February, 2008
Finally, we have our first conviction under the IT Act 2000 in India. After more than a 100 cases being lodged, and about half of them actually reaching the courts, we have our first conviction of an orthopaedic surgeon in Chennai being convicted of recording and uploading pornographic images. He and his brother in the US were found running a profitable pornographic website selling the videos and images.
Other notable cases nowhere near conviction include the hacking of the Mumbai cybercrime cell, the financial defrauding of Citibank customers by its BPO Mphasis, the creation of an Orkut group criticising Shivaji which got an IT engineer in Bangalore wrongly incarcerated due to a serious goof-up by Bharti (the ISP), and others.
Coming back to the original case, though, I wonder why the actions of the doc, warranted a life sentence? What is intriguing is the presence of machine gun bullets at his farmhouse - wonder where the machine gun correlating to the bullets might be? Maybe the doc was also a gun-runner in addition to being a pervert.
January, 2008
The Directorate of Forensic Science laboratory, Government of Maharashtra Mumbai is holding a forensics awareness week from 7th to 11th Jan 2008.
The Director — Dr.Mrs R.Krishnamurthy is pleased to invite persons from the corporate world especially those who are working in the area of Risk management, frauds detection and In house Investigations to their lab at Kalina (Santa Cruz) to get first hand knowledge of the techniques that the lab is using at present.
All those who are interested in visiting this lab, may contact;
Dr. Mrs. S. R. Krishnamurthy,
Director
Directorate of Forensic Science Laboratories
Maharshtra State
Tel: 022 2667 0760. (direct).
Tel : 022 2667 0758/65 (board).
January, 2008
In this article we will learn on how to do the forensic of USB devices, how to correlate the USB device with the drive letter and how to see at what time the USB device was plugged in and plugged out. This article may be very useful for the military forces as they can easily note the time when the particular USB device was plugged in.
Whenever a forensic investigator does the forensic of a USB device, he should look into two important keys of the registry. These are:
Read the full article »
August, 2007
from NII Consulting
The IT Act 2000 is a large repository of fine print fraught with judicial jargon and varying legal implications.
To quote from the preamble of the Act,
“An Act to provide legal recognition for the transactions carried our by means of electronic data interchange and other means of electronic communication, commonly referred to as “Electronic Commerce”, which involve the use of alternatives to paper based methods of communication and storage of information , to facilitate electronic filings of documents with the Government agencies and further to amend the Indian Penal Code, Indian Evidence Act, 1872,, The Bankers’ Books Evidence Act, 1891, and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.”
The full Act is available online in a neatly organized HTML format at http://www.naavi.org/importantlaws/itbill2000/index.htm
To make it more comprehensible, our principal consultant, K. K. Mookhey, recently drew up a presentation to provide an overview and quick understanding of all the chapters of the IT Act.
This presentation is available for download at http://www.niiconsulting.com/services/IT_Act_2000_NIIConsulting.ppt
July, 2007
From NII Consulting
NII Consulting is glad to announce its fourth hands-on workshop for EC-Council’s “Certified Hacking Forensic Investigator (CHFI)” certificate course. As an Accredited Training Provider (ATP), NII is certified to teach the authorized curricula for security technologies.
The CHFI certification is awarded after successfully passing the EC0 312-49 exam. (The training fees include exam vouchers)
Read the full article »
June, 2007
by Kush Wadhwa, NII Consulting
Are you working as a cyber crime investigator and looking for something which can prove in court of law that there was some pornographic content on the suspect’s machine? Let me help you out in this case.There is a file with a name “thumbs.db” which is automatically generated by Windows XP whenever user views the folder or image in thumbs view or in filmstrip view. Automatic generation of this file is ON by default. Thumbs.db contains a copy of each of the tiny preview images generated for image files in that folder so that they load up quickly the next time you browse that folder. If a user tries to view this file by any image viewer then it will be of no use. For extracting the juicy content from this file, forensic investigator has to understand the header of the thumbs file present in thumbs.db. Let me explain step by step on how to extract useful content from thumbs.db file.
Read the full article »
May, 2007
by Kush Wadhwa, NII Consulting
There are times when you don’t have sufficient tools to understand the file system. At that time your knowledge in field of digital forensics will play a crucial role. In this article we will study a volume boot sector format of FAT32 file system and will see how to take out crucial information from it like sectors in particular volume, bytes per sector etc…I will be using Encase to explain this article but users can view their hard disk in any hex viewer like for win hex or xxd in Linux. Just open your hard disk’s fat volume in hex editor and follow the steps to understand it.
Read the full article »
May, 2007
by Nikhil Wagholikar, NII Consulting
Introduction
One of the recommended file-system for Linux is Ext-3. Ext-3 file-system might not be as robust and powerful as compared to the Microsoft NTFS file-system but it has some built-in features that makes Linux a power performer.
Here we will explore one such feature of Ext-3 file-system here. This feature is actually an attribute, which if set on a file/folder, will not even allow “root” user to delete, modify or rename it.
Read the full article »
February, 2007
by Nikhil Wagholikar, NII Consulting
1. Need
Many a time during Forensics investigation or during Reverse Engineering, we come across the need where we have to check or extract the contents of an executable file. If the executable file is in human readable format (ex : a UNIX file having permissions –rwx-r-x-r-x) then the life of investigator is quite simple, since such kind of files could easily be opened in Unix built-in editors like “vi” or “emacs”, or even in MS Windows default editor “Notepad”. However this is not the case every time. The investigators or research persons could also come across various MS-Windows “.exe”, “.dll”, “.msi” files or RedHat Linux “.rpm” file, or very common “.zip”, “.rar”, “.bin”, “.cue” or “.uha” files during their course of action.
Read the full article »
February, 2007
by Kush Wadhwa, NII Consulting
Have you ever thought of what happens when you hit the delete button?
Delete: When we simply delete a file we are throwing that file in the recycle bin of that particular volume. For example, if file resides in C:\ drive having FAT32 as file system and we delete a file of C:\ drive then that file will move to C:\Recycled. But if it is an NTFS volume then the file will move to \Recycler\.
Shift+Delete: When we hit Shift+Delete the file will not move to Recycled or Recycler. Instead it will by pass these two folders and will simply be deleted. In such scenarios the user does not have an option to restore a file from these two folders.
Read the full article »
· « Previous entries