime.
- Gathering information:
One of the most important things any cybersecurity
researcher must do is grab as much information as possible about the incident.
Was it an automated attack, or a human-based targeted crime? Was there any open
opportunity for this attack to happen? What is the scope and impact? Can this
attack be performed by anyone, or by certain people with specific skills? Who
are the potential suspects? What digital crimes were committed? Where can the
evidence be found? Do we have access to such evidence sources?
This technique is one of the most critical in cyber crime investigations. Here,
investigators ask questions such as: What evidence can be found? What level of
access to sources do we have to gather the evidence? The answers to these and
other questions provide the foundation for a successful investigation.
- Running digital forensics:
Cyber crime investigators use their digital and technology skills to conduct
forensics, which involves the use of technology and scientific methods to
collect, preserve, and analyze evidence throughout an investigation.
Forensic data can be used to support evidence or confirm a suspect's
involvement in a crime.
Once researchers have collected enough data about the cybercrime, it's time to
examine the digital systems that were affected, or those supposed to be involved
in the origin of the attack. This process involves analyzing network connection
raw data, hard drives, file systems, caching devices, RAM memory and more. Once
the forensic work starts, the involved researcher will follow up on all the
involved trails looking for fingerprints in system files, network and service
logs, emails, web-browsing history, etc.
- Tracking the authors of a cyber crime:
With information about a crime in hand, cyber crime investigators work with
internet service providers and telecommunications and network companies to
see which websites and protocols were used in the crime. This technique is
also useful for monitoring future activities through digital surveillance.
Investigators must seek permission to conduct these types of activities
through court orders.
Cybercrime investigation requires the use of specialized tools and software to
collect, preserve, and analyse digital evidence. These tools can be used to
identify suspects, track their activities, and gather evidence to build a case
Here are some of the most common cybercrime investigation tools used by
Digital Forensics Software:It is used to recover deleted files, analyze metadata, and examine network traffic logs. Popular digital forensics software includes tools like EnCase, FTK, and Autopsy. Digital forensics helps investigators piece together evidence and determine the timeline of events in a crime. It is mainly made up of network forensics and memory/disk analysis. By analyzing information found on disks and through networks, investigators can learn about other potential conspirators in the crime. This could help them track down these individuals and stop them before another crime is committed.
Network Analysis Tools
They are used to monitor network traffic, identify suspicious activity, and track the flow of data. Network analysis tools include tools like Wireshark, tcpdump, and Netscout.
Malware Analysis Tools
They are used to analyze and reverse engineer malware to understand its behavior and identify its source. Malware analysis tools include IDA Pro, OllyDbg, and Binary Ninja.
Password Recovery Tools
They are used to recover passwords from encrypted files, databases, or other sources of digital evidence. Password recovery tools include tools like Cain and Abel, John the Ripper, and Hashcat.
Social Media Analysis Tools
They are used to track suspects' activities and gather evidence from social media platforms. Social media analysis tools include tools like Hootsuite, Followerwonk, and Mention.
Above are the few examples of the many cybercrime investigation tools available
to investigators. It's important for investigators to have a deep understanding
of these tools, as well as knowledge of the latest trends and techniques in
By using these tools effectively, investigators can help to identify and
prosecute cyber criminals and protect individuals and organizations from the
growing threat of cybercrime.
Cyber Crime Investigation Training:
Cybercrime investigation is a complex and rapidly-evolving field that requires specialized training and expertise. There are a variety of training programs available to individuals interested in pursuing a career in cybercrime investigation.
- Law enforcement agencies often offer specialized training programs for cybercrime investigation. These programs can provide investigators with the knowledge and skills they need to identify and investigate cyber crimes, as well as the legal and regulatory requirements for handling digital evidence.
- Industry certifications are also available in cyber crime investigation, such as the Certified Cyber Crime Investigator (CCCI) or the Certified Computer Examiner (CCE). These certifications can demonstrate an investigator's expertise and help them stand out in a competitive job market.
- Many colleges and universities offer degree programs in cyber security, digital forensics, or other related fields. These programs can provide students with a strong foundation in cyber crime investigation, as well as the technical and analytical skills needed to succeed in this field.
- Private companies and organizations also offer training programs in cybercrime investigation. These programs can provide specialized training in areas such as digital forensics, network analysis, or malware analysis.
It's essential for individuals interested in pursuing a career in cyber crime investigation to seek out training programs that align with their career goals and interests. By investing in specialized training and education, individuals can develop the skills and knowledge needed to succeed in this exciting and important field.
Cybercrime investigators must be experts in computer science, understanding not
only software, file systems and operating systems, but also how networks and
hardware work. They must be knowledgeable enough to determine how the
interactions between these components occur, to get a full picture of what
happened, why it happened, when it happened, who performed the cybercrime
itself, and how victims can protect themselves in the future against these types
of cyber threats.
Crime Scene Investigation: Search and Seizure
The sequences of steps for digital crime scene investigations are:
- Identifying and securing the crime scene- Obtain IP Address, Locating
the IP address of the suspect, and Gaining access to the IP address, through
Internet service provider by way of either a warrant, subpoena, or court order;
On identifying the internet Service Provider (ISP) (i.e. the IP Network
provider), contact the provider's management, (In some countries, this is done
through the Police); to request to be able to gain access to the call detail
records (CDRs), through the allotted IP address used by the suspect(s) - The
Internet Service Provider (ISP) may cooperate fully, or you may need to obtain a
subpoena, warrant, or court order, for this purpose.
(NOTE that ISPs have records of everything a subscriber does on the Internet!
- Procedure for gathering evidences from Switched-off Systems
- Procedure for gathering evidence from live systems
- Forensic duplication
- Conducting interviews
- Labeling and documenting of the evidence
- Packaging and transportation of the evidence
- Panchanama (Seizure Memo) and Seizure Proceedings T - The legal provisions empowering the IOs to conduct search and seizure are provided under Section 165 Cr PC and Section 80 of the ITAA 2008
- Make sure one of the technical people from the responder side along with two independent witnesses is part of the search and seizure proceedings, to identify the equipment correctly and to guide the IO and witnesses
- Please refer to the notes made during the pre-investigation assessment for cross verifying and correctly documenting the technical information regarding equipment, networks, and other communication equipment at the scene of crime
- Time Zone/System Time play a very critical role in the entire investigation. Please make sure this information is noted carefully in the panchanama, from the systems that are in Switched on condition
- Please don't switch ON any device
- Make sure a serial number is allotted for each device, and the same should be duly noted not only in the panchanama but also in the Chain of Custody and Digital Evidence Collection forms
- Make sure each device is photographed before starting the investigation process at their original place along with respective reference like cubicle number or name room surroundings, etc
- Make sure to photograph the Hard Disk Drive or any other internal part along with the system, once removed from the system
- If possible, please paste the serial number along with PF number/Crime number/section of law
- Capture the information about the system and data you are searching and seizing in the panchanama
- Brief the witnesses regarding the tools used to perform search and seizure of the digital evidence
- Make sure that the panchas have some knowledge and ability to identify various digital devices
- Document the Chain of Custody and Digital Evidence Collection forms explained below, apart from your regular panchanama as a Best practice, for digital evidences
- Please make sure all the details mentioned in the forms are completely filled
This chart shows the process of cyber crime investigation in India.
Chain of custody
Chain of custody refers to the documentation that shows the people who have been
entrusted with the evidence. These would be people who have seized the
equipment, people who are in charge of transferring the evidence from the crime
scene to the forensic labs, people in charge of analyzing the evidence, and so
Once the evidence is collected and every time the evidence is transferred, it
should be documented and no one else other than the person entrusted with the
exhibit shall have access to the evidence.
We are living in a digital age and cyberspace is not limited to one's
boundaries, rather it covers an entire world. As a result cybercrime is
increasing day by day in all the countries including India. The biggest
challenge relates to cybercrime being its dynamic nature because of the ongoing
evolution of digital technology. As a result new cybercrime methods and
techniques come into practice.
Therefore cybercrime should be given as much importance as other crime happening
in our society be it theft, rape, murder etc
- In 2018, a study by Center for Strategic and International Studies (CSIS), in
partnership with McAfee, a leading cybersecurity firm concludes that close to
$600 billion, nearly one percent of global GDP, is lost to cybercrime each year.
- In 1995, Sussman and Heuston were the first to coin the phrase cyber-crime.
- The first person to be found guilty of cybercrime was Lan Murphy, also known
as Captain Zap,and that happened in the year 1981.He had hacked the American
telephone company to manipulate its internal clock, so that users could still
make free calls at peak times.
- Aggarwal, Gifty (2015), General Awareness on Cyber Crime. International Journal of Advanced Research in Computer Science and Software Engineering. Vol 5, Issue 8
- https://economictimes.indiatimes.com/wealth/personal-finance-news/cyber-criminals-stole-rs-1-2-trillion-from-indians-in-2019 survey/articleshow/75093578.cms