Financial Daily from THE HINDU group of publications
Monday, Oct 17, 2005
Financial Daily from THE HINDU group of publications Monday, Oct 17, 2005 |
|
|
|
|
|
|
|
eWorld
-
Security Industry & Economy - Economic Offences Columns - Security Musings Handle with care R.K.Raghavan
I AM often quizzed by friends on how savvy the Indian Police are in handling cyber crime. Although it is a few years since I left the force, I have been closely following trends of cyber investigation and Court decisions. I am generally pleased with what I have seen or heard. A few victim organisations have actually told me that they have been happy with the style of approach of cyber crime cells in receiving complaints and disposing of them in the manner prescribed by law. This satisfactory situation is the outcome of a heavy emphasis on training by the police leadership and the involvement of private industry and bodies such as the Nasscom in providing the necessary inputs. There is, however, no room for complacence. The endeavour should be to enhance awareness not only among police investigators but in the lay computer user as well. Ultimately, the successful prosecution of a case will depend on how solid the evidence presented to the judge is, with the help of victims and other witnesses who were the first to be privy to the incident in question. A recent classic text-book on the subject Computer Forensics :Jump Start (Sybex Publishers, London 2005) by Michael G.Solomon and two others offers many insights and practical tips that I would strongly commend to my readers. Right from the moment an attack is detected, the focus should be on causing the least damage to the exhibit going to the Court. We have definitely come a long way from the days in which a policeman just drilled a hole through several floppies and held them together with a string while sending them to the Court as a material object to prove a computer crime! But then, I am not all that sure that such crudity has yielded place to real refinement and care on the part of victims who can make or mar a case. Some time ago, I told you of how a University Systems Administrator in the UK went into a computer suspected of storing objectionable images several times, in order to collect evidence against a researcher probing the mind of paedophiles. The Administrator was least mindful of the fact, that through such intrusions, albeit for the genuine purpose of collecting all facts and handing them over to the police, he created many unwanted records in the History file of the computer. These files directly helped to bolster the defence case that their computer had been vandalised, and the images in question had been planted by an intruder unknown to the accused. The defendant thereby got a benefit of the doubt and the case of hacking against him collapsed. It is a different matter that he got nailed on the charge of mere possession of pornographic material. This case illustrates the fact that panicky responses to a computer crime spell doom to the effort to bringing an offender to book. Cyber witnesses and investigators have to be conscious all the time of logging the chain of custody. This would mean chronicling all that was done since the attack on a system was noticed and proving that no unauthorised person had access to the system from that point of time or any material evidence, such as the hard disk, was tampered with. You will, therefore, understand how valuable the fingerprints left are on the keyboard by an intruder, which can be sorted out later from the prints of the authorised user. Also important is the need to take pictures of all the physical features of a system, including the screen as you found at the first instance of the episode. One suggestion by some experts is to mount all the available documentary evidence on to a read-only mode. This exercise has to be to done with great care so as to avoid the accidental introduction of extraneous material that will go to the advantage of the defence. A secure hardware or software write blocker is also recommended in such cases, as long as you are convinced that such a blocker is of high quality and has no holes that permit direct disk access. An interesting puzzle that often faces the victim as well as an investigator is whether you should switch off the power supply to a computer system that you suspect has been violated. One may think that by discontinuing power the system gets frozen, making it proof against further attacks or efforts to destroy valuable evidence. Abrupt disconnection of power can actually alter or totally destroy crucial evidence. A proper system shutdown is often recommended as one way to prevent accidental corruption of files. Of course, this process may leave behind many new entries on the activity log files that may have to be properly explained subsequently by either the user of the system or the investigator. A third option that Michael Solomon offers is keeping the system running and taking a snapshot of the entire system through a previously installed monitor program. Where, however, such software has not been installed, a large-capacity USB drive does the trick in a post-incident exercise. The ultimate success of an investigator, be it the victim himself or a police official, will depend hugely on a thorough and lucid report that he prepares at the end of his procedures. It is the clarity of such reports that would weigh heavily in the mind of a judge in arriving at his verdict. This is because we do not yet have judges who understand all the mysteries of the technology that cyber probes rely upon. It will be unfair for us to expect them to spend their valuable time on this, unless we reach a stage where the high volume of cyber crime justifies exclusive cyber courts presided over by expert judges. Till then the investigator's report before should say it all. Or else, a compulsive cyber criminal goes scot-free and lives another day to carry on with his misadventures on the cyberspace. Picture by K.V. Srinivasan (The writer is a former CBI Director who is currently Adviser to Tata Consultancy Services Ltd.)
Article E-Mail :: Comment :: Syndication :: Printer Friendly Page
|
Stories in this Section |
|
The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription Group Sites: The Hindu | Business Line | The Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |
Copyright © 2005, The
Hindu Business Line. Republication or redissemination of the contents of
this screen are expressly prohibited without the written consent of
The Hindu Business Line
|
