Upload
mark-olsen
View
43
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Workshop on “Cyber Crime”. Wednesday, 18th June 2010 - Hotel Bristol, M.G. Road, Gurgaon Session IV- Incident Response and Reporting Cyber Crimes By Karnika Seth Managing Partner, SETH ASSOCIATES. Presentation plan. Incident Response and Reporting Cyber Crimes: - PowerPoint PPT Presentation
Citation preview
Workshop on
“Cyber Crime”
Wednesday, 18th June 2010 - Hotel Bristol, M.G. Road, Gurgaon
Session IV- Incident Response and Reporting Cyber CrimesBy Karnika SethManaging Partner, SETH ASSOCIATES
Presentation plan
Incident Response and Reporting Cyber Crimes:
How to handle a cybercrime scenario Importance of Corporate training in
cyberlaws How to report Cyber Crime Legal recourse available in cybercrime
cases Role of forensic expert & cyberlawyer. Steps that lead to effective prosecution &
conviction
Incident Response – a precursor to Techniques of Cyber investigation & forensic tools
‘Incident response’ could be defined as a precise set of actions to handle any security incident in a responsible ,meaningful and timely manner.
Goals of incident response- To confirm whether an incident has occurred To promote accumulation of accurate information Educate senior management Help in detection/prevention of such incidents in the
future, To provide rapid detection and containment Minimize disruption to business and network operations To facilitate for criminal action against perpetrators
Possible reliefs to a cybercrime victim- strategy adoption
A victim of cybercrime needs to immediately report the matter to his local police station and to the nearest cybercrime cell
Depending on the nature of crime there may be civil and criminal remedies.
In civil remedies , injunction and restraint orders , blocking of websites, may be sought, together with damages, delivery up of infringing matter and/or account for profits.
In criminal remedies, a cybercrime case will be registered by police if the offence is cognisable and if the same is non cognisable, a complaint should be filed with metropolitan magistrate
For certain offences, both civil and criminal remedies may be available to the victim
Before lodging a cybercrime case Important parameters- Gather ample evidence admissible in a
court of law Fulfill the criteria of the pecuniary ,territorial
and subject matter jurisdiction of a court. Determine jurisdiction – case may be filed
where the offence is committed or where effect of the offence is felt ( S. 177 to 179, Crpc)
The criminal prosecution pyramid
Conviction/acquittal
Trial
Contents of charge
Issue of process –summons, warrant
Examine the witnesses
Examine the complainant on oath
Initiation of criminal proceedings-cognizance of offences by magistrates
Preparation for prosecution Collect all evidence available & saving snapshots of
evidence Seek a cyberlaw expert’s immediate assistance for
advice on preparing for prosecution Prepare a background history of facts chronologically
as per facts Pen down names and addresses of suspected accused. Form a draft of complaint and remedies a victim seeks Cyberlaw expert & police could assist in gathering
further evidence e.g tracing the IP in case of e-mails, search & seizure or arrest as appropriate to the situation
A cyber forensic study of the hardware/equipment/ network server related to the cybercrime is generally essential
Defending an accused in a cybercrime
Preparation of chain of events table Probing where evidence could be traced? E-mail
inbox/files/folders/ web history Has the accused used any erase evidence
software/tools Forensically screening the hardware/data/files
/print outs / camera/mobile/pendrives of evidentiary value
Formatting may not be a solution Apply for anticipatory bail Challenge evidence produced by opposite party
and look for loopholes Filing of a cross complaint if appropriate
Amendments- Indian Evidence Act 1872
Section 3 of the Evidence Act amended to take care of admissibility of ER as evidence along with the paper based records as part of the documents which can be produced before the court for inspection.
Section 4 of IT Act confers legal recognition to electronic records
Societe Des products Nestle SA case 2006 (33 ) PTC 469
By virtue of provision of Section 65A, the contents of electronic records may be proved in evidence by parties in accordance with provision of 65B.
Held- Sub section (1) of section 65B makes admissible as a document, paper print out of electronic records stored in optical or magnetic media produced by a computer subject to fulfillment of conditions specified in subsection 2 of Section 65B .
a) The computer from which the record is generated was regularly used to store or process information in respect of activity regularly carried on by person having lawful control over the period, and relates to the period over which the computer was regularly used.
b) Information was fed in the computer in the ordinary course of the activities of the person having lawful control over the computer.
c) The computer was operating properly, and if not, was not such as to affect the electronic record or its accuracy.
d) Information reproduced is such as is fed into computer in the ordinary course of activity.
State v Mohd Afzal,2003 (7) AD (Delhi)1
State v Navjot Sandhu (2005)11 SCC 600
Held, while examining Section 65 B Evidence Act, it may be that certificate containing details of subsection 4 of Section 65 is not filed, but that does not mean that secondary evidence cannot be given.
Section 63 & 65 of the Indian Evidence Act enables secondary evidence of contents of a document to be adduced if original is of such a nature as not to be easily movable.
Presumptions in law- Section 85 B Indian Evidence Act
The law also presumes that in any proceedings, involving secure digital signature, the court shall presume, unless the contrary is proved, that the secure digital signature is affixed by the subscriber with the intention of signing or approving the electronic record
In any proceedings involving a secure electronic record, the court shall presume, unless contrary is proved, that the secure electronic record has not been altered since the specific point of time, to which the secure status relates
Live demo- sending fake e-mails and reading headers ,phising attacks Use of www.fakemailer.net Use of Who is Dissecting header and body of an e-mail message digest, IP address Return path Sender’s address Live demo phising- www.noodlebank.com,
www.nood1ebank.com www.whois.sc www.readnotify.com
Internet headers - example
Return-Path: <[email protected]> Delivered-To: [email protected] Received: (qmail 14805 invoked by uid 399); 14 Jun 2010 10:06:26 -0000 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on cp.mysticaconsultancy.com X-Spam-Level: ** X-Spam-Status: No, score=2.2 required=5.0 tests=AWL,DEAR_SOMETHING, HTML_MESSAGE,RDNS_NONE autolearn=disabled version=3.2.5 X-Virus-Scan: Scanned by ClamAV 0.94.2 (no viruses); Mon, 14 Jun 2010 15:36:27 +0530 Received: from unknown (HELO nwt201.smartinfo.com.hk) (58.64.135.201) by mail.mysticaconsultancy.com with ESMTP; 14 Jun 2010 10:06:26 -0000 X-Originating-IP: 58.64.135.201 Received-SPF: none (mail.mysticaconsultancy.com: domain at indilaw.com does not designate permitted sender hosts) identity=mailfrom; client-ip=58.64.135.201; envelope-from=<[email protected]>; Received: from [202.155.235.123] (helo=Jamesz17) by nwt201.smartinfo.com.hk with esmtp (Exim 4.69) (envelope-from <[email protected]>) id 1OO6fd-0007ti-HO for [email protected]; Mon, 14 Jun 2010 18:13:33 +0800 From: "James Burden" <[email protected]> To: "'Karnika Seth'" <[email protected]> References: <019701cadbb6$790ebbe0$6b2c33a0$@com> <!&!
AAAAAAAAAAAYAAAAAAAAAPOg2rbT7EZBvR1yEZiTNb3CgAAAEAAAAMwSmJZkO0ZEhmOq1ziIk4UBAAAAAA==@sethassociates.com> <047701cadc97$57b829e0$07287da0$@com> <!&!AAAAAAAAAAAYAAAAAAAAAPOg2rbT7EZBvR1yEZiTNb3CgAAAEAAAAACtRFRrSaVJgPc/B/[email protected]>
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAPOg2rbT7EZBvR1yEZiTNb3CgAAAEAAAAACtRFRrSaVJgPc/B/[email protected]>
Subject: RE: A story of interest from India Business Law Journal Date: Mon, 14 Jun 2010 18:18:18 +0800 Message-ID: <009101cb0baa$ea0541b0$be0fc510$@com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----
=_NextPart_000_0092_01CB0BED.F82881B0" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index:
AcrbtlhfkWh1MrOJSyWK5i/aRRropAA1ZBKQAALOomAAAJ4NYAvEM6+w
Content-Language: en-us X-AntiAbuse: This header was added to track abuse, please
include it with any abuse report X-AntiAbuse: Primary Hostname - nwt201.smartinfo.com.hk
Thank you!
SETH ASSOCIATES
ADVOCATES AND LEGAL CONSULTANTSNew Delhi Law Office:
C-1/16, Daryaganj, New Delhi-110002, India
Tel:+91 (11) 65352272, +91 9868119137
Corporate Law Office:
B-10, Sector 40, NOIDA-201301, N.C.R ,India
Tel: +91 (120) 4352846, +91 9810155766
Fax: +91 (120) 4331304
E-mail: [email protected]