UNIT IV

Digital Forensics
 Digital Forensics is defined as the process of preservation, identification, extraction, and
documentation of computer evidence which can be used by the court of law.
 It is a science of finding evidence from digital media like a computer, mobile phone, server, or network.
 It provides the forensic team with the best techniques and tools to solve complicated digital-related
cases.
 Digital Forensics helps the forensic team to analyses, inspect, identifies, and preserve the digital
evidence residing on various types of electronic devices.

Types of Digital Forensics

The types of digital forensics are:
 Disk Forensics: It deals with extracting data from storage media by searching active, modified, or
deleted files.
 Network Forensics: It is a sub-branch of digital forensics. It is related to monitoring and analysis of
computer network traffic to collect important information and legal evidence.
 Wireless Forensics: It is a division of network forensics. The main aim of wireless forensics is to
offers the tools need to collect and analyze the data from wireless network traffic.
 Database Forensics: It is a branch of digital forensics relating to the study and examination of
databases and their related metadata.
 Malware Forensics: This branch deals with the identification of malicious code, to study their
payload, viruses, worms, etc.
 Email Forensics: Deals with recovery and analysis of emails, including deleted emails, calendars, and
contacts.
 Memory Forensics: It deals with collecting data from system memory (system registers, cache, RAM)
in raw form and then carving the data from Raw dump.
 Mobile Phone Forensics: It mainly deals with the examination and analysis of mobile devices. It
helps to retrieve phone and SIM contacts, call logs, incoming, and outgoing SMS/MMS, Audio,
videos, etc.

Advantages of Digital forensics

Here, are pros/benefits of Digital forensics
 To ensure the integrity of the computer system.
 To produce evidence in the court, which can lead to the punishment of the culprit.
 It helps the companies to capture important information if their computer systems or networks are
compromised.
 Efficiently tracks down cybercriminals from anywhere in the world.
 Helps to protect the organization's money and valuable time.
 Allows to extract, process, and interpret the factual evidence, so it proves the cybercriminal action's in
the court.

Disadvantages of Digital Forensics

Here, are major cos/ drawbacks of using Digital Forensic
 Digital evidence accepted into court. However, it is must be proved that there is no tampering
 Producing electronic records and storing them is an extremely costly affair
 Legal practitioners must have extensive computer knowledge
 Need to produce authentic and convincing evidence
 If the tool used for digital forensic is not according to specified standards, then in the court of law, the
evidence can be disapproved by justice.
 Lack of technical knowledge by the investigating officer might not offer the desired result

Example Uses of Digital Forensics

In recent time, commercial organizations have used digital forensics in following a type of cases:
  Intellectual Property theft
 Industrial espionage
 Employment disputes
 Fraud investigations
 Inappropriate use of the Internet and email in the workplace
 Forgeries related matters
 Bankruptcy investigations
 Issues concern with the regulatory compliance

Historical Background of Digital Forensics

Here, are important landmarks from the history of Digital Forensics:
 Hans Gross (1847 -1915): First use of scientific study to head criminal investigations
 FBI (1932): Set up a lab to offer forensics services to all field agents and other law authorities across
the USA.
 In 1978 the first computer crime was recognized in the Florida Computer Crime Act.
 Francis Galton (1982 - 1911): Conducted first recorded study of fingerprints
 In 1992, the term Computer Forensics was used in academic literature.
 1995 International Organization on Computer Evidence (IOCE) was formed.
 In 2000, the First FBI Regional Computer Forensic Laboratory established.
 In 2002, Scientific Working Group on Digital Evidence (SWGDE) published the first book about
digital forensic called "Best practices for Computer Forensics".
 In 2010, Simson Garfinkel identified issues facing digital investigations.

It is difficult to pinpoint when computer forensics history began. Most experts agree that the field of computer
forensics began to evolve more than 30 years ago. The field began in the United States, in large part, when
law enforcement and military investigators started seeing criminals get technical. Government personnel
charged with protecting important, confidential, and certainly secret information conducted forensic
examinations in response to potential security breaches to not only investigate the particular breach, but to
learn how to prevent future potential breaches. Ultimately, the fields of information security, which focuses
on protecting information and assets, and computer forensics, which focuses on the response to hi-tech
offenses, started to intertwine.
Over the next decades, and up to today, the field has exploded. Law enforcement and the military continue to
have a large presence in the information security and computer forensic field at the local, state, and federal
level. Private organizations and corporations have followed suit – employing internal information security and
computer forensic professionals or contracting such professionals or firms on an as-needed basis.
Significantly, the private legal industry has more recently seen the need for computer forensic examinations
in civil legal disputes, causing an explosion in the e-discovery field.
The computer forensic field continues to grow on a daily basis. More and more large forensic firms, boutique
firms, and private investigators are gaining knowledge and experience in the field. Software companies
continue to produce newer and more robust forensic software programs. And law enforcement and the military
continue to identify and train more and more of their personnel in the response to crimes involving technology.

Forensic Software and Hardware

Evidence is an important factor in any investigations. Forensics investigations rely on this method. The
evidence will prove vital for the success of investigation. Data or information should be communicated
accurately in an investigation. Computer forensics depends on evidence in the form of bits and bytes for a
case analysis. The bits and bytes reside on the storage medium of a digital device. Devices come in a variety
of formats as PCs, Servers, Mobile Phones, Sim Cards, Memory Cards, iPods, Routers and more to come.
Forensic experts always look on the data as a vital part in their analysis. In essence the data should be identified
and reproduced with zero percentage of error.

Two methods are widely adopted in acquiring data from a digital device.
1. Software Methods
2. Hardware Methods
Both the methods are interdependent and a clear-cut classification is not possible. The following discusses the
software forensic and the different hardware forensics techniques in use and the theory underlying it.

Software forensics is the science of analysing software source code or binary code to determine whether
intellectual property infringement or theft occurred. It is the centrepiece of lawsuits, trials, and settlements
when companies are in dispute over issues involving software patents, copyrights, and trade secrets. Software
forensics tools can compare code to determine correlation, a measure that can be used to guide a software
forensics expert.

Hardware Forensics
 Rule of forensics - The golden rule of forensics states that we cannot work on the suspect device. It
should be copied and any analysis should be done on the copy of the original one. The data should be
copied at the earliest. There should not be any tampering of the suspect device. Hence design of any
forensic tool should take into consideration these factors.

 A Drive Lock Scenario - An important requirement in forensics is a drive lock. This device should
lock the suspect drive as to avoid any contamination of data. Software locking is possible by blocking
any write operations. This requires a PC or a laptop running the software to be carried along with the
investigator every time. An improper functioning of the software can cause difficulty in acquiring.
Hardware methods that substitute the software techniques will be compact and easy to use. The device
will be powered from the source or from the suspect machine itself. The hardware into the development
should have all possible connectors available.

 Hard Disk Scenario - Acquihiring a hard disk using software methods depend on a software running
on a PC. The computation speed of the device depends on the processing capability of the processor.
The acquiring of an 80 GB hard disk takes roughly 4 hours. The processing capacity of processors has
increased with shrinkage in sizes. This can be taken into advantage for the design of speedy acquisition
devices. A portable unit would be a better ease to the investigator. So, development of an embedded
acquisition device will be an advantage in time and cost for the investigator.

 Sim Card scenario - GSM Mobile phones use Sim Cards as an important agent in connecting to the
network. Details on the network and connections can be obtained from the Sim Card. There need to be
device to read out the details in the Sim Card. This requires a combination of hardware and software.
Sim Card details should be also copied and replicated further for analysis.

Advantages of hardware tools in forensics

1. Embedded development is done which saves the space and time.
2. The products will be portable.
3. Speedy acquisition of digital datas can be done.

Need of Computer Forensic Science

Here are the essential objectives of using Computer forensics:
 It helps to recover, analyse, and preserve computer and related materials in such a manner that it helps
the investigation agency to present them as evidence in a court of law.
 It helps to postulate the motive behind the crime and identity of the main culprit.
 Designing procedures at a suspected crime scene which helps you to ensure that the digital evidence
obtained is not corrupted.
 Data acquisition and duplication: Recovering deleted files and deleted partitions from digital media to
extract the evidence and validate them.
 Helps you to identify the evidence quickly, and also allows you to estimate the potential impact of the
malicious activity on the victim
 Producing a computer forensic report which offers a complete report on the investigation process.
 Preserving the evidence by following the chain of custody.
Special tools and techniques
Tools – There are very many free and paid for digital forensic tools. Some of them are extensive collections
of utility programs that can help with various stages of the the forensic process. Examples include EnCase,
CAINE (Computer Aided Investigative Environment), X-Ways Forensics, SANS Investigative Forensics
Toolkit (SIFT), Computer Online Forensics Evidence Extractor (COFEE), The Coroner's Toolkit and many
more.
Although forensic tools vary according to the phase of the investigation for which they are being used, good
tools share some common features.
 Include an acquisition feature that allows the data to be gathered.
 Enables searching and filtering of files
 Can provide exact pathway locators to find the exact position of data.
 Full disk hashing to confirm the data hasn't changed
 Can reveal exact time and data stamps of when files were created, stored and last looked at.
 Can work with backup files and extract data

Techniques – The aims of the forensic process are to preserve the evidence; then to use the forensic tools look
at the acquired data for things that may have been deleted, hidden or unusual.
Different techniques or methods for this kind of forensic work can be used at different stages of the
investigative process.
 Preserving the evidence: Making an image (an exact copy) of the original data with the use of a 'write
blocker' - write blocker prevents any program or device making changes to the original data. Typical
tools include Forensic Toolkit (FTK), Encase, SIFT, Coroner's toolkit, Sleuth Kit
 Using the method of Forensic Duplication by recovering deleted files: Getting back files which might
have been to deleted to hide evidence. Typical tools FTK, Encase, SIFT, Coroner's toolkit, Sleuth Kit
 Removing Files: Most files on devices are harmless with known file types and names. One technique
is to filter out or remove these files to leave only those worthy of investigation. The method used here
is to compare md5 hashes of files to a list of known md5 hashes of known files. If they match, they
can be removed. FTK or Encase are popular tools.
 File signature verification. Works similar to raw above. A comparison is made between the header
and footer information of suspect files with those of known files. Matching files can be safely removed.
Sleuth Kit, Encase or a written Perl script.
 String searching and looking for file fragments: Using the search command to look for keywords or
known text. FTK, Encase
 Web activity reconstruction: Getting back web browsing history, accepted cookies and temporary
internet files that where the user has been removing opportunities for deniability. Encase, FTK,
Browser logs
 Email activity reconstruction: Using the method of converting email repositories to readable text
FTK, Parabens Network Mail Examiner
 Registry activity reconstruction: Discovering any deleted programmes or recent activity by looking
at Windows system and application log files. FTK, RegEdit
 Live forensics: Using the method of analysing volatile processes; those files that are loaded in and out
of memory. Windows Forensic Toolchest, COFEE
 Recovering hidden files: Actively looking for hidden files or hidden data (stenography) and
attempting to gain access through the methods of Decryption and Cryptanalysis. Steg Break, Steg
detect, Password Cracking and Frequency analysis.

Digital Forensic life cycle

Digital forensics entails the following steps:
 Identification
 Preservation
 Analysis
 Documentation
 Presentation
Identification - It is the first step in the forensic process. The identification process mainly includes things
like what evidence is present, where it is stored, and lastly, how it is stored (in which format).
Electronic storage media can be personal computers, Mobile phones, PDAs, etc.
Preservation - In this phase, data is isolated, secured, and preserved. It includes preventing people from using
the digital device so that digital evidence is not tampered with.
Analysis - In this step, investigation agents reconstruct fragments of data and draw conclusions based on
evidence found. However, it might take numerous iterations of examination to support a specific crime theory.
Documentation - In this process, a record of all the visible data must be created. It helps in recreating the
crime scene and reviewing it. It Involves proper documentation of the crime scene along with photographing,
sketching, and crime-scene mapping.
Presentation - In this last step, the process of summarization and explanation of conclusions is done.
However, it should be written in a layperson's terms using abstracted terminologies. All abstracted
terminologies should reference the specific details.

Process of Digital Forensics

Challenges faced by Digital Forensics

Here, are major challenges faced by the Digital Forensic:
 The increase of PC's and extensive use of internet access
 Easy availability of hacking tools
 Lack of physical evidence makes prosecution difficult.
 The large amount of storage space into Terabytes that makes this investigation job difficult.
 Any technological changes require an upgrade or changes to solutions.

Digital forensic challenges are categorized into three major heads:

 Technical challenges
 Legal challenges
 Resource Challenges

TECHNICAL CHALLENGES
As technology develops crimes and criminals are also developed with it. Digital forensic experts use forensic
tools for collecting shreds of evidence against criminals and criminals use such tools for hiding, altering or
removing the traces of their crime, in digital forensic this process is called Anti- forensics technique which is
considered as a major challenge in digital forensics world.

Anti-forensics techniques are categorized into the following types:

S. No. Type Description
It is legitimately used for ensuring the privacy of information by keeping
it hidden from an unauthorized user/person. Unfortunately, it can also be
1 Encryption
used by criminals to hide their crimes.
Data hiding in storage Criminals usually hide chunks of data inside the storage medium in
2 space invisible form by using system commands, and programs.
A covert channel is a communication protocol which allows an attacker
to bypass intrusion detection technique and hide data over the network.
3 Covert Channel The attacker used it for hiding the connection between him and the
compromised system.

Other Technical challenges are:

 Operating in the cloud
 Time to archive data
 Skill gap
 Steganography

Legal Challenges
The presentation of digital evidence is more difficult than its collection because there are many instances
where the legal framework acquires a soft approach and does not recognize every aspect of cyber forensics,
as in Jagdeo Singh V. The State and Ors, case Hon’ble High Court of Delhi held that “while dealing with the
admissibility of an intercepted telephone call in a CD and CDR which was without a certificate under Sec.
65B of the Indian Evidence Act, 1872 the court observed that the secondary electronic evidence without
certificate u/s. 65B of Indian Evidence Act, 1872 is not admissible and cannot be looked into by the court for
any purpose whatsoever.” This happens in most of the cases as the cyber police lack the necessary qualification
and ability to identify a possible source of evidence and prove it. Besides, most of the time electronic evidence
is challenged in the court due to its integrity. In the absence of proper guidelines and the nonexistence of
proper explanation of the collection, and acquisition of electronic evidence gets dismissed in itself.

Legal Challenges
S. no Type Description
In India, there are no proper guidelines for the collection and acquisition of
digital evidence. The investigating agencies and forensic laboratories are
Absence of guidelines
1 working on the guidelines of their own. Due to this, the potential of digital
and standards
evidence has been destroyed.
The Indian Evidence Act, 1872 have limited approach, it is not able to evolve
with the time and address the E-evidence are more susceptible to tampering,
alteration, transposition, etc. the Act is silent on the method of collection of
Limitation of the
e-evidence it only focuses on the presentation of electronic evidence in the
2 Indian Evidence Act,
court by accompanying a certificate as per subsection 4 of Sec. 65B. This
1872
means no matter what procedure is followed it must be proved with the help
of a certificate.

Other Legal Challenges

 Privacy Issues
 Admissibility in Courts
 Preservation of electronic evidence
 Power for gathering digital evidence
 Analyzing a running computer
Resource Challenges
As the rate of crime increases the number of data increases and the burden to analyze such huge data is also
increasing on a digital forensic expert because digital evidence is more sensitive as compared to physical
evidence it can easily disappear. For making the investigation process fast and useful forensic experts use
various tools to check the authenticity of the data but dealing with these tools is also a challenge in itself.

Types of Resource Challenges are:

 Change in technology - Due to rapid change in technology like operating systems, application
software and hardware, reading of digital evidence becoming more difficult because new version
software’s are not supported to an older version and the software developing companies did provide
any backward compatible’s which also affects legally.
 Volume and replication - The confidentiality, availability, and integrity of electronic documents are
easily get manipulated. The combination of wide-area networks and the internet form a big network
that allows flowing data beyond the physical boundaries. Such easiness of communication and
availability of electronic document increases the volume of data which also create difficulty in the
identification of original and relevant data.

Why do we need Cyber Laws?

Cyber law is like any other legal rule or policy that should be followed in our day-to-day life to stay out of
any kind of trouble. These laws are formed by keeping several issues into consideration such as our society,
morals, computer ethics, etc. The only difference is that cyber law is applied to the internet and internet-
related technologies only. Cyber law is formed to maintain discipline and justice in the cyber world. This area
in the legal system is introduced because the crime related to computers and other technology was increasing
rapidly. These types of crimes were not falling under the category of any existing legal category therefore a
separate section was formed named Cyber Law.

Cyber law provides legal protections to people using the internet including both businesses and regular
citizens. It is important for anyone using the internet to be aware of the cyber laws of their country and local
area so that, they know what activity is legal online and what is not. Also, if anything happens with them
online, they know how they can act regarding that matter accordingly.

Areas Encompassing in Cyber Laws

These laws cover many areas & activities occurring online and serve a variety of purposes. Some laws are
formed to protect to defend people online from malicious activities, some laws explain the policies if using
computers and the internet in a company. All these wide categories fall under the cyber laws. Some of the
wide range areas encompassing the cyber laws are:
 Scam/ Treachery - Cyber laws exist to protect people from online frauds and scams, these laws
prevent any financial crimes and identity theft that happen online.
 Copyrighting Issues - The Internet is the source of multiple types of content, but it is not right to copy
the hard work of any other person. There are strict policies in cyber laws against copyright that protects
the creative work of companies and individuals.
 Online Insults and Character Degradation - Online platforms like social media are the best platform
to speak your mind freely but there is a thin line between the liberation of using the right to speak and
defaming someone online. Cyber laws address issues like online insults, racism, gender targets to
protect a person’s reputation.
 Online Harassment and Stalking - Harassment is a violation of both civil and criminal laws. This
crime is a major issue in cyberspace. The legal system has some strict laws to prohibit these despicable
crimes.
 Data Protection - People using the internet risk their privacy while being online and often rely on
cyber laws and policies to protect their secrets. Also, companies should maintain the confidentiality of
data of their users.
Importance of Cyber Laws
 Cyber laws are important to punish criminals who commit serious crimes related to the computer such
as hacking, online harassment, data theft, disrupting the online workflow of any enterprise, attacking
another individual or website.
 Cyber laws decide different forms of punishment depending on the type of law you broke, who you
offended, where you violated the law, and where you live.
 It is important to bring criminal behind the bars, as most cybercrimes do not enter the category of
common crime and it may lead to denial of justice.
 These crimes may endanger the confidentiality and financial security of a nation therefore these
problems should be addressed lawfully.

Conclusion
Implementing laws in cyberspace is an important step to create a safe and secure environment for people on
cyber platforms. To protect from cybercrimes, computer forensic science should focus on ethical hacking
training and implementing cyber security plans addressing people, process, and technology issues arise
nowadays. Strict cyber laws are the need of this era where technology is growing at rapid speed because the
budgets have not been increased to keep up with this rate of change in technology.

The Indian IT Act

The Information Technology Act, 2000 also Known as an IT Act is an act proposed by the Indian Parliament
reported on 17th October 2000. This Information Technology Act is based on the United Nations Model law
on Electronic Commerce 1996 (UNCITRAL Model) which was suggested by the General Assembly of United
Nations by a resolution dated on 30th January, 1997. It is the most important law in India dealing with
Cybercrime and E-Commerce.
The main objective of this act is to carry lawful and trustworthy electronic, digital and online transactions and
alleviate or reduce cybercrimes. The IT Act has 13 chapters and 90 sections. The last four sections that starts
from ‘section 91 – section 94’, deals with the revisions to the Indian Penal Code 1860.

The IT Act, 2000 has two schedules:

 First Schedule – Deals with documents to which the Act shall not apply.
 Second Schedule – Deals with electronic signature or electronic authentication method.

The offences and the punishments in IT Act 2000:

The offences and the punishments that falls under the IT Act, 2000 are as follows:
1. Tampering with the computer source documents.
2. Directions of Controller to a subscriber to extend facilities to decrypt information.
3. Publishing of information which is obscene in electronic form.
4. Penalty for breach of confidentiality and privacy.
5. Hacking for malicious purposes.
6. Penalty for publishing Digital Signature Certificate false in certain particulars.
7. Penalty for misrepresentation.
8. Confiscation.
9. Power to investigate offences.
10. Protected System.
11. Penalties for confiscation not to interfere with other punishments.
12. Act to apply for offence or contravention committed outside India.
13. Publication for fraud purposes.
14. Power of Controller to give directions.

Sections and Punishments under Information Technology Act, 2000 are as follows :
SECTION PUNISHMENT
This section of IT Act, 2000 states that any act of destroying, altering or stealing computer
Section 43
system/network or deleting data with malicious intentions without authorization from
 owner of the computer is liable for the payment to be made to owner as compensation for
damages.
This section of IT Act, 2000 states that any corporate body dealing with sensitive
Section 43A information that fails to implement reasonable security practices causing loss of other
person will also liable as convict for compensation to the affected party.
Hacking of a Computer System with malicious intentions like fraud will be punished with
Section 66
3 years imprisonment or the fine of Rs.5,00,000 or both.
Section 66 B, C, Fraud or dishonesty using or transmitting information or identity theft is punishable with
D 3 years imprisonment or Rs. 1,00,000 fine or both.
This Section is for Violation of privacy by transmitting image or private area is punishable
Section 66 E
with 3 years imprisonment or 2,00,000 fine or both.
This Section is on Cyber Terrorism affecting unity, integrity, security, sovereignty of India
Section 66 F
through digital medium is liable for life imprisonment.
This section states publishing obscene information or pornography or transmission of
Section 67 obscene content in public is liable for imprisonment up to 5 years or fine or Rs. 10,00,000
or both.

Cybercrime scenario in India

The cybercrime scenario in our country does not truly reflect the existing situation on the ground. According
to the National Crime Records Bureau (NCRB), in 2016 a total of 12,187 cybercrime cases were registered
all over India when compared to 11,331 cases registered in 2015. There was 20.50 per cent increase in the
number of cybercrime cases in 2015 over 2014 and 6.3 per cent increase in cases in 2016 over 2015.

As far as the number of cybercrime cases is concerned, Uttar Pradesh with a figure of 2,639 registered the
maximum number of cases followed by Maharashtra (2380), and Karnataka (1101). Among the Metropolitan
cities, Mumbai with 980 cases stood first followed by Bengaluru 762 and Jaipur 532. Chennai city with 26
cases was ranked 16 among metros.

Social media seems to have turned antisocial at the hands of rumour mongers with more than 20 cases of
lynching being reported in the last two months in our country. The advent of social media appears to have
added fuel to the existing fire, by helping organisers and opposition parties congregate multitudes swiftly,
easily, cheaply and efficiently —whether it be for a cause like Jallikattu or for spreading the message of revolt
against the policies of the establishment.

Quite obviously, social media played a crucial role in mobilising and engineering some of the major agitations
like the Cauvery river dispute.

If we decide to not give a damn to cyber criminals, we would be doing so at our own peril. We should not
forget the kind of havoc the ill-gotten gains of cybercrime wreaked on the city of Mumbai in 2008 during the
terrorist siege by Lashkar-e-Taiba (LeT). The entire operation was funded by a Filipino hacking cell working
on behalf of Jamaah Islamiyah an associate of Al-Quaeda. Millions of dollars ripped off by the cybercriminals
recruited by it were channelled to their manipulators in Saudi Arabia who in turn laundered the funds to the
Lashkar-e-Taiba team in Pakistan, which executed the brutal onslaught against the City of Mumbai.

The situation today is that there are several laws protect cybercrime each one having its own scope and
limitations. India is no doubt imposing sanctions to deal with such crimes. However, the conviction rate is
found to be insignificant. However, what is needed a specific law particularly dealing with cybercrimes. Just
like what UK did in 1990, when it enacted the Computer Misuse Act 1990.

Digital Signature and the Indian IT Act

The advent of information technology revolutionised the whole world and fortunately India led a leading role
and captured global attention. India passed Information technology Act 2000 (The Act) which came into force
on 17-10-2000. The Act applies to the whole of India and even to persons who commit offence outside India.
The Act validates "DIGITAL SIGNATURE" and provides for enabling a person to use it just like the
traditional signature. The basic purpose of digital signature is not different from our conventional signature.
The purpose therefore is to authenticate the document, to identify the person and to make the contents of the
document binding on person putting digital signature. Let us see what digital signature is in technical terms.

A digital signature or digital signature schemeis a mathematical scheme for demonstrating the authenticity of
a digital message or document. A valid digital signature gives a recipient reason to believe that the message
was created by a known sender, and that it was not altered in transit. Digital signatures are based on public
key encryption. It uses prime numbers like 2,3.5.7,9,11 and so on which can be divided only by itself or by 1
and is incapable of division by other numbers. We have unlimited prime numbers and in DS we use the
multiples of prime numbers.

The functioning of DS is based on the system of public key cryptography. Public-key cryptography refers to
acryptographic system requiring two separate keys, one of which is secret and one of which is public. Although
different, the two parts of the key pair are mathematically linked. One key locks or encrypts the plain text, and
the other unlocks or decrypts the cipher text. Neither key can perform both functions. One of these keys is
published or public, while the other is kept private.
"Key encryption allows more than just privacy. It can also assure the recipient of the authenticity of a
document because a private key can be used to encode a message that only a public key can decode. If I have
information I want to sign before sending it to you, my computer uses my private key to encipher it. Now the
message can be read only if my public key-which you and everyone else know-is used to decipher it. This
message is veritably from me because no one else has the private key that could have encrypted it in this way".

Justice Yatindra Singh in his book "Cyber laws" has stated that since public key encryption is slow and time
consuming the hash function is used to transform a message into a unique shorter fixed length value called the
Hash result. Hash serves the purpose of an index of the original text. It is an algorithm mapping or translation
of one sequence into another. The hash function is such that the same hash result is obtained every time that
hash function is used on the same electronic record and two electronic records cannot produce the same hash
result using the same hash function. In other words, mapping is one to one and not many to one. It is one way.
One cannot reconstruct the original message from the hash result. The encryption of a hash result of the
message with the private key of the sender is called a Digital signature.

Cybercrimes and Punishment

Apart from punishments in IT Act, 2000, there are certain crimes that are attracted by IPC provisions as well.
The following is the enumeration of the IPC provisions along with various cybercrimes that are attracted by
respective Sections and the punishment for the same.
 Section 292 of IPC: Although this Section was drafted to deal with the sale of obscene material, it has
evolved in the current digital era to be concerned with various cybercrimes. The publication and
transmission of obscene material or sexually explicit act or exploit acts containing children, etc which
are in electronic form are also governed by this section. Though the crimes mentioned above seem to
be alike, they are recognized as different crimes by the IT Act and IPC. The punishment imposed upon
the commission of such acts is imprisonment and fine up to 2 years and Rs. 2000. If any of the
aforementioned crimes are committed for the second time, the imprisonment could be up to 5 years
and the fine could be imposed up to Rs. 5000.
 Section 354C of IPC: The cybercrime dealt with under this provision is capturing or publication of a
picture of private parts or acts of a woman without such person’s consent. This section exclusively
deals with the crime of ‘voyeurism’ which also recognizes watching such acts of a woman as a crime.
If the essentials of this Section (such as gender) are not satisfied, Section 292 of IPC and Section 66E
of IT Act, 2000 is broad enough to take the offenses of a similar kind into consideration. The
punishment includes 1 to 3 years of imprisonment for first-time offenders and 3 to 7 years for second-
time offenders.
 Section 354D of IPC: This section describes and punishes ‘stalking’ including both physical and
cyberstalking. If the woman is being monitored through electronic communication, internet, or email
 or is being bothered by a person to interact or contact despite her disinterest, it amounts to cyber-
stalking. The latter part of the Section states the punishment for this offense as imprisonment extending
up to 3 years for the first time and 5 years for the second time along with a fine imposed in both the
instances. In the case of Kalandi Charan Lenka v. The State of Odisha, the victim received certain
obscene messages from an unknown number which are damaging her character. Moreover, emails
were sent and the fake Facebook account was created by the accused which contained morphed
pictures of the victim. Hence, the accused was found prima facie guilty for cyberstalking by the High
Court under various provisions of IT Act and Section 354D of IPC
 Section 379 of IPC: If a mobile phone, the data from that mobile or the computer hardware is stolen,
Section 379 comes into the picture and the punishment for such crime can go up to 3 years of
imprisonment or fine or both. But the attention must be given to the fact that these provisions cannot
be applied in case the special law i.e IT Act, 2000 provisions are attracted. In this regard, in the case
of Gagan Harsh Sharma v. The State of Maharashtra, one of the employers found that the software and
data were stolen and someone has breached the computers and gave access to sensitive information to
the employees. The employer gave information to the police and they filed a case under Section 379,
408, and Section 420 of IPC and various other IT Act provisions. The question in front of the court is
whether the police can file a case under IPC or not. The court decided that the case cannot be filed
based on the IPC provisions as the IT Act has an overriding effect.
 Section 411 of IPC: This deals with a crime that follows the offenses committed and punished under
Section 379. If anyone receives a stolen mobile phone, computer, or data from the same, they will be
punished in accordance with Section 411 of IPC. It is not necessary that the thief must possess the
material. Even if it is held by a third party knowing it to be others, this provision will be attracted. The
punishment can be imposed in the form of imprisonment which can be extended up to 3 years or fine
or both.
 Section 419 and Section 420 of IPC: These are related provisions as they deal with frauds. The crimes
of password theft for the purpose of meeting fraudulent objectives or the creation of bogus websites
and commission of cyber frauds are certain crimes that are extensively dealt with by these two sections
of IPC. On the other hand, email phishing by assuming someone’s identity demanding password is
exclusively concerned with Section 419 of IPC. The punishments under these provisions are different
based upon the gravity of the committed cybercrime. Section 419 carries a punishment up to 3 years
of imprisonment or fine and Section 420 carries up to 7 years of imprisonment or fine.
 Section 465 of IPC: In the usual scenario, the punishment for forgery is dealt with in this provision.
In cyberspace, the offenses like email spoofing and preparation of false documents are dealt with and
punished under this Section which imbibes the imprisonment reaching up to 2 years or fine or both. In
the case of Anil Kumar Srivastava v. Addl Director, MHFW, the petitioner electronically forged
signature of AD and later filed a case making false allegations about the same person. The Court held
that the petitioner was liable under Section 465 as well as under Section 471 of IPC as the petitioner
also tried to use it as a genuine document.
 Section 468 of IPC: If the offenses of email spoofing or the online forgery are committed for the
purpose of committing other serious offenses i.e cheating, Section 468 comes into the picture which
contains the punishment of seven years of imprisonment or fine or both.
 Section 469 of IPC: If the forgery is committed by anyone solely for the purpose of disreputing a
particular person or knowing that such forgery harms the reputation of a person, either in the form of
a physical document or through online, electronic forms, he/she can be imposed with the imprisonment
up to three years as well as fine.
 Section 500 of IPC: This provision penalizes the defamation of any person. With respect to
cybercrimes, sending any kind of defamatory content or abusive messages through email will be
attracted by Section 500 of IPC. The imprisonment carried with this Section extends up to 2 years
along with fine.
 Section 504 of IPC: If anyone threatens, insults, or tries to provoke another person with the intention
of effecting peace through email or any other electronic form, it amounts to an offense under Section
504 of IPC. The punishment for this offense extends up to 2 years of imprisonment or fine or both.
 Section 506 of IPC: If a person tries to criminally intimidate another person either physically or
through electronic means with respect to the life of a person, property destruction through fire or
 chastity of a woman, it will amount to an offense under Section 506 of IPC and punishment of
imprisonment where the maximum period is extended up to seven years or fine or both.
 Section 509 of IPC: This Section deals with the offense of uttering a word, showing a gesture, and
committing an act that has the potential to harm the modesty of a woman. It also includes the sounds
made and the acts committed infringing the privacy of a woman. If this offense is committed either
physically or through electronic modes, Section 509 gets attracted and the punishment would be
imprisonment of a maximum period of one year or fine or both.
Introduction to Legal perspective of cyber crime and cyber
security
The legal perspective of cybercrime and cybersecurity involves the laws, regulations, and legal
frameworks that address and govern cybercriminal activities and the protection of information
systems. Here's a brief overview:

1. Cybercrime:
- Cybercrime refers to criminal activities conducted through the use of computers, networks, or
the internet. It encompasses a wide range of offenses, including hacking, identity theft, fraud,
data breaches, and denial-of-service attacks.
- Laws and regulations related to cybercrime vary across jurisdictions, but they generally aim to
define and prohibit specific cybercriminal activities, impose penalties for offenders, and establish
legal frameworks for investigation and prosecution.
- Cybercrime laws often cover unauthorized access to computer systems, illegal interception of
data, theft of sensitive information, spreading malware, and online harassment or stalking.

2. Cybersecurity:
- Cybersecurity laws and regulations focus on the protection of information systems, networks,
and data from unauthorized access, breaches, or disruptions.
- They outline security requirements, standards, and best practices for organizations, including
the protection of personal and sensitive information, incident response, and risk management.
- Cybersecurity laws also address the responsibilities of organizations in safeguarding customer
data, notifying individuals about data breaches, and maintaining appropriate security measures.
- Some jurisdictions may have specific industry-specific cybersecurity regulations, such as the
General Data Protection Regulation (GDPR) in the European Union or the Health Insurance
Portability and Accountability Act (HIPAA) in the United States.

3. International Cooperation and Cybersecurity:

- Cybercrime and cybersecurity are global issues that require international cooperation and
collaboration.
- International agreements and initiatives, such as the Budapest Convention on Cybercrime, aim
to foster cooperation among countries in investigating and prosecuting cybercrimes, sharing
information, and developing common legal frameworks.
- These efforts also promote cooperation in addressing challenges related to cross-border data
transfers, extradition of cybercriminals, and harmonizing legal approaches to combat
cybercrime.

It's important to note that cybercrime and cybersecurity laws are continuously evolving to keep
pace with technological advancements and emerging threats. Organizations and individuals
should stay updated on relevant laws and regulations in their jurisdiction and adhere to best
practices to ensure legal compliance and effective cybersecurity measures.
cybercrime and legal landscape around the world
The legal landscape around cybercrime varies across different countries and regions, as each
jurisdiction has its own laws, regulations, and approaches to addressing cybercriminal activities.
Here is a brief overview of the global legal landscape:

1. United States:
- The United States has comprehensive federal and state laws to combat cybercrime. The
Computer Fraud and Abuse Act (CFAA) is a key federal law that criminalizes unauthorized
access to computers and computer networks.
- Other relevant laws include the Electronic Communications Privacy Act (ECPA), which protects
electronic communications, and the Identity Theft and Assumption Deterrence Act (ITADA),
which addresses identity theft.

2. European Union:
- The European Union (EU) has implemented various cybersecurity and data protection
regulations. The General Data Protection Regulation (GDPR) sets requirements for the
protection of personal data and imposes penalties for non-compliance.
- The Network and Information Security Directive (NIS Directive) requires EU member states to
establish national frameworks for the security of critical information infrastructure.

3. United Kingdom:
- The UK has several laws to address cybercrime, including the Computer Misuse Act 1990,
which criminalizes unauthorized access, hacking, and related offenses.
- The Data Protection Act 2018 incorporates the GDPR into UK law and governs the protection
of personal data.

4. Australia:
- Australia has enacted the Cybercrime Act 2001, which incorporates the provisions of the
Budapest Convention on Cybercrime. It criminalizes various cyber offenses, including
unauthorized access, cyber fraud, and child pornography.

5. China:
- China has implemented cybersecurity laws and regulations to address cyber threats and
protect critical information infrastructure. The Cybersecurity Law of the People's Republic of
China outlines requirements for network operators, data protection, and incident reporting.

6. India:
- India has the Information Technology Act 2000 (amended in 2008) that covers
cybercrime-related offenses, including unauthorized access, hacking, data theft, and cyber
harassment.

7. International Cooperation:
- International cooperation plays a crucial role in combating cybercrime. The Budapest
Convention on Cybercrime is a notable international treaty that promotes cooperation among
countries in investigating and prosecuting cybercrimes.
- Additionally, INTERPOL, Europol, and other international organizations facilitate collaboration
and information sharing among law enforcement agencies worldwide.

It's important to note that this is just a high-level overview, and the specific laws, regulations,
and enforcement approaches can vary significantly within each country. Additionally, the legal
landscape is constantly evolving as new threats emerge, and jurisdictions update their laws to
address these challenges.