Unit 2

Introduction to Cyber Security Regulations

Cyberspace: Cyberspace is a complex environment that encompasses

interactions between people, software, and services, maintained through the
global distribution of technology devices and networks. It's a space where citizens,
businesses, critical infrastructure, military, and governments interact, leading to
blurred boundaries between these groups. As the number of connected networks
and devices continues to grow, cyberspace will become increasingly intricate.

Cybersecurity Regulations:

- Information Technology Act, 2000: The IT Act is a foundational law in India that
regulates cyber laws and e-commerce. It offers legal protection for online
transactions and establishes penalties for cybercrimes. Several sections within the
act address various cyber offenses:

- Section 43: Provides compensation for damages to computer systems when

an individual acts without the owner's permission.

- Section 66: Establishes penalties for fraudulent or dishonest acts as described

in Section 43, with potential imprisonment and fines.

- Section 66B: Imposes penalties for receiving stolen communication devices or

computers.

- Section 66C: Addresses identity thefts related to imposter digital signatures,

hacking passwords, and other identification features, with penalties including fines
and imprisonment.
 - Section 66D: This section addresses impersonation through computer
resources, introducing punishments for such acts.

- Indian Penal Code (IPC), 1860: The IPC, invoked alongside the IT Act,
encompasses cyber frauds and identity thefts, including forgery (Section 464),
forgery planned for cheating (Section 468), false documentation (Section 465),
presenting forged documents as genuine (Section 471), and reputation damage
(Section 469).

- Companies Act of 2013: The Companies Act requires corporate stakeholders to

adhere to legal obligations, including compliance with techno-legal standards for
daily operations. This Act grants the Serious Frauds Investigation Office (SFIO)
authority to prosecute Indian companies and directors for non-compliance.
Companies must follow strict cybersecurity guidelines to protect sensitive data
and avoid legal issues.

- NIST Cybersecurity Framework:

(The National Institute of Standards and Technology (NIST) provides a global
standard for cybersecurity with guidelines, best practices, and risk management
for protecting critical infrastructure. Combining NIST with ISO/IEC 27001
simplifies cybersecurity risk management.)

The National Institute of Standards and Technology (NIST) developed the

Cybersecurity Framework to provide a harmonized approach to managing cyber
risks. The framework includes guidelines, standards, and best practices to
manage cyber-related risks responsibly, focusing on flexibility and cost-
effectiveness. It promotes resilience and protection of critical infrastructure by
prioritizing critical activities, supporting information security programs, and
helping organizations comply with regulatory and contractual obligations.
Combining the NIST CSF with ISO/IEC 27001 can simplify cybersecurity risk
management and facilitate communication across organizations.
Final Thoughts: As reliance on technology continues to grow, cyber laws must
evolve to stay ahead of cyber threats. The shift toward remote work during the
pandemic has highlighted the need for heightened cybersecurity, necessitating
collaborative efforts from lawmakers, internet service providers, financial
institutions, online platforms, and users. By working together, these stakeholders
can foster online safety and resilience through compliance with cybersecurity
regulations.

International Law

Role of International Laws: Many countries have rules for the computing and
communication industries. These include regulations on unauthorized access, data
privacy, spamming, encryption, online trade, taxes, consumer protection, and
advertising. There are also laws about censorship, freedom of speech, and public
access to government information. Some countries limit internet access through
laws and technology.

International Law for Cybercrime: Cybercrime is a global problem without

borders, which makes it hard to fight. As cybercrime becomes more complex,
international cooperation is necessary. Many organizations and governments work
together to create global standards for laws and enforcement to fight cybercrime
more effectively.
The Indian Cyberspace
India's journey in cyberspace began in 1975 with the creation of the National
Informatics Centre (NIC) to provide IT solutions for the government. Three major
networks were established between 1986 and 1988:

1. INDONET: Connected IBM mainframe installations, forming India's computer

infrastructure.

2. NICNET: A nationwide network for public sector organizations, connecting the

central government with state governments and district administrations.

3. ERNET: Served the academic and research communities.

The New Internet Policy of 1998 allowed multiple Internet service providers (ISPs)
to offer services, increasing internet users from 1.4 million in 1999 to over 150
million by 2012. This rapid growth was due to increased access through mobile
phones and tablets. The government aims to increase broadband penetration from
around 6% to reach 160 million households by 2016 under the National
Broadband Plan.

National Cyber Security Policy

This policy, created by the Department of Electronics and Information Technology

in India, aims to protect public and private infrastructure from cyberattacks. It
seeks to safeguard personal information, financial data, and government data. The
policy is particularly important given concerns about privacy and security,
especially following reports of US government surveillance on Indian users.

Vision: To create a secure and resilient cyberspace for citizens, businesses, and
the government while protecting users' privacy.
Mission: The policy focuses on protecting information and information
infrastructure in cyberspace. It aims to build capabilities to prevent and respond to
cyber threats, reduce vulnerabilities, and minimize damage from cyber incidents.

Objectives:

1. Secure Cyber Ecosystem: To create a safe cyber environment, building trust in

IT systems and transactions, and promoting IT adoption across all sectors of the
economy.

2. Assurance Framework: To design security policies that comply with global

security standards and best practices, promoting adherence through conformity
assessment.

3. Regulatory Framework: To strengthen regulations ensuring a secure

cyberspace ecosystem.

4. 24/7 Monitoring: To establish national and sectoral monitoring for strategic

information on cyber threats, and provide proactive and effective response and
crisis management.

Internet Governance - Challenges and Constraints

Internet Governance Involves Shaping The Development And Use Of The Internet
Through Shared Principles, Norms, Rules, And Decision-Making Procedures. This
Process Is A Collaboration Between Government, The Private Sector, And Civil
Society.

Internet Governance Actors: There Is No Single Organization In Charge Of The

Internet; Instead, Various Groups Share Roles And Responsibilities In Its Evolution
And Use. Key Stakeholders Include:
1. Internet Corporation For Assigned Names And Numbers (Icann): Manages
Domain Names And Ip Addresses.
2. Internet Engineering Task Force (Ietf): Develops And Promotes Internet
Standards.
3. International Telecommunication Union (Itu): Oversees Global
Telecommunications, Including Internet Issues.
4. World Intellectual Property Organization (Wipo): Handles Intellectual Property
Rights Related To The Internet.
5. Internet Governance Forum (Igf): Provides A Platform For Discussion And
Collaboration On Internet Governance Issues.

Computer Criminals
Computer Crimes Are One Of The Fastest-Growing Forms Of Modern Crime.
Cybersecurity Experts Estimate That Around 1 Million Potential Cyber-Attacks Are
Attempted Each Day.

Types Of Cyber Criminals: Cyber Criminals, Also Known As Hackers, Are

Challenging To Identify Both As Individuals And Groups Because Of Their
Sophisticated Security Measures. Cybersecurity Experts Warn That These
Criminals Are Employing Increasingly Ruthless Methods To Achieve Their Goals
And Are Expected To Continue Developing More Advanced Methods Of Cyber-
Attacks.

CIA Triad
The CIA Triad is a security model that helps guide IT security efforts. It consists of
three core principles: Confidentiality, Integrity, and Availability.

Confidentiality: Confidentiality ensures that information is only accessible to

authorized users. It involves organizing data based on who needs access and how
sensitive the information is, considering the potential damage if confidentiality is
breached.
- Standard measures for confidentiality:
- Data encryption
- Two-factor authentication
- Biometric verification
- Security tokens

Integrity: Integrity protects data from unauthorized changes or deletion, ensuring

that data remains accurate and consistent. It also allows for reversing changes
made by authorized users if they were incorrect.

- Standard measures for integrity:

- Cryptographic checksums
- Using file permissions
- Uninterrupted power supplies
- Data backups

Availability: Availability ensures that data and systems are accessible when
needed. Authentication, access channels, and systems must function correctly to
provide access to information.

- Standard measures for availability:

- Backing up data to external drives
- Implementing firewalls
- Having backup power supplies
- Data redundancy
Together, the CIA Triad provides a framework for protecting data and systems
against various security threats.
Assets and Threat

An asset refers to any data, device, or system component of an organization that

holds value. Assets typically contain sensitive data or grant access to such
information. Examples of assets include:

- Employee devices such as desktops, laptops, or company phones.

- Applications on those devices.
- Critical infrastructure like servers and support systems.
- Information assets, such as databases and physical files, containing sensitive
data.

A threat is any incident that could harm an asset, such as causing it to be lost,
taken offline, or accessed by unauthorized parties. Threats can compromise the
confidentiality, integrity, or availability of an asset and can occur either intentionally
or accidentally.

- Intentional threats include criminal hacking, data theft by malicious insiders,

and other deliberate acts.
- Accidental threats typically involve employee mistakes, technical malfunctions,
or events causing physical damage such as fires or natural disasters.
Cyber Forensics

Computer forensics involves using investigative and analytical methods to collect

and preserve digital evidence. Forensic examiners work with personal computers,
laptops, smartphones, servers, and other media types. Their tasks can range from
breaking encryption to carrying out search warrants with law enforcement teams to
recover and analyze critical evidence from hard drives for civil and criminal cases.

The process of forensic examination is complex and highly specialized. The

findings are compiled into reports, and examiners may testify about their results in
court, where their expertise is put under scrutiny.

Digital Forensics:

Digital forensics is the practice of preserving, identifying, extracting, and

documenting computer evidence for legal use. It focuses on locating evidence
from digital media like computers, mobile phones, servers, and networks. Digital
forensics uses advanced tools and techniques to tackle complex digital-related
cases, helping forensic teams inspect, analyze, identify, and preserve digital
evidence across various electronic devices.

Digital forensic science is a branch of forensic science that deals with recovering
and investigating material found on digital devices in relation to cybercrime.

The Need for Computer Forensics:

Computer forensics is essential for protecting an organization and can save money
in the long run. From a technical standpoint, the primary goal of computer
forensics is to identify, collect, preserve, and analyze data while maintaining the
integrity of the evidence so it can be effectively used in legal cases.
Cyber Forensics and Digital Evidence:

Digital evidence includes information stored or transmitted in binary form that may
be used in court. It can be found on computer hard drives, mobile phones, and
other places. Digital evidence is often linked with electronic crime, such as child
pornography or credit card fraud, but it is now used to prosecute all types of
crimes.

For example, email or mobile phone records may provide critical evidence
regarding suspects' intent, location, and relationships with other suspects. In 2005,
a floppy disk led investigators to the BTK serial killer, who had eluded police since
1974.

To combat e-crime and collect relevant digital evidence for all types of crimes, law
enforcement agencies are incorporating computer forensics into their
infrastructure. These agencies face the challenge of training officers to collect
digital evidence and keep up with rapidly changing technologies like computer
operating systems.

Forensics Analysis of Email

Email forensics is the study of email sources and content to gather evidence and
identify details such as the sender and recipient, time of transmission, and
sender's intent. Various techniques are used in email forensics:

1. Header Analysis: This involves examining the metadata in an email, including

control information such as envelope and headers, to gather information about the
sender and the path the message took. Detailed analysis can help identify if the
headers have been spoofed to hide the sender's identity.

2. Bait Tactics: An email with a monitored image source is sent to the sender
under investigation. When the email is opened, the IP address of the recipient is
recorded on the server hosting the image, which helps track the sender.
Techniques such as embedded Java applets or HTML pages with Active X objects
can also be used to extract the IP address of the receiver.

3. Server Investigation: Investigators may examine copies of delivered emails and

server logs to identify the source of an email. Servers store emails and logs for
limited periods, so prompt action is needed. Some servers may also hold data
such as credit card numbers that could help identify the person behind an email
address.

4. Network Device Investigation: Logs from network devices such as routers,

firewalls, and switches can help trace the source of an email when server logs are
unavailable or uncooperative.

5. Software Embedded Identifiers: Information about the sender, such as custom

headers or MIME content, may be included in the email by the sender's email
software. This information can reveal details like PST file names, Windows logon
username, or MAC address of the sender's computer.

6. Sender Mailer Fingerprints: The email's Received header and client-side

headers like "X-Mailer" can reveal details about the software used at the server
and client. This information helps investigators understand the sender's computer
setup and choose effective investigation strategies.
Digital Forensics Lifecycle

Collection: The first step in the forensic process involves identifying potential data
sources and acquiring data from them.

Examination: Once data is collected, the next phase is to assess and extract
relevant information. This may involve dealing with OS or application features that
obscure data, such as compression, encryption, or access control mechanisms.

Analysis: After extracting relevant information, the analyst studies the data to draw
conclusions. A methodical approach is essential to reach appropriate conclusions
based on the data or to determine that no conclusions can be drawn.

Reporting: This is the stage of preparing and presenting the findings from the
analysis phase. Several factors influence the reporting process:

a. Alternative Explanations: If information about an event is incomplete, analysts

should consider multiple plausible explanations and attempt to prove or disprove
each possibility.

b. Audience Consideration: Understanding the audience for the report is

important to tailor the presentation of findings.
c. Actionable Information: The report should also identify actionable insights from
the data, which could lead to new sources of information for further analysis.

Forensic Investigation
Forensics investigation involves using scientific methods to solve a crime by
gathering and analyzing all crime-related physical evidence. This helps form
conclusions about a suspect and how a crime occurred. Investigators examine
blood, fluids, fingerprints, residue, digital devices, and other technology to
understand the events of the crime.

Types of Forensics Investigation:

- Forensic Accounting / Auditing: Investigating financial records to detect fraud

or financial discrepancies.

- Computer or Cyber Forensics: Examining digital devices to uncover evidence

of cybercrimes or other criminal activities.

- Crime Scene Forensics: Collecting and analyzing evidence found at a crime

scene.

- Forensic Archaeology: Analyzing human remains and artifacts to understand

historical crimes.

- Forensic Dentistry: Examining dental evidence to identify individuals or analyze

bite marks.

- Forensic Entomology: Using insects to estimate the time of death and other
details in an investigation.
- Forensic Graphology: Analyzing handwriting to identify suspects or understand
their personality.

- Forensic Pathology: Determining the cause and manner of death through

autopsies and other medical tests.

- Forensic Psychology: Applying psychology to criminal investigations and legal

processes.

- Forensic Science: Using scientific methods and techniques to solve crimes and
gather evidence.

- Forensic Toxicology: Analyzing bodily fluids and tissues for the presence of
drugs, chemicals, or toxins.

Challenges in Computer Forensics

Digital forensics uses scientifically derived methods to identify, collect, preserve,
validate, analyze, interpret, and present digital evidence from digital sources.
However, implementing these methods faces various challenges categorized into
three major areas:

1. Technical Challenges:
- Anti-forensics Techniques: Criminals use techniques like encryption, data
hiding in storage spaces, and covert channels to conceal their actions and avoid
detection.
- Operating in the Cloud: Cloud environments pose unique challenges for
evidence collection and analysis.
- Time to Archive Data: The time it takes to archive data can impact the
timeliness of an investigation.
- Skill Gap: A shortage of skilled professionals makes investigating and
analyzing digital evidence more challenging.
 - Steganography: Hiding information within other data, such as images, can
obscure evidence.

2. Legal Challenges:
- Absence of Guidelines and Standards: In some regions, including India, a lack
of standardized guidelines for collecting and acquiring digital evidence can
undermine the value of evidence.
- Limitations of Indian Evidence Act: The Act doesn't sufficiently address the
challenges of modern digital evidence, focusing primarily on presentation rather
than collection or analysis.
- Other Legal Challenges: These include privacy issues, admissibility in courts,
preservation of electronic evidence, the power to gather digital evidence, and
analyzing a running computer.

3. Resource Challenges:
- Change in Technology: The rapid evolution of technology can make it difficult to
keep up with new operating systems, applications, and hardware.
- Volume and Replication: The sheer amount of digital data and its ability to be
replicated easily pose challenges in identifying and preserving original and relevant
evidence.

As the field of digital forensics continues to evolve, addressing these challenges

will require ongoing research, training, and collaboration across disciplines and
industries.
TYPES OF FORENSICS INVESTIGATION
 Forensic Accounting / Auditing
 Computer or Cyber Forensics
 Crime Scene Forensics
 Forensic Archaeology
 Forensic Dentistry
 Forensic Entomology
 Forensic Graphology
 Forensic Pathology
 Forensic Psychology
 Forensic Science
 Forensic Toxicology

CHALLENGES IN COMPUTER FORENSICS

Digital forensics has been defined as the use of scientifically derived and proven methods
towards the identification, collection, preservation, validation, analysis, interpretation, and
presentation of digital evidence derivative from digital sources to facilitate the reconstruction
of events found to be [Link] these digital forensics investigation methods face some
major challenges at the time of practical implementation. Digital forensic challenges are
categorized into three major heads as per Fahdi, Clark, and Furnell are:

 Technical challenges
 Legal challenges
 Resource Challenges

TECHNICAL CHALLENGES

As technology develops crimes and criminals are also developed with it. Digital forensic
experts use forensic tools for collecting shreds of evidence against criminals and criminals use
such tools for hiding, altering or removing the traces of their crime, in digital forensic this
process is called Anti- forensics technique which is considered as a major challenge in digital
forensics world.

Anti-forensics techniquesare categorized into the following types:

S. No. Type Description

1 Encryption It is legitimately used for ensuring the privacy of
information by keeping it hidden from an
unauthorized user/person. Unfortunately, it can also
be used by criminals to hide their crimes
2 Data hiding in storage space Criminals usually hide chunks of data inside the
storage medium in invisible form by using system
commands, and programs.
3 Covert Channel A covert channel is a communication protocol which
allows an attacker to bypass intrusion detection
technique and hide data over the network. The
attacker used it for hiding the connection between
him and the compromised system.
Other Technical challenges are:

 Operating in the cloud

 Time to archive data
 Skill gap
 Steganography

LEGAL CHALLENGES

The presentation of digital evidence is more difficult than its collection because there are many
instances where the legal framework acquires a soft approach and does not recognize every
aspect of cyber forensics, as in Jagdeo Singh V. The State and Ors case Hon’ble High Court of
Delhi held that “while dealing with the admissibility of an intercepted telephone call in a CD
and CDR which was without a certificate under Sec. 65B of the Indian Evidence Act, 1872 the
court observed that the secondary electronic evidence without certificate u/s. 65B of Indian
Evidence Act, 1872 is not admissible and cannot be looked into by the court for any purpose
whatsoever.” This happens in most of the cases as the cyber police lack the necessary
qualification and ability to identify a possible source of evidence and prove it. Besides, most
of the time electronic evidence is challenged in the court due to its integrity. In the absence of
proper guidelines and the nonexistence of proper explanation of the collection, and acquisition
of electronic evidence gets dismissed in itself.

Legal Challenges

[Link]. Type Description

1 Absence of guidelines and In India, there are no proper guidelines for the
standards collection and acquisition of digital evidence. The
investigating agencies and forensic laboratories are
working on the guidelines of their own. Due to this,
the potential of digital evidence has been destroyed.
2 Limitation of the Indian The Indian Evidence Act, 1872 have limited approach,
Evidence Act, 1872 it is not able to evolve with the time and address the
E-evidence are more susceptible to tampering,
alteration, transposition, etc. the Act is silent on the
method of collection of e-evidence it only focuses on
the presentation of electronic evidence in the court by
accompanying a certificate as per subsection 4 of Sec.
65B[12]. This means no matter what procedure is
followed it must be proved with the help of a
certificate.

Other Legal Challenges

 Privacy Issues
 Admissibility in Courts
 Preservation of electronic evidence
 Power for gathering digital evidence
 Analyzing a running computer
Resource Challenges

As the rate of crime increases the number of data increases and the burden to analyze such huge
data is also increasing on a digital forensic expert because digital evidence is more sensitive as
compared to physical evidence it can easily disappear. For making the investigation process
fast and useful forensic experts use various tools to check the authenticity of the data but
dealing with these tools is also a challenge in itself.

Types of Resource Challenges are:

 Change in technology

Due to rapid change in technology like operating systems, application software and hardware,
reading of digital evidence becoming more difficult because new version software’s are not
supported to an older version and the software developing companies did provide any backward
compatible’s which also affects legally.

 Volume and replication

The confidentiality, availability, and integrity of electronic documents are easily get
manipulated. The combination of wide-area networks and the internet form a big network that
allows flowing data beyond the physical boundaries. Such easiness of communication and
availability of electronic document increases the volume of data which also create difficulty in
the identification of original and relevant data.

Unit 3
CYBERCRIMES: MOBILE AND WIRELESS
INTRODUCTION. Why should mobile devices be protected? Every day, mobile devices are
lost, stolen, and infected. Mobile devices can store important business and
personal information, and are often be used to access University systems, email, banking