I.

INTRODUCTION
With Rapid deployment of internet, information & communication technologies in the
recent year have not only changed the trends but also the history of criminal investigation
practice. As people are increasing the usage of internet and conducting professional activities, a
vast opportunity for the criminals to do cyber-crime has increased. This has not created
tremendous challenge for people responsible to enforce the law, but also made it difficult to
gather evidence and confront the transnational crimes. Among the major obstacles technical,
operational and legal challenges are recognized as the main emerging challenges of
cybercrime though they are not the only difficulty faced by the agencies responsible for law
enforcement.

Table 1: Guideline and manual for Cybercrime

Title Scope Contents

General Manual of
Cybercrime Investigation
(Classified)
All the members of the police  Cybercrime Definition
 Handling of Evidence
 Checklist
 Seizure, search and
tracing
 Preliminary investigation
 Laws related to
cybercrime
 Crime scene processing
 Interrogation
 Interviews

Tracing On Internet Mandatory to have cyber  Email and others services

(classified) investigators.
Tracing conducted by Police
members (recommended)
 Addressing and internet
protocol
 Line of the subscriber
 Tools used for real time
tracking
Analysis of digital evidence
Techniques of cybercrime
investigation and its types
(classified)
Guidelines to handle
evidence present in digital
form
(non-classified)
Technical manual for digital
forensic
Mandatory to have cyber
investigators.
Tracing conducted by Police
members (recommended)
Cyber investigators.
Tracing conducted by Police
members (recommended)
Public
Forensic and cyber
investigators are mandatory
 UnixSystem Analysis
 Analysis of network
 Process and foundation
 Tools (Forensic Analysis,
x-rays, iLook, etc.)
 Virus and hacking
investigation
 Q&A regarding complain
counselling
 Investigating e-commerce
 Illegal content
investigation
 Requesting examination
and transferring
 Analysis of the evidence
 Report writing
 Collection of evidence
Standard procedure:
 Evidence collection
 Recovery of disk
 Malicious code analysis
 Hacking
 Web analysis
 Multimedia
 Database
 Analysis of crypt
 Communication and
network analysis
 II. GATHERING OF INITIAL INFORMATION

Here we would be investigating cases of some serious cybercrime due to hacking in university’s database
and describing some of the activities which seems to be unreal
Investigation begins generally by gathering information in the form of pictures given in project during the
initial phase. It is the job of the Investigators to understand what is the characteristics of the project and
then develop sources accordingly. Many of the victims does not want to reveal the caused damage, out of
consideration that their reputation will be at stake, or they do not even recognize the damage caused. Here
camera comes in play and captures form the computer database of the University, the damage done to the
victims.

Strategies should be made to collect initial information of the investigation. National Police Agency
through their experience has developed some of the criteria that should be considered when gathering
information through info-gathering mechanism and also to alleviate how complex cybercrime are:

 Impact and scope of the project

 Timeline
 Human vs. machine based
 Target attacked vs. opportunity attacked
 Needs technical level
 Reactive vs. proactive

Cybercrime investigators found out additional information by analyzes of multiple complaints and needs
realized further information can be collected by design of special system. To exhibit this, investigators
decided to set up an independent cybercrime report system. This is so because a similar type of plan was
applied to a business. The plan was named as Customer Relationship Management (CRM) established in 2003
by the name e-CRM.

E-CRM system today has become the greatest resource of information on cybercrime. Using the system, the
authority’s analysis massive reports, ascertain pattern, threat levels and commonality. If a more proactive and
technical and intense investigation is needed, a CTRC investigative team is deployed that investigate the case.
Drawing a bigger picture taking into consideration each and every minute events has gained much more importance.

A. Intelligence Activities
There are many anonymous activities that are pondering over the internet. During the
intelligence activities, it is recommended to keep account and track of websites and communities
related to them.

It is recommended to not implement and use the traditional intelligence activities. People are more
likely to trust individuals who they have met personally met rather than the ones they have never met
in person. Framework directors and other work force in partnerships are potential extraordinary
sources in significant cases. Keeping up contact focuses and precise administration appears to be a
standout amongst the most significant undertakings in fighting against cybercrime. It is encouraged
that one must gather information and data from international resources to fight against cybercrimes.

B. Honeypots
A honeypot (or honeynet) is a framework or system that has deliberate security vulnerabilities to
assemble data or potentially proof if there should be an occurrence of access by the attacker(s).
On analyzing the negative side, if the framework isn't planned well, lawful difficulties may tend to
emerge. Consequently, a honeypot is typically built during a case examination.

TRACING AND IDENTIFYING CRIMINALS

Anonymity of internet is being treated as an abuse and being considered as advantage so
as to facilitate their own life on the basis of technology. Anonymity can be predicted, but is
inevitable, i.e. one can predict cybercrimes and its origin but cannot completely stop it. The
major hurdles arise when the cybercriminals cannot be traced and identified, but one knows
that some cybercrime is happening. The techniques that are used to trace and identify the
criminals performing the cybercrimes can also be applied in tracing the individuals those who
are not involved in criminal activities. Innovations are being made in order to stop the
cybercrime activities. This is being done by the Australian police and other departments.

Tracing is once in a while bound to a solitary activity, yet rather a progression of dreary
tasks. It isn't odd if an examiner sends many composed solicitations looking for lawful
authorization from investigators and courts in an examination. To limit the weight,
examination ought to be arranged deliberately and strategically. By and large, basic data can
be given by specialist co-ops, including Internet Service Providers (ISP). Obviously, keeping up
close connections is significant.
Now we start the investigation according to the given rules from suspects which are
given in project.

The pictures which are given in the project depicts that but after investigation they
show that it just looks like that someone want to hack the software and also want to
make the changes in the database of the system. The investigating inspector claims that
someone whose name is written in first picture is Bonnie and Clyde, they are doing the
conversation by sending and receiving the mails to each other.
Determination of characteristics that are often considered as class characteristics
happens in connection to things, for example, shoe prints, tire prints, glove prints, and
device impressions. At the principal dimension of examination, these things can be grouped
and arranged dependent on sort, make, model, size, and example. For instance, if a shoe
print is found at the location of a wrongdoing and is resolved to be a left shoe of a size 9,
Nike brand, Air Jordan model, running sort shoe with a wavy even sole example, these class
qualities all things considered give a depiction of the speculator’s shoe dependent on five
characterized descriptors.

In the next picture which is captured through Encase forensic training software tells the
information about the code page and email type, the code page is 1252 and the email type
is Outlook Express. The message which delivered from Clyde was that I found these the
other day-thought you might like them. In that picture there is also some attachments
which they have shared between each other.
In the next pictures when we conclude all the images we see that there are two identities
which are clearly shows their name and face.
After having the investigation by inspector of investigation, he concludes the results and
report that these all the evidence and suspects are showing some criminal case. And the
case about the cybercrime and forensic software catch it out by Encase software which is
generally highly security wise tight from the higher authority.
There is our need to explain logic in forensic investigation which are these.

Forensic Archeology

Moderately new in the scientific world, forensic archeology also known as criminological
prehistoric studies is the utilization of archeological strategies by specialists to uncover
violations scenes, including bodies and dead bodies. These forensic specialists are prepared
to efficiently test and determine the crimes and the shreds of evidence that are found. They
report the recovery of ancient proofs such as human remains, weapons, and other covered
things, that might be significant to the criminal occasion. Measurable archeologists will
frequently work working together with other legal specialists in Cybercrime proof, physical
coordinating, scientific entomology, and legal deontology in the examination of proof.

The picture in which all the details of sender and receiver of email is mentioned is very
important. The email was sent on 29/10/02 at 5:40:52. The email was sent the address of
Bonnie Parker at the email address bonnie777@hotmail.com and the sender name was
Clyde Barrow and the email address was CBarrow07@hotmail.com here also full path is
given.

Cyber forensic investigators are experts in investigating encrypted data using various types
of software and tools. There are many upcoming techniques that investigators use
depending on the type of cybercrime they are dealing with. The tasks for cyber investigators
include recovering deleted files, cracking passwords, and finding the source of the security
breach. Once collected, the evidence is then stored and translated to make it presentable
before the court of law or for police to further examine.

Many believe that recovering false data is the key objective of cyber forensics. Though the
creation of this science was meant to investigate false data, the enhancement of new
techniques has added a larger scope through cyber forensics. The science of cyber forensics
dates back to the era of floppy discs and since then it has evolved, growing parallel in
complexity with cybercrime.

Role of Cyber Forensics in Crime

The role of cyber forensics in criminal investigations is constantly increasing because of the
skill that is required to retrieve information and use it as evidence. Though this task appears
to be difficult for cyber forensic investigators, this is their expertise. Therefore, the demand
for skilled professional is also growing. In the year 2015, Forbes Magazine declared the
cyber forensic investigation as a number one profession [2]. It is not just a critical position
but the one that supports law enforcement by helping in solving the cases and impacting
the overall efficiency of the team.