File Copyright Online - File mutual Divorce in Delhi - Online Legal Advice - Lawyers in India

Cyber Crime Investigation And Digital Forensics

The advancement of technology has made man dependent on internet for all his needs. Internet has given man access to everything while sitting at one place. Social networking, online shopping, online studying, online jobs, every possible things that Man can think of can be done through the medium of internet.

Using the computers for our day-to-day transactions is quite common now a days. For example, we pay our life insurance premium, electricity bills, reserve flight or train or bus tickets, order book or any other product online using personal computer, smart phones, public browsing centers etc.

The number of users doing online transactions are growing rapidly ever since, because of the convenience it gives to the user to transact business without being physically present in the area where the transaction happens. Criminals committing cybercrime are also growing day-by-day with the increased number of users doing online transactions.

Ever since the creation of the Internet, people have been finding ways to conduct illegal activities using it as a tool.

Online exploitation and abuse of girls and boys; the black cyber markets for the purchase and sale of illicit drugs and firearms; ransomware attacks and human traffickers making use of social networks to attract victims. The unprecedented scope of cybercrime - crossing borders in our homes, schools, businesses, hospitals and other vital service providers - only amplifies the threats.

Motive behind the commission of cyber crime
Most cybercrime is committed by cybercriminals or hackers who want to make money. However, occasionally cybercrime aims to damage computers or networks for reasons other than profit. These could be political or personal.

How cyber crime is different from the other crimes

The cyber crime is different from any other crime happening in the society. The reason being, it has no geographical boundaries and the cyber criminals are unknown.

Definition of cyber crime
Although it is universally agreed that cybercrime exists, there is no universal definition of what it means but still we can say that

Cyber crime is a criminal activity that uses a computer to target the computer or it maybe defined as a crime where a computer is the object of the crime and is used as a tool to commit an offense.
  • Cybercrimes fall under State subjects as per the Seventh Schedule of the Constitution of India.

Types of cyber crime
Cyber crime can be basically divided into three major categories:
  1. Cyber crimes against persons- like harassment occur in cyberspace or through the use of cyberspace. Harassment can be sexual, racial, religious, or other.
  2. Cyber crimes against property- like computer wreckage (destruction of others' property), transmission of harmful programs, unauthorized trespassing, unauthorized possession of computer information.
  3. Cyber crimes against government -like Cyber terrorism

Below are the Few examples of cybercrimes:
  • Distributed Denial-of-Service (DDoS) Attacks: These are used to make an online service unavailable and take the network down by overwhelming the site with traffic from a variety of sources.
  • Botnets: Botnets are networks from compromised computers that are controlled externally by remote hackers. The remote hackers then send spam or attack other computers through these botnets.
  • Identity Theft: This cybercrime occurs when a criminal gains access to a user's personal information or confidential information and then tries to tarnish reputation or seek a ransom.
  • Cyberstalking: This kind of cybercrime involves online harassment where the user is subjected to a plethora of online messages and emails. Typically, cyberstalkers use social media, websites, and search engines to intimidate a user and instill fear.
  • Phishing: It is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
Analysis Of Cybercrimes In India:
India is the second largest online market in the world with over 560 million internet users, Ranked only behind China. And it is estimated that by 2023, there would be over 650 million internet users in the country. According to the latest national crime records bureau NCRB data, a total of 27, 248 cases of cybercrime were registered in India in 2018.

In Telangana, 1205 cyber crime cases where registered in the same year. According to FBIs report, India stands third among top 20 cybercrime victim. The national cyber crime reporting portal ( which was started last year by the central government received 33,152 complaints till now resulting in lodging of 790 FIRs.

Total number of cyber crimes reported in India from 2012-2020

The above table clearly shows the increasing number of cybercrimes cases in India..

How to file a cyber crime complaint
By following below-mentioned steps, one can report a cyber-crime online:
Step 1: Go to

Step 2: Click on 'Report Other Cyber Crimes' on the menu.

Step 3: Create 'Citizen login'.

Step 4: Click on 'File a Complaint'.

Step 4: Read the conditions and accept them.

Step 5: Register your mobile number and fill in your name and State.

Step 6: Fill in the relevant details about the offence.

What is Cybercrime Investigation?
Investigation of a Cybercrime is process consisting of investigating, analysing, and recovering forensic data for digital evidence of a crime. It involves the use of specialized tools and techniques to investigate various types of cyber crimes, such as hacking, phishing, malware, data breaches, and identity theft.

Examples of evidence in a cyber crime investigation include a computer, cell phone, automobile navigation system, video game console, or other networked device found at the scene of a crime. This evidence helps cyber crime investigators determine the perpetrators of a cyber crime and their intent.

The investigation process is conducted by cyber crime investigators, who are responsible for conducting thorough and accurate investigations, preserving evidence, and collaborating with law enforcement agencies to bring cybercriminals to justice. Cybercrime investigation is essential for businesses and individuals to protect against the growing threat of cybercrime, and to ensure that justice is served for victims of cybercrime.

Cybercrime investigation is a complex and constantly evolving field, as new threats and technologies emerge. As a result, investigators must stay up-to-date with the latest techniques and tools in order to effectively investigate and mitigate cyber crimes.

For conducting cyber-crime investigation, certain special skills and scientific tools are required without which the investigation is not possible. Investigating a crime scene is not an easy job. It requires years of study to learn how to deal with hard cases, and most importantly, get those cases resolved.

Cyber Crime Investigation Techniques
While techniques may vary depending on the type of cybercrime being investigated, as well as who is running the investigation, Activities that a computer crime investigator performs include recovering file systems of hacked computers, acquiring data that can be used as evidence to prosecute crimes, writing reports for use in legal proceedings, and testifying in court hearings.

Cyber crime investigation techniques include:
  • Performing background checks:
    Establishing the when, where, and who of a crime sets the stage for an investigation. This technique uses public and private records and databases to find out the backgrounds of individuals potentially involved in a crime.
  • Gathering information:
    One of the most important things any cybersecurity researcher must do is grab as much information as possible about the incident.

    Was it an automated attack, or a human-based targeted crime? Was there any open opportunity for this attack to happen? What is the scope and impact? Can this attack be performed by anyone, or by certain people with specific skills? Who are the potential suspects? What digital crimes were committed? Where can the evidence be found? Do we have access to such evidence sources?

    This technique is one of the most critical in cyber crime investigations. Here, investigators ask questions such as: What evidence can be found? What level of access to sources do we have to gather the evidence? The answers to these and other questions provide the foundation for a successful investigation.
  • Running digital forensics:
    Cyber crime investigators use their digital and technology skills to conduct forensics, which involves the use of technology and scientific methods to collect, preserve, and analyze evidence throughout an investigation. Forensic data can be used to support evidence or confirm a suspect's involvement in a crime.

    Once researchers have collected enough data about the cybercrime, it's time to examine the digital systems that were affected, or those supposed to be involved in the origin of the attack. This process involves analyzing network connection raw data, hard drives, file systems, caching devices, RAM memory and more. Once the forensic work starts, the involved researcher will follow up on all the involved trails looking for fingerprints in system files, network and service logs, emails, web-browsing history, etc.
  • Tracking the authors of a cyber crime:
    With information about a crime in hand, cyber crime investigators work with internet service providers and telecommunications and network companies to see which websites and protocols were used in the crime. This technique is also useful for monitoring future activities through digital surveillance. Investigators must seek permission to conduct these types of activities through court orders.

Cybercrime Investigation Tools
Cybercrime investigation requires the use of specialized tools and software to collect, preserve, and analyse digital evidence. These tools can be used to identify suspects, track their activities, and gather evidence to build a case against them.

Here are some of the most common cybercrime investigation tools used by investigators:
  1. Digital Forensics Software:It is used to recover deleted files, analyze metadata, and examine network traffic logs. Popular digital forensics software includes tools like EnCase, FTK, and Autopsy. Digital forensics helps investigators piece together evidence and determine the timeline of events in a crime. It is mainly made up of network forensics and memory/disk analysis. By analyzing information found on disks and through networks, investigators can learn about other potential conspirators in the crime. This could help them track down these individuals and stop them before another crime is committed.
  2. Network Analysis Tools They are used to monitor network traffic, identify suspicious activity, and track the flow of data. Network analysis tools include tools like Wireshark, tcpdump, and Netscout.
  3. Malware Analysis Tools They are used to analyze and reverse engineer malware to understand its behavior and identify its source. Malware analysis tools include IDA Pro, OllyDbg, and Binary Ninja.
  4. Password Recovery Tools They are used to recover passwords from encrypted files, databases, or other sources of digital evidence. Password recovery tools include tools like Cain and Abel, John the Ripper, and Hashcat.
  5. Social Media Analysis Tools They are used to track suspects' activities and gather evidence from social media platforms. Social media analysis tools include tools like Hootsuite, Followerwonk, and Mention.

Above are the few examples of the many cybercrime investigation tools available to investigators. It's important for investigators to have a deep understanding of these tools, as well as knowledge of the latest trends and techniques in cybercrime investigation.

By using these tools effectively, investigators can help to identify and prosecute cyber criminals and protect individuals and organizations from the growing threat of cybercrime.

Cyber Crime Investigation Training:
Cybercrime investigation is a complex and rapidly-evolving field that requires specialized training and expertise. There are a variety of training programs available to individuals interested in pursuing a career in cybercrime investigation.
  • Law enforcement agencies often offer specialized training programs for cybercrime investigation. These programs can provide investigators with the knowledge and skills they need to identify and investigate cyber crimes, as well as the legal and regulatory requirements for handling digital evidence.
  • Industry certifications are also available in cyber crime investigation, such as the Certified Cyber Crime Investigator (CCCI) or the Certified Computer Examiner (CCE). These certifications can demonstrate an investigator's expertise and help them stand out in a competitive job market.
  • Many colleges and universities offer degree programs in cyber security, digital forensics, or other related fields. These programs can provide students with a strong foundation in cyber crime investigation, as well as the technical and analytical skills needed to succeed in this field.
  • Private companies and organizations also offer training programs in cybercrime investigation. These programs can provide specialized training in areas such as digital forensics, network analysis, or malware analysis.
It's essential for individuals interested in pursuing a career in cyber crime investigation to seek out training programs that align with their career goals and interests. By investing in specialized training and education, individuals can develop the skills and knowledge needed to succeed in this exciting and important field.

Cybercrime investigators must be experts in computer science, understanding not only software, file systems and operating systems, but also how networks and hardware work. They must be knowledgeable enough to determine how the interactions between these components occur, to get a full picture of what happened, why it happened, when it happened, who performed the cybercrime itself, and how victims can protect themselves in the future against these types of cyber threats.

Crime Scene Investigation: Search and Seizure
The sequences of steps for digital crime scene investigations are:
  • Identifying and securing the crime scene- Obtain IP Address, Locating the IP address of the suspect, and Gaining access to the IP address, through the Internet service provider by way of either a warrant, subpoena, or court order;
On identifying the internet Service Provider (ISP) (i.e. the IP Network provider), contact the provider's management, (In some countries, this is done through the Police); to request to be able to gain access to the call detail records (CDRs), through the allotted IP address used by the suspect(s) - The Internet Service Provider (ISP) may cooperate fully, or you may need to obtain a subpoena, warrant, or court order, for this purpose.

(NOTE that ISPs have records of everything a subscriber does on the Internet!
  • Procedure for gathering evidences from Switched-off Systems
  • Procedure for gathering evidence from live systems
  • Forensic duplication
  • Conducting interviews
  • Labeling and documenting of the evidence
  • Packaging and transportation of the evidence
  • Panchanama (Seizure Memo) and Seizure Proceedings T - The legal provisions empowering the IOs to conduct search and seizure are provided under Section 165 Cr PC and Section 80 of the ITAA 2008
  • Make sure one of the technical people from the responder side along with two independent witnesses is part of the search and seizure proceedings, to identify the equipment correctly and to guide the IO and witnesses
  • Please refer to the notes made during the pre-investigation assessment for cross verifying and correctly documenting the technical information regarding equipment, networks, and other communication equipment at the scene of crime
  • Time Zone/System Time play a very critical role in the entire investigation. Please make sure this information is noted carefully in the panchanama, from the systems that are in Switched on condition
  • Please don't switch ON any device
  • Make sure a serial number is allotted for each device, and the same should be duly noted not only in the panchanama but also in the Chain of Custody and Digital Evidence Collection forms
  • Make sure each device is photographed before starting the investigation process at their original place along with respective reference like cubicle number or name room surroundings, etc
  • Make sure to photograph the Hard Disk Drive or any other internal part along with the system, once removed from the system
  • If possible, please paste the serial number along with PF number/Crime number/section of law
  • Capture the information about the system and data you are searching and seizing in the panchanama
  • Brief the witnesses regarding the tools used to perform search and seizure of the digital evidence
  • Make sure that the panchas have some knowledge and ability to identify various digital devices
  • Document the Chain of Custody and Digital Evidence Collection forms explained below, apart from your regular panchanama as a Best practice, for digital evidences
  • Please make sure all the details mentioned in the forms are completely filled

This chart shows the process of cyber crime investigation in India.

Chain of custody
Chain of custody refers to the documentation that shows the people who have been entrusted with the evidence. These would be people who have seized the equipment, people who are in charge of transferring the evidence from the crime scene to the forensic labs, people in charge of analyzing the evidence, and so on.

Once the evidence is collected and every time the evidence is transferred, it should be documented and no one else other than the person entrusted with the exhibit shall have access to the evidence.

We are living in a digital age and cyberspace is not limited to one's boundaries, rather it covers an entire world. As a result cybercrime is increasing day by day in all the countries including India. The biggest challenge relates to cybercrime being its dynamic nature because of the ongoing evolution of digital technology. As a result new cybercrime methods and techniques come into practice.

Therefore cybercrime should be given as much importance as other crime happening in our society be it theft, rape, murder etc

Interesting facts:
  • In 2018, a study by Center for Strategic and International Studies (CSIS), in partnership with McAfee, a leading cybersecurity firm concludes that close to $600 billion, nearly one percent of global GDP, is lost to cybercrime each year.
  • In 1995, Sussman and Heuston were the first to coin the phrase cyber-crime.
  • The first person to be found guilty of cybercrime was Lan Murphy, also known as Captain Zap,and that happened in the year 1981.He had hacked the American telephone company to manipulate its internal clock, so that users could still make free calls at peak times.
  • Aggarwal, Gifty (2015), General Awareness on Cyber Crime. International Journal of Advanced Research in Computer Science and Software Engineering. Vol 5, Issue 8
  • survey/articleshow/75093578.cms

Law Article in India

Ask A Lawyers

You May Like

Legal Question & Answers

Lawyers in India - Search By City

Copyright Filing
Online Copyright Registration


How To File For Mutual Divorce In Delhi


How To File For Mutual Divorce In Delhi Mutual Consent Divorce is the Simplest Way to Obtain a D...

Increased Age For Girls Marriage


It is hoped that the Prohibition of Child Marriage (Amendment) Bill, 2021, which intends to inc...

Facade of Social Media


One may very easily get absorbed in the lives of others as one scrolls through a Facebook news ...

Section 482 CrPc - Quashing Of FIR: Guid...


The Inherent power under Section 482 in The Code Of Criminal Procedure, 1973 (37th Chapter of t...

The Uniform Civil Code (UCC) in India: A...


The Uniform Civil Code (UCC) is a concept that proposes the unification of personal laws across...

Role Of Artificial Intelligence In Legal...


Artificial intelligence (AI) is revolutionizing various sectors of the economy, and the legal i...

Lawyers Registration
Lawyers Membership - Get Clients Online

File caveat In Supreme Court Instantly