#FactCheck- Delhi Metro Rail Corporation Price Hike

Introduction:

Welcome to the third edition of our blog on digital forensics series. In our previous blog we discussed the difference between copying, cloning, and imaging in the context of Digital Forensics, and found out why imaging is a better process. Today we will discuss the process of evidence collection in Digital Forensics. The whole process starts with making sure the evidence collection team has all necessary tools required for the task.

Investigating Tools and Equipment:

Below are some mentioned tools that the team should carry with them for a successful evidence collection:

• Anti-static bags
• Faraday bags
• Toolkit having screwdrivers(nonmagnetic), scissors, pins, cutters, forceps, clips etc.
• Rubber gloves
• Incident response toolkit (Software)
• Converter/Adapter: USB, SATA, IDE, SCSI
• Imaging software
• Volatile data collection tools (FTK Imager, Magnet Forensics RAM Capture)
• Pens, permanent markers
• Storage containers
• Batteries
• Video cameras
• Note/sketch pads
• Blank storage media
• Write-Blocker device
• Labels
• Crime scene security tapes
• Camera

What sources of Data are necessary for Digital Evidence?

• Hard-Drive (Desktop, Laptop, External, Server)
• Flash Drive
• SD Cards
• Floppy Disks
• Optical Media (CD, DVD)
• CCTV/DVR
• Internal Storage of Mobile Device
• GPS (Mobile/Car)
• Call Site Track (Towers)
• RAM

‍

‍

Evidence Collection

The investigators encounter two primary types of evidence during the course of gathering evidence: non-electronic and electronic evidence.

The following approaches could be used to gather non-electronic evidence:

• In the course of looking into electronic crimes, recovering non-electronic evidence can be extremely important.  Be cautious to make sure that this kind of evidence is retrieved and kept safe. Items that may be relevant to a later review of electronic evidence include passwords, papers or printouts, calendars, literature, hardware and software manuals, text or graphical computer printouts, and photos.  These items should be secured and kept for further examination.
• They are frequently found close to the computer or other related hardware.  Locating, securing, and preserving all evidence is required by departmental procedures.

Three scenarios arise for the collection of digital evidence from computers: 

Situation 1: The desktop is visible, and the monitor is on.

• Take a picture of the screen and note the data that is visible. 
• Utilize tools for memory capturing to gather volatile data.
• Look for virtual disks. If so, gather mounted data's logical copies.
• Give each port and connection a label.
• Take a picture of them.
• Turn off network access to stop remote access.
• Cut off the power or turn it off.
• Locate and disconnect the hard drive by opening the CPU chassis.
• Take all evidence and place it in anti-magnetic (Faraday) bags.
• Deliver the evidence to the forensic lab.
• Keep the chain of custody intact.

Situation 2: The monitor is turned on, but it either has a blank screen (sleep mode) or an image for the screensaver.

• Make a small mouse movement (without pressing buttons). The work product should appear on the screen, or it should ask for a password.
• If moving the mouse does not result in a change to the screen, stop using the mouse and stop all keystrokes.
• Take a picture of the screen and note the data that is visible.
• Use memory capturing tools to gather volatile data (always use a write blocker to prevent manipulation during data collection).
• Proceed further in accordance with Situation 1.

Situation 3: The Monitor Is Off

• Write down the "off" status.
• After turning on the monitor, check to see if its status matches that of situations 1 or 2 above, and then take the appropriate action.
• Using a phone modem, cable, confirm that you are connected to the outside world. Try to find the phone number if there is a connection to the phone.
• To protect evidence, take out the floppy disks that might be there, package each disk separately, and label the evidence.  Put in a blank floppy disk or a seizure disk, if one is available. Avoid touching the CD drive or taking out CDs.
• Cover the power connector and every drive slot with tape.
• Note the serial number, make, and model.
• Take a picture of the computer's connections and make a diagram with the relevant cables.
• To enable precise reassembly at a later date, label all connectors and cable ends, including connections to peripheral devices. Put "unused" on any connection ports that are not in use.  Recognize docking stations for laptop computers in an attempt to locate additional storage media.
• All evidence should be seized and placed in anti-magnetic (Faraday) bags.
• All evidence should be seized and placed in anti-magnetic (Faraday) bags.
• Put a tag or label on every bag.
• Deliver the evidence to the forensic lab.
• Keep the chain of custody intact. 

Following the effective gathering of data, the following steps in the process are crucial: data packaging, data transportation, and data storage.

The following are the steps involved in data packaging, transportation, and storage:

Packaging:

• Label every computer system that is gathered so that it can be put back together exactly as it was found

When gathering evidence at a scene of crime,

• Before packing, make sure that every piece of evidence has been appropriately  labeled and documented.
• Latent or trace evidence requires particular attention, and steps should be taken to preserve it.
• Use paper or antistatic plastic bags for packing magnetic media to prevent static electricity. Do not use materials like regular plastic bags (instead use faraday bags) that can cause static electricity. 
• Be careful not to bend, fold, computer media like tapes, or CD-ROM.
• Make sure that the labels on every container used to store evidence are correct.

Transporting

• Make sure devices are not packed in containers and are safely fastened inside the car to avoid shock and excessive vibrations. Computers could be positioned on the floor of the car,and monitors could be mounted on the seat with the screen down .

When transporting evidence—

• Any electronic evidence should be kept away from magnetic sources.  Radiation transmitters, speaker magnets, and heated seats are a few examples of items that can contaminate electronic evidence.
• Avoid leaving electronic evidence in your car for longer than necessary. Electronic devices can be harmed by extremes in temperature, humidity.
• Maintain the integrity of the chain of custody while transporting any evidence.

Storing

• Evidence should be kept safe and away from extremes in humidity and temperature. Keep it away from dust, moisture, magnetic devices, and other dangerous impurities.  Be advised that extended storage may cause important evidence—like dates, times, and system configurations—to disappear. Because batteries have a finite lifespan, data loss may occur if they malfunction. Whenever the battery operated device needs immediate attention, it should be informed to the relevant authority (eg., the chief of laboratory, the forensic examiner, and the custodian of the evidence). 

CONCLUSION:

Thus, securing the crime scene to packaging, transportation and storage of data are the important steps in the process of collecting digital evidence in forensic investigations. Keeping the authenticity during the process along with their provenance is critical during this phase. It is also important to ensure the admissibility of evidence in legal proceedings. This systematic approach is essential for effectively investigating and prosecuting digital crimes.

‍

Introduction

The use of digital information and communication technologies for healthcare access has been on the rise in recent times. Mental health care is increasingly being provided through online platforms by remote practitioners, and even by AI-powered chatbots, which use natural language processing (NLP) and machine learning (ML) processes to simulate conversations between the platform and a user. Thus, AI chatbots can provide mental health support from the comfort of the home, at any time of the day, via a mobile phone.  While this has great potential to enhance the mental health care ecosystem, such chatbots can present technical and ethical challenges as well.

Background

According to the WHO’s World Mental Health Report of 2022, every 1 in 8 people globally is estimated to be suffering from some form of mental health disorder. The need for mental health services worldwide is high but the supply of a care ecosystem is inadequate both in terms of availability and quality. In India, it is estimated that there are only 0.75 psychiatrists per 100,000 patients and only 30% of the mental health patients get help. Considering the slow thawing of social stigma regarding mental health, especially among younger demographics and support services being confined to urban Indian centres, the demand for a telehealth market is only projected to grow. This paves the way for, among other tools, AI-powered chatbots to fill the gap in providing quick, relatively inexpensive, and easy access to mental health counseling services.

Challenges

Users who seek mental health support are already vulnerable, and AI-induced oversight can exacerbate distress due to some of the following reasons: 

1. Inaccuracy: Apart from AI’s tendency to hallucinate data, chatbots may simply provide incorrect or harmful advice since they may be trained on data that is not representative of the specific physiological and psychological propensities of various demographics. 
2. Non-Contextual Learning: The efficacy of mental health counseling often relies on rapport-building between the service provider and client, relying on circumstantial and contextual factors. Machine learning models may struggle with understanding interpersonal or social cues, making their responses over-generalised. 
3. Reinforcement of Unhelpful Behaviors: In some cases, AI chatbots, if poorly designed, have the potential to reinforce unhealthy thought patterns. This is especially true for complex conditions such as OCD, treatment for which requires highly specific therapeutic interventions. 
4. False Reassurance: Relying solely on chatbots for counseling may create a partial sense of safety, thereby discouraging users from approaching professional mental health support services. This could reinforce unhelpful behaviours and exacerbate the condition. 
5. Sensitive Data Vulnerabilities: Health data is sensitive personal information. Chatbot service providers will need to clarify how health data is stored, processed, shared, and used. Without strong data protection and transparency standards, users are exposed to further risks to their well-being. 

Way Forward

1. Addressing Therapeutic Misconception: A lack of understanding of the purpose and capabilities of such chatbots, in terms of care expectations and treatments they can offer, can jeopardize user health. Platforms providing such services should be mandated to lay disclaimers about the limitations of the therapeutic relationship between the platform and its users in a manner that is easy to understand. 
2. Improved Algorithm Design: Training data for these models must undertake regular updates and audits to enhance their accuracy, incorporate contextual socio-cultural factors for profile analysis, and use feedback loops from customers and mental health professionals. 
3. Human Oversight: Models of therapy where AI chatbots are used to supplement treatment instead of replacing human intervention can be explored. Such platforms must also provide escalation mechanisms in cases where human-intervention is sought or required. 

Conclusion

It is important to recognize that so far, there is no substitute for professional mental health services. Chatbots can help users gain awareness of their mental health condition and play an educational role in this regard, nudging them in the right direction, and provide assistance to both the practitioner and the client/patient. However, relying on this option to fill gaps in mental health services is not enough. Addressing this growing —and arguably already critical— global health crisis requires dedicated public funding to ensure comprehensive mental health support for all. 

Sources 

• https://www.who.int/news/item/17-06-2022-who-highlights-urgent-need-to-transform-mental-health-and-mental-health-care 
• https://health.economictimes.indiatimes.com/news/industry/mental-healthcare-in-india-building-a-strong-ecosystem-for-a-sound-mind/105395767#:~:text=Indian%20mental%20health%20market%20is,access%20to%20better%20quality%20services. 
• https://www.frontiersin.org/journals/digital-health/articles/10.3389/fdgth.2023.1278186/full 

‍

Introduction

Google Play has announced its new policy which will ensure trust and transparency on google play by providing a new framework for developer verification and app details. The new policy requires that new developer accounts on Google Play will have to provide a D-U-N-S number to verify the business. So when an organisation will create a new Play Console developer account the organisation will need to provide a D-U-N-S number. Which is a nine-digit unique identifier which will be used to verify their business. The new google play policy aims to enhance user trust. And the developer will provide detailed developer details on the app’s listing page. Users will get to know who is behind the app which they are installing.

Verifying Developer Identity with D-U-N-S Numbers

To boost security the google play new policy requires the developer account to provide the D-U-N-S number when creating a new Play Console developer account.  The D-U-N-S number assigned by Dun & Bradstreet will be used to verify the business. Once the developer creates his new Play Console developer account by providing a D-U-N-S number, Google Play will verify the developer’s details, and he will be able to start publishing the apps. Through this step, Google Play aims to validate the business information in a more authentic way.

If your organisation does not have a D-U-N-S number, you may check on or request for it for free on this website (https://www.dnb.com/duns-number/lookup.html). The request process for D-U-N-S can take up to 30 days. Developers are also required to keep the information up to date.

‍Building User Trust with Enhanced App Details

In addition to verifying developer identities in a more efficient way, google play also requires that developer provides sufficient app details to the users. There will be an “App Support” section on the app’s store listing page, where the developer will display the app’s support email address and even can include their website and phone number for support.

The new section “About the developer” will also be introduced to provide users with verified identity information, including the developer’s name, address, and contact details. Which will make the users more informed about the valuable information of the app developers.

Key highlights of the Google Play Polic

1. Google Play came up with the policy to keep the platform safe by verifying the developers’ identity and it will also help to reduce the spread of malware apps and help the users to make confident informed decisions about the apps they download. Google Play announced the policy by expanding its developer verification requirement to strengthen Google Play as a platform and build user trust. When you create a new Play Console Developer account and choose organisation as your account type you will now need to provide a D-U-N-S number.
2. Users will get detailed information about the developers’ identities and contact information, building more transparency and encouraging responsible app development practices.
3. This policy will enable the users to make informed choices about the apps they download.
4. The new “App support” section will provide enhanced communication between users and developers by displaying support email addresses, website and support phone numbers, streamlining the support process and user satisfaction.

Timeline and Implementation

The new policy requirements for D-U-N-S numbers will start rolling out on 31 August 2023 for all new Play Console developer accounts. The “About the developer” section will be visible to users as soon as a new app is published. and In October 2023, existing developers will also be required to update and verify their existing accounts to comply with the new verification policy.

Conclusion

Google Play’s new policy will aim to enhance the more transparent app ecosystem. This new policy will provide the users with more information about the developers. Google Play aims to establish a platform where users can confidently discover and download apps. This new policy will enhance the user experience on google play in terms of a reliable and trustworthy platform.