Showing posts with label CYBER FORENSICS IN INDIA. Show all posts
Showing posts with label CYBER FORENSICS IN INDIA. Show all posts

Thursday, June 9, 2011

Cyber Forensics Laws In India

Cyber Forensics in India is still to be approved as an important part of Legal and Judicial System of India. Till now we do not have a specific and dedicated Cyber Forensics Law in India. Cyber Forensics is an amalgamation of Legal and Computer Science principles. Thus, it is essentially Techno Legal in nature.

This Techno Legal nature of Cyber Forensics has raised certain problems before the Law Enforcement Agencies of India, Legal Fraternity, Judicial Fraternity and the Governmental Departments dealing with the Cyber Forensics issues.

While the Police, Lawyers and Judges are still struggling to deal with Cyber Crimes and Cyber Forensics issues yet Government Departments are facing a shortage of Skilled Cyber Forensics Professionals. Suitable Techno Legal Cyber Forensics Courses in India and Cyber Forensics Education in India can reduce the shortage of Skilled Cyber Forensics Professionals in India.

India has been facing these problems because till now Cyber Forensics Policy of India has not been formulated. An ideal Cyber Forensics Policy of India must concentrate upon issues like Legal Framework for Cyber Forensics, Skills Development of Cyber Forensics, Trainings of Law Enforcement Officials, Lawyers, Judges, etc.

Cyber Forensics Policy of India cannot be implemented by a single stroke. It has to be formulated step by step and in a systematic and planned manner. Indian Government must pay attention to the Cyber Forensics Laws of India in general and Cyber Forensics Policy of India in particular.

Friday, January 22, 2010

BACKTRACK 4 FINAL RELEASE: AN ESSENTIAL TOOL IN YOUR CYBER SECURITY AND CYBER FORENSICS ARSENAL

The final and stable version of Backtrack 4 series is a wonderful penetration testing, cyber security and cyber forensics tool. It is not only a powerful utility but is also useful for multiple purposes. The best part is that it is available to the security and forensics community free of cost.

Although Backtrack has always been a good tool but its team(s) must be congratulated for not only providing it free of cost but also for keeping pace with the contemporary cyberspace challenges. The latest stable and final release has also added the cyber forensics functionality. The best part about this feature is that it is claimed to be safe from making changes to the system under inspection. Although Perry4Law and Perry4Law Techno-Legal Base (PTLBTM/SM) have yet to test the tool but the claimed features are very promising.

A successful cyber forensics examination must essentially gather both volatile as well as non-volatile data and information. Also during the live analysis of a system, files and data should not be overwritten. Similarly, there should not be any change in the integrity of the information residing on the suspected computer or device. Backtrack 4 meets many of these requirements but it still has to enhance the cyber forensics features further. It is very difficult to provide security and forensics functionalities at the same time yet Backtrack 4 is proceeding in the right direction.

All interested person must give it a try and the same can be downloaded from the website of Backtrack. Perry4Law and PTLB are in the process of analysis and use of Backtrack 4 and would come up with their observations and suggestions. For the time being it would be a good idea to start gaining the basic knowledge of Linux.

We are also analysing other freely available cyber security and cyber forensics distributions. There are many freely available and dedicated cyber forensics distributions that are worth trying. Similarly, there are dedicated cyber security softwares that are freely available. We would be covering them one by one.

Thursday, February 7, 2008

CRITICAL ICT INFRASTRUCTURE PROTECTION IN INDIA: NEED OF THE HOUR

In recent years, the frequency and sophistication of cyber security attacks on global Critical Information and Communication Technology (ICT) Infrastructure (Critical ICT Infrastructure) has greatly increased. Cyber-security experts have been warning of the vulnerability of Critical Infrastructure like Power, Energy, Transportation, Water Systems, etc to malicious hackers. Recently hackers have penetrated power systems in several regions outside the U.S. and in one case caused a power blackout affecting multiple cities. This shows the importance of a “Robust Cyber Security Mechanism” for Critical ICT Infrastructure. The Cyber Security Trends in India are not very encouraging.[1] To worsen the situation we have a weak Cyber Law in India.[2] Critical Infrastructure Protection in India must be taken seriously in the larger interest of Indian Citizens/Persons. Crisis and Risk Management by improving security systems integration, interconnectivity and interoperability would help India a lot.[3] The Power and Energy Sector of India must also take the cyber security risks seriously as their ignorance may bring disastrous results. The Government of India has still not shown its “E-Readiness” to accept this reality despite the suggestions and recommendations of Perry4Law and PTLB TM/SM in this regard. India also performed poorly as per the norms and standards of “UN E-Government Survey-2008”. This work is also an appeal to the Government of India to take “Cyber Security Seriously” in India. Cyber Security is witnessing many important phases and trends. From the perspective of mere “fun game” cyber crimes and contraventions have emerged as “professional activities” and have been transformed into a “profession” itself. No country of the world is safe from various cyber crimes and contraventions and all are struggling hard to tackle them. But the fact remains that law and its enforcement are lagging far behind than the standards and practices needed to effectively curb them. The Cyber Security in India is missing and we have a weak Cyber Law in India. We have to develop technologies and capabilities to protect Indian Citizens/Persons in areas such as transport, civil protection, energy, environment, health, etc. Additionally we have to increase the Security of infrastructures and utilities supporting areas such as ICT, transport, energy and services in the financial and administrative domain, etc. Critical Infrastructure Protection in India must be taken seriously in the larger interest of Indian Citizens/Persons. Crisis Management by improving security systems integration, interconnectivity and interoperability would help people of India a lot. The first step towards establishment of a safe and secure cyber space is enactment of a stringent cyber law. The cyber security initiatives are of no use in the absence of a strong, safe and effective law. Similarly, a strong law unsupported by ICT Security and Cyber Security would be impotent in effect. Thus, we need a “Good Combination” of cyber law and cyber security initiatives. Cyber Law in India is witnessing ups and downs of important dimensions. The journey from its origin to its development is not very smooth and conducive for the ICT oriented Indian society. Perry4Law and PTLB TM/SM have been raising these issues from considerable period of time. Though most of the recommendations given by them have been accepted by the Government of India, yet India has to cover a long distance. India must concentrate upon:

(a) Technology building blocks for creating, monitoring and managing secure, resilient and always available information infrastructures that link critical infrastructures,

(b) Risk assessment and contingency planning for interconnected transport or energy networks,

(c) Modelling and simulation for training of concerned officials and manpower,

(d) Optimised situational awareness through intelligent surveillance of interconnected transport or energy infrastructures,

(e) ICT support meeting crises occurring in critical infrastructures,

(f) Security issues with regard to the interaction of individuals with the digital world, etc.
In today’s electronic era, citizens and businesses expect and demand access to reliable, transparent and uninterrupted e-government services. The State must address the challenges associated with protecting confidential information on its systems while providing these groups with the required information. A reliable and uninterrupted e-governance base requires periodic vulnerability assessments. Perry4Law and PTLB TM/SM believe that if commercial and government organisations reevaluate their security, safety, and financial obligations to customers, shareholders, employees, and citizens, the importance of a properly implemented security vulnerability assessment is apparent. The duty of the State in this regard is not only absolute but is also unavoidable unless we ignore the important lesson that Estonia has learnt recently. Let us hope for the best in this regard in the Indian context.

© Praveen Dalal. All rights reserved with the author.
*Techno-Legal ICT, IPR and Cyber Security Specialist at
PTLB TM/SM
Managing Partner-Perry4Law (First Techno-Legal and ICT Law Firm, New Delhi, India).
LL.M, Ph.D (Cyber Forensics in India: A Techno-Legal Perspective).
Contact at:
perry4law@yahoo.com , pd37@rediffmail.com

[1] Praveen Dalal, “ Cyber Security Trends by PTLB”, http://reclaiming-india.blogspot.com/2007/12/cyber-security-trends-by-ptlb-2007.html

[2] Praveen Dalal, “ Cyber Security Trends by PTLB: Cyber Law in India”, http://reclaiming-india.blogspot.com/2007/10/cyber-security-trends-by-ptlb-cyber-law.html

[3] Praveen Dalal, “ Cyber Security Trends by PTLB: Cyber Terrorism and Risk Management”, http://www.bloggernews.net/111624