Cyber Crime is an act of creating, distributing, altering, stealing, misusing and destroying information through the computer manipulation of cyber space; without the use of physical force and against the will or the interest of the victim. Though it is not new discovery, it has became buzz word recently when within last couple of months police registered more than half dozen cases of cyber crime in Nepal and investigated. However, this episode has also exposed lack of knowledge on investigation, analysis and judicial interpretation of cyber crime is Nepal among the concerned authorities.
The computer may involve in various ways in cybercrime. In cases like unauthorized access to a computer (known as hacking), theft of intellectual property, marketing information, or blackmail based on information gained from computerized files, computers are used as target. In credit card fraud, telecom fraud, conversion or transfer of accounts, theft of money from accrual etc. computer is used as the tools only. In some cases like Child pornography, fraud etc. computer is used as incidental only. In this type of crime computers are not necessary. Crime could occur without computer but use of computer helps the crime to occur faster, permits processing of greater amount of information ad make the crime more difficult to identify and trace. Some time computers could be used as associates to commit the traditional crime. Counterfeiting, copyright violations, theft of computer accessories, piracy in audio and video markets etc. are some of examples where computer is used as associates only.
Cases of Cyber crime in Nepal shall be initiated by Government of Nepal as plaintiff and such a case shall be deemed have been included in Schedule 1 of the State Cases Act, 1992 (2049). Cyber evidence could be either physical or logical. Computer can act as a reservoir of evidence. Computer evidences are fragile and vulnerable. Thus, aim of investigating agency should be to collect best evidence and prosecute the right person only.
While investigating cyber case, investigator must recognize the role of computer at first. Whether the computer is contraband of fruits of a crime or is the computer system a tool of offence or is the computer system only incidental or associated to the offence, it is to be determined. Once the role of computer is identified, the investigating agency must ensure that the evidence is collected through search and seizure of hardware or through information discovery of logical evidence. Electronic transaction Act, 2007 empowers for seizure of any computer, computer system, floppy, compact disks, tape, drivers, software or any other accessory devices used to commit any act deemed to be an offence relating to computer. While confiscating the evidence, police must follow various provisions of State Cases Act, 1992. Evidence collection may require various process e.g. warrant, appropriate collection technique and skilled technician. After completing all the legal formalities, evidence must be seized for the analysis. Investigator should follow these steps:
Firstly, investigator must be prepared not to distort the evidence and collect the evidence properly. Some time it may require sterilize all media is to be used in examining process. He must make sure that the reusable media is free of viruses and all data has been wiped from the media and document the wiping and scanning process. Secondly, snapshots should be taken. Investigator needs to take a snapshot of the actual evidence scene and it may include: photograph the scene, note the scene, photograph the actual evidence, document in your journal the PC, label the evidence, photograph the evidence after the labels have been applied, maintain chain of custody etc. After the snapshot it is require transporting the evidence properly. The evidence must be packed properly and carried to the lab safely; and once the evidence transported to the lab, preparation for examination should began. The label should be removed and it must be unpacked sensitively. He must be sure all the evidence is sealed properly. Finally, the exact image of the hard drive is to be taken.
While doing this preparation the investigator should not alter original evidence. He also should not allow a suspect to interact with crime scene computer. Investigator must have always back up a crime scene computer; if a crime scene computer is on, he should not turn it off until any valuable data is temporary memory have been saved. He must document all investigative activities and he must store the computer evidence properly. Sometime other devices could be helpful on identifying the criminals’ e.g. wireless telephones, electronic paging devices, fax machine, Caller ID devices and Smart cards and electronic surveillance in communication networks e.g. CCTV, Wire tapping, cloning the inbox or other address are also could be valuable support in identifying the criminal.
After this there should be forensic examination of seized data. As with physical computer evidence (such as computer systems, hard drives, media, etc.) data must also go through an accounting procedure to ensure that the chain of custody is maintained and be introduced into lab environment. The procedure that is to be followed for such accounting of data includes, backup the Information Discovery Files, Lab Evidence Log, Mathematically Authenticate the Information Discovery Files and proceed with the Forensic Examination of each File. While testing the evidence, law applies best evidence principle. Judiciary examines the relevance of produced evidence in respect impugned case and admits according to evidence law of the land and other relevant law. Our law of evidence is silent about admissibility of Computer Evidence. However, S. 4 of Electronic Transaction Act, 2007 gives recognition of electronic record.
ETA requires any investigation must be supported by either Controller of Certifying Authority or expert. However, it is seen that no independent expert been consulted. The designated investigating officer’s rank is also counted. In India, previously DSP level police officer was only authorized to investigate cybercrime cases. But, Information Technology (Amendment Act), 2008 authorized that Police Inspector also can investigate the cases of cyber crime in Nepal cases. ETA does not specify this but it has been handled even by junior police officers under State Cases Act, 1992. It is set standard that this kind of hi-tech crime shall be investigated by skilled and higher police officer only as it requires higher skill and understandings. In most of the recent investigation above discussed process were not followed. We have to improve this practice. If we follow at least these processes, we can track the trail of cyber criminal and prosecute them successfully.
Delta Law Firm with our Best Lawyers/Attorneys provide different arrays of legal services you can check out our practice areas or contact us at firstname.lastname@example.org or +977-1-4243071