cyber security
Introduction:
Welcome to the third edition of our blog on digital forensics series. In our previous blog we discussed the difference between copying, cloning, and imaging in the context of Digital Forensics, and found out why imaging is a better process. Today we will discuss the process of evidence collection in Digital Forensics. The whole process starts with making sure the evidence collection team has all necessary tools required for the task.
Investigating Tools and Equipment:
Below are some mentioned tools that the team should carry with them for a successful evidence collection:
- Anti-static bags
- Faraday bags
- Toolkit having screwdrivers(nonmagnetic), scissors, pins, cutters, forceps, clips etc.
- Rubber gloves
- Incident response toolkit (Software)
- Converter/Adapter: USB, SATA, IDE, SCSI
- Imaging software
- Volatile data collection tools (FTK Imager, Magnet Forensics RAM Capture)
- Pens, permanent markers
- Storage containers
- Batteries
- Video cameras
- Note/sketch pads
- Blank storage media
- Write-Blocker device
- Labels
- Crime scene security tapes
- Camera
What sources of Data are necessary for Digital Evidence?
- Hard-Drive (Desktop, Laptop, External, Server)
- Flash Drive
- SD Cards
- Floppy Disks
- Optical Media (CD, DVD)
- CCTV/DVR
- Internal Storage of Mobile Device
- GPS (Mobile/Car)
- Call Site Track (Towers)
- RAM
Evidence Collection
The investigators encounter two primary types of evidence during the course of gathering evidence: non-electronic and electronic evidence.
The following approaches could be used to gather non-electronic evidence:
- In the course of looking into electronic crimes, recovering non-electronic evidence can be extremely important. Be cautious to make sure that this kind of evidence is retrieved and kept safe. Items that may be relevant to a later review of electronic evidence include passwords, papers or printouts, calendars, literature, hardware and software manuals, text or graphical computer printouts, and photos. These items should be secured and kept for further examination.
- They are frequently found close to the computer or other related hardware. Locating, securing, and preserving all evidence is required by departmental procedures.
Three scenarios arise for the collection of digital evidence from computers:
Situation 1: The desktop is visible, and the monitor is on.
- Take a picture of the screen and note the data that is visible.
- Utilize tools for memory capturing to gather volatile data.
- Look for virtual disks. If so, gather mounted data's logical copies.
- Give each port and connection a label.
- Take a picture of them.
- Turn off network access to stop remote access.
- Cut off the power or turn it off.
- Locate and disconnect the hard drive by opening the CPU chassis.
- Take all evidence and place it in anti-magnetic (Faraday) bags.
- Deliver the evidence to the forensic lab.
- Keep the chain of custody intact.
Situation 2: The monitor is turned on, but it either has a blank screen (sleep mode) or an image for the screensaver.
- Make a small mouse movement (without pressing buttons). The work product should appear on the screen, or it should ask for a password.
- If moving the mouse does not result in a change to the screen, stop using the mouse and stop all keystrokes.
- Take a picture of the screen and note the data that is visible.
- Use memory capturing tools to gather volatile data (always use a write blocker to prevent manipulation during data collection).
- Proceed further in accordance with Situation 1.
Situation 3: The Monitor Is Off
- Write down the "off" status.
- After turning on the monitor, check to see if its status matches that of situations 1 or 2 above, and then take the appropriate action.
- Using a phone modem, cable, confirm that you are connected to the outside world. Try to find the phone number if there is a connection to the phone.
- To protect evidence, take out the floppy disks that might be there, package each disk separately, and label the evidence. Put in a blank floppy disk or a seizure disk, if one is available. Avoid touching the CD drive or taking out CDs.
- Cover the power connector and every drive slot with tape.
- Note the serial number, make, and model.
- Take a picture of the computer's connections and make a diagram with the relevant cables.
- To enable precise reassembly at a later date, label all connectors and cable ends, including connections to peripheral devices. Put "unused" on any connection ports that are not in use. Recognize docking stations for laptop computers in an attempt to locate additional storage media.
- All evidence should be seized and placed in anti-magnetic (Faraday) bags.
- All evidence should be seized and placed in anti-magnetic (Faraday) bags.
- Put a tag or label on every bag.
- Deliver the evidence to the forensic lab.
- Keep the chain of custody intact.
Following the effective gathering of data, the following steps in the process are crucial: data packaging, data transportation, and data storage.
The following are the steps involved in data packaging, transportation, and storage:
Packaging:
- Label every computer system that is gathered so that it can be put back together exactly as it was found
When gathering evidence at a scene of crime,
- Before packing, make sure that every piece of evidence has been appropriately labeled and documented.
- Latent or trace evidence requires particular attention, and steps should be taken to preserve it.
- Use paper or antistatic plastic bags for packing magnetic media to prevent static electricity. Do not use materials like regular plastic bags (instead use faraday bags) that can cause static electricity.
- Be careful not to bend, fold, computer media like tapes, or CD-ROM.
- Make sure that the labels on every container used to store evidence are correct.
Transporting
- Make sure devices are not packed in containers and are safely fastened inside the car to avoid shock and excessive vibrations. Computers could be positioned on the floor of the car,and monitors could be mounted on the seat with the screen down .
When transporting evidence—
- Any electronic evidence should be kept away from magnetic sources. Radiation transmitters, speaker magnets, and heated seats are a few examples of items that can contaminate electronic evidence.
- Avoid leaving electronic evidence in your car for longer than necessary. Electronic devices can be harmed by extremes in temperature, humidity.
- Maintain the integrity of the chain of custody while transporting any evidence.
Storing
- Evidence should be kept safe and away from extremes in humidity and temperature. Keep it away from dust, moisture, magnetic devices, and other dangerous impurities. Be advised that extended storage may cause important evidence—like dates, times, and system configurations—to disappear. Because batteries have a finite lifespan, data loss may occur if they malfunction. Whenever the battery operated device needs immediate attention, it should be informed to the relevant authority (eg., the chief of laboratory, the forensic examiner, and the custodian of the evidence).
CONCLUSION:
Thus, securing the crime scene to packaging, transportation and storage of data are the important steps in the process of collecting digital evidence in forensic investigations. Keeping the authenticity during the process along with their provenance is critical during this phase. It is also important to ensure the admissibility of evidence in legal proceedings. This systematic approach is essential for effectively investigating and prosecuting digital crimes.
Introduction
The whole world is shifting towards a cashless economy, with innovative payment transaction systems such as UPI payments, card payments, etc. These payment systems require processing, storage, and movement of millions of cardholders data which is crucial for any successful transaction.
And therefore to maintain the credibility of this payment ecosystem, security or secure movement and processing of cardholders data becomes paramount. Entities involved in a payment ecosystem are responsible for the security of cardholders data. Security is also important because if breaches happen in cardholders data it would amount to financial loss. Fraudsters are attempting smart ways to leverage any kind of security loopholes in the payment system.
So these entities which are involved in the payment ecosystem need to maintain some security standards set by one council of network providers in the payment industry popularly known as the Payment Card Industry Security Standard Council.
Overview of what is PCI and PCI DSS Compliance
Earlier every network providers in the payment industry have their own set of security standards but later they all together i.e., Visa, Mastercard, American Express, Discover, and JCB constituted an independent body to come up with comprehensive security standards like PCI DSS, PA DSS, PCI-PTS, etc. And these network providers ensure the enforcement of the security standards by putting conditions on services being provided to the merchant or acquirer bank.
In other words, PCI DSS particularly is the global standard that provides a baseline of technical and operational requirements designed to protect account data. PCI DSS is a security standard specially designed for merchants and service providers in the payment ecosystem to protect the cardholders data against any fraud or theft.
It applies to all the entities including third-party vendors which are involved in processing storing and transmitting cardholders data. In organization, even all CDE (Card Holder Data Environment) including system components or network component that stores and process cardholders data, has to comply with all the requirements of PCI compliance. Recently PCI has released a new version of PCI DSS v4.0 a few months ago with certain changes from the previous version after three years of the review cycle.
12 Requirements of PCI DSS
This is the most important part of PCI DSS as following these requirements can make any organization to some extent PCI compliant. So what are these requirements:
- Installing firewalls or maintaining security controls in the networks
- Use strong password in order to secure the CDE( Card holders data environment)
- Protection of cardholder data
- Encrypting the cardholder data during transmission over an open and public network.
- Timely detection and protection of the cardholders data environment from any malicious activity or software.
- Regular updating the software thereby maintaining a secure system.
- Rule of business need to know should apply to access the cardholders data
- Identification and authentication of the user are important to access the system components.
- Physical access to cardholders data should be restricted.
- Monitoring or screening of system components to know the malicious activity internally in real-time.
- Regular auditing of security control and finding any vulnerabilities available in the systems.
- Make policies and programs accordingly in order to support information security.
How organization can become PCI compliant
- Scope: First step is to determine all the system components or networks storing and processing cardholders data i.e., Cardholders Data Environment.
- Assess: Then test whether these systems or networks are complying with all the requirements of PCI DSS COMPLIANCE.
- Report: Documenting all the assessment through self assessment questionnaire by answering following questions like whether the requirements are met or not? Whether the requirements are met with customized approach.
- Attest: Then the next step is to complete the attestation process available on the website of PCI SSC.
- Submit: Then organization can submit all the documents including reports and other supporting documents if it is requested by other entities such as payment brands, merchant or acquirer.
- Remediate: Then the organisation should take remedial action for the requirements which are not in place on the system components or networks.
Conclusion
One of the most important issues facing those involved in the digital payment ecosystem is cybersecurity. The likelihood of being exposed to cybersecurity hazards including online fraud, information theft, and virus assaults is rising as more and more users prefer using digital payments.
And thus complying and adopting with these security standards is the need of the hour. And moreover RBI has also mandated all the regulated entities ( NBFCs Banks etc) under one recent notification to comply with these standards.
Cyber, is the new weapon today! Cyber Violence is violence in cyber-space that has led to violation of cyber rights of individuals, especially those of children and women. Online violence and harassment have been overlooked laying more emphasis on offline or physical violence.
New Delhi [India], November 12 (ANI/NewsVoir): Cyber, is the new weapon today! Cyber Violence is violence in cyber-space that has led to violation of cyber rights of individuals, especially those of children and women. Online violence and harassment have been overlooked laying more emphasis on offline or physical violence. Cyber violence very often permanently, psychologically impacts the victims and their families. Various forms of threats ranging from morphing, stalking, solicitation of children for sexual purposes, online grooming, have grave consequences on the victims disturbing their mental well-being. Maintaining mental well-being in cyber space is a challenge we wish to promote and advocate for, in order to build responsible netizens.
Together, we stand against violation of cyber rights and strongly believe; it is critical to allow everyone to feel safe online. Netizen’s safety rights must be protected from all kinds of abuse and violence. Setting a mission of ‘Making India Cyber Safe for Children and Women’, Responsible Netism a social purpose organization in association with CyberPeace Foundation, an award-winning Cyber Security think tank working towards bringing CyberPeace in CyberSpace for more than two decades, host its 6th Annual National Conference on Cyber Psychology themed “India Fights Cyber Violence”, scheduled for Saturday, January 22, 2022. Ta advocate on the theme, the campaign #IndiaFightsCyberViolence was launched on November 11, 2021 by Vinay Sahasrabuddhe – President ICCR, Member of Parliament, Priyank Kanoongo – Chairperson, NCPCR and Rekha Sharma, Chairperson NCW at the ICCR Auditorium Delhi. The session was also attended by the CyberPeace Foundation team members.
Vinay Sahasrabuddhe has been a strong advocate of online safety of children, he shared his visionary words and focused on 3 R’s, Research, Reform and Reshape. He recommended extensive research was necessary to strongly voice concerns and remedies based on evidence-based research which would help us reform intervention strategies and the reshape the existing framework to best suit the needs to protect women and children in cyber space. The NCW Chairperson Rekha Sharma shared how critical it is to create awareness about online safety rights of women and reiterated the need for spreading awareness about online safety to reach the last mile in order to build collective action and bring change. She also mentioned the need to conducting nationwide trainings for the police personal to handle and report online distress.
Priyank Kanoongo, the Chairperson of NCPCR has been very proactively advocating for the cause of child online protection and has been instrumental in voicing critical in fiercely voicing his thoughts on protecting online safety rights of children across India. He shared the following thoughts at the launch. He said there is dire need to educate parents about online safety in order to let the information trickle down to their children. He said NCPCR does not hold any inhibitions in naming and shaming violators of child rights be it offline or online and will always raise a strong voice against platform ‘s inability to protect children in cyber space.
Vineet Kumar, Founder and Global President, CyberPeace Foundation, the partnering organization shared that this nationwide movement will build great momentum on the cause of online protection of children and women cross the country and urged organizations across India to pledge their support to the cause. The more people joining this movement would build collective pressure to formulate guidelines and policies the make cyber space safe for children and women. Sonali Patankar – Founder Responsible Netism shared the objective of the campaign was to let online safety reach the last mile and build on aggressive reporting of online content. The movement was an effort to make the campaign India Fights Cyber Violence to make India cyber safe for children.
She shared that the campaign launch would be followed by a nationwide research conducted to understand parents perspectives on cyber violence which would be handy in representing recommendations on women and child safety protocols through commoners. There would be a round table for organizations working with children chaired by Priyank Kanoongo on November 22 followed by a round table held for organizations working with Women chaired by Rekha Sharma Madam on December 22, 2021. The campaign would culminate in the Responsible Netism 6th National Cyber Psychology Conference scheduled for January 22, 2022 that would witness a compilation of the research and the work done throughout the campaign.
The launch was attended by Sujay Patki – Social Activist and Advisor Responsible Netism and Shilpa Chandolikar trustee Responsible Netism, Adv Khushbu Jain Advocate Supreme Court of India followed by the vote of thanks by Unmesh Joshi – Co-founder Responsible Netism. With the success of the launch and the support of NCPCR and NCW, we are sure to make this a nation-wide movement to protect cyber safety rights of netizens and strongly believe in collective action to make India Cyber Safe for Women and Children.
This story is provided by NewsVoir. ANI will not be responsible in any way for the content of this article. (ANI/NewsVoir)(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)
