Home crime scene investigation Electronic Evidence

Electronic Evidence

September 03, 2020

Electronic Evidence

Electronic evidence is the data of information and it has investigate value that stored or transmitted by an electronic device.

Types of electronic evidence (categorization)

1) Obtained from device which store digital/electronic information.
2) Data interception when being transmitted. 

Types of computers crime
It is of three types

1) Internet or cyber crime  -
 Its involve Internet theft and piracy , blocking of service  , hacking , pornography and child abuse , disruption of systems as banking network fraud , air and traffic control , communication network , virus introduced in system , use for terrorism promotion , gambling purpose , cyber talking , false propaganda , intrusion , spoofing and spanning. 

2) Computers frauds - computer forgery , computer manipulation fraud , vandalism of computer or sabotage. 

3) Computers crime  - 
Its involve software theft , counterfeiting of currency , credit card counterfeiting. 

Indian Evidence Act on Electronic evidence - 

In India section 65 A and 65 B added by Information Technology Act 2000.

Section .65 A - It lays down contents of electronic records may be proved with provisions laid in section 65 B.

Section .65 B - Its lays down the admissibility of electronic records. It state that information collected in electronic records which is printed on paper  , recorded or copied , stored  in magnetic or optical media generated by a computer shall also deemed to be a document if satisfied all conditions mentioned in the section in relation to information and computer in question and admissible in any proceedings , without further proof or production of original.
It also emphasizes that for the purpose of evidence a certificate identified the electronic records produced by a computer and signed by a concerned person or officer in-charge of the operation must be produced. 

Handling of electronic evidence consists following steps - 

Recognition and identification of the evidence. The information access in a lawful manner.

Collection of data and physical items need legality and procedural admissibility. 
After that preservation  , packaging and transportation of evidence take place.

Documentation of the evidence is the next step.

Important things considered in a electronic evidence case is -

Find-out the user and password of the system with internet service provider.

Other password  to access the software or data(if any) .

 Is there any security setup for destruction of storage data.

 Any document favor the hardware or software installation. 

Find out the condition of monitor that it is in on , off or in sleep mode.

When the monitor is in on condition and desktop screen visible then
Take photographs of the same (monitor screen). Remove the power cable from computer.

When the monitor is in sleep mode then move the mouse , screen will show desktop or request for password. Take photographs and remove power cable. 

When the monitor is off then turn it on . Take photographs of the screen. Remove power cable .

In case of laptop remove the battery. 

In case of mobile phones or tablets , turned off it immediately to preserve cell tower information and the mobile data. If its can't turned off then disabled the other communication systems like WiFi , Bluetooth etc or set it to aeroplane mode. To isolate it from tower location place it in a blocking material like Faraday bag.

Computer and its connections should be photographed. 

Mark and label all. In case of laptop see the WiFi connection connectivity .

Check all telephone modem , DSL line , ISDN and if connection through the phone , identify the number.

Do not remove CD and CD drive. Cover all the drive shots and power connector through tape.

Note the make , model and serial numbers of all devices. Wireless computers has no wires but contains all processing units.

Packaging  - Properly document and label all electronic evidence before packaging. 

Magnetic media should be packed in an anti-static packaging.

Don't fold or bend any computer media.

More than one computer system should be packed separately. 

The investigator should know the basic knowledge about the electronic evidence and the person conducting all the process of search  collection  preservation and seizure should be trained enough. The investigator should indicate the information he want to gather from the laboratory as phone numbers , call histories , email or messages or any image. There is a possibility of DNA , fingerprints etc on the devices , the investigator also take care of these evidences. 

Now a days digital forensic evolving very fast , it has sub-disciplines as - 
Computer forensic 
Network forensic 
Digital image forensic 
Mobile device forensic 
Digital audio - video forensic 
Memory forensic. 

About

MR. DEEPAK PAWAR has been working as Finger Print Expert / Police Officer in Finger Print Bureau , Delhi Police at New Delhi since 2001 . He is the senior most Finger Print Expert , attending / visited several scene of crime and solved many crime cases .He has passed M.Sc (Chemistry) and he is the Member of International Association of Identification . He is the Member of Delhi Police welfare association . He is supervising the Forensic , New Delhi District , Mobile Crime Team . He is one of the Expert in the Special Investigation Team held for investigation of important cases . He has been giving fingerprint proficient training to Delhi Police personnel's . He has been Presented / giving lectures on topics related to forensic science . He is also making examination paper of Finger Print proficient course . He is awarded with Police Medal by MHA and Delhi Police.

Next
« Prev Post
Previous
Next Post »