IT Summit 2008 Cyber security – An intellectual IT Summit 2008 Cyber security – An intellectual challengechallenge

18 October , New Delhi 18 October , New Delhi

Tracking the cybercriminal Tracking the cybercriminal & collection of legally admissible & collection of legally admissible

evidence.evidence.

KaKarnika Sethrnika Seth

Cyberlaw Expert & PartnerCyberlaw Expert & Partner, ,

Seth AssociatesSeth Associates

© Seth Associates, 2008 All Rights Reserved© Seth Associates, 2008 All Rights Reserved

Introduction to Cyber crimeIntroduction to Cyber crime Computer CrimeComputer Crime, , E-CrimeE-Crime, ,

Hi-Tech CrimeHi-Tech Crime or or Electronic Electronic CrimeCrime is where a is where a computercomputer is is the target of a crime or is the the target of a crime or is the means adopted to commit a means adopted to commit a crime. crime.

Most of these crimes are not Most of these crimes are not new. Criminals simply devise new. Criminals simply devise different ways to undertake different ways to undertake standard criminal activities standard criminal activities such as fraud, theft, blackmail, such as fraud, theft, blackmail, forgery, and embezzlement forgery, and embezzlement using the new medium, often using the new medium, often involving the Internet involving the Internet

Types of Cyber crimesTypes of Cyber crimes Credit card fraudsCredit card frauds Cyber pornography Cyber pornography Sale of illegal articles-narcotics, Sale of illegal articles-narcotics,

weapons, wildlifeweapons, wildlife Online gamblingOnline gambling Intellectual Property crimes- Intellectual Property crimes-

software piracy, copyright software piracy, copyright infringement, trademarks infringement, trademarks violations, theft of computer violations, theft of computer source code source code

Email spoofingEmail spoofing ForgeryForgery DefamationDefamation Cyber stalking (section 509 IPC)Cyber stalking (section 509 IPC) Phising Phising Cyber terrorism Cyber terrorism

Crime against persons

Crime against Government

Crime against property

Cyber crimes

Hacking Information

TheftE-mail

bombingSalami attacks

Denial of Service attacks

Trojan attacks

Web jacking

Combating cyber crimesCombating cyber crimes Technological measures-Technological measures-Public Public

key cryptography, Digital key cryptography, Digital signatures ,Firewalls, honey potssignatures ,Firewalls, honey pots

Cyber investigation-Cyber investigation- Computer Computer forensics is the process of forensics is the process of identifying, preserving, analyzing identifying, preserving, analyzing and presenting digital evidence and presenting digital evidence in a manner that is legally in a manner that is legally acceptable in courts of law.acceptable in courts of law.

These rules of evidence include These rules of evidence include admissibility (in courts), admissibility (in courts), authenticity (relation to incident), authenticity (relation to incident), completeness, reliability and completeness, reliability and believability. believability.

Legal framework-laws & Legal framework-laws & enforcementenforcement

Digital evidenceDigital evidence Digital evidence or electronic evidence is any probative information stored Digital evidence or electronic evidence is any probative information stored

or transmitted in digital form that a party to a court case may use at trial.or transmitted in digital form that a party to a court case may use at trial.

The use of digital evidence has increased in the past few decades as courts The use of digital evidence has increased in the past few decades as courts have allowed the use of e-mails, digital photographs, ATM transaction have allowed the use of e-mails, digital photographs, ATM transaction longs, word processing documents, instant message histories, files saved longs, word processing documents, instant message histories, files saved from accounting programs, spreadsheets, internet browser histories, from accounting programs, spreadsheets, internet browser histories, databases, the contents of computer memory, computer backups, databases, the contents of computer memory, computer backups, computer printouts, global positioning system tracks, logs from a hotel's computer printouts, global positioning system tracks, logs from a hotel's electronic door locks, and digital video or audio fileselectronic door locks, and digital video or audio files..

Tracking the cybercriminalTracking the cybercriminal ‘‘Who is’ database and internet surveillanceWho is’ database and internet surveillance Cyber forensic analysis- Sophisticated tools are available which Cyber forensic analysis- Sophisticated tools are available which

allows us to examine media forallows us to examine media for Deleted FilesDeleted Files Cloaked FilesCloaked Files Slack space filesSlack space files Encrypted FilesEncrypted Files Fragmented files & Fragmented files & Other relevant dataOther relevant data

Digital imaging and analysis of data, pst,log files,Digital imaging and analysis of data, pst,log files, Use of software such as Access Data for analysisUse of software such as Access Data for analysis Court orders – search warrants, call records, user datas from ISPsCourt orders – search warrants, call records, user datas from ISPs

Digital Investigation & Computer Digital Investigation & Computer ForensicsForensics

Attempts to determine:Attempts to determine:

1.1. What happened?What happened?2.2. Who is responsible?Who is responsible?

While most computer crimes are not prosecuted, we While most computer crimes are not prosecuted, we should still consider acceptability in a court of law should still consider acceptability in a court of law as our standard for investigative practice.as our standard for investigative practice.

-- Kruise and Hiese-- Kruise and Hiese

Forensic Investigations are based upon Locard’s Forensic Investigations are based upon Locard’s Exchange PrincipleExchange Principle

ACQUIREACQUIREBit Stream Image CopyBit Stream Image Copy

Original Copy

MD5 Hash Authentication

The industry standard for computer evidence authentication is the publicly available RSA Security MD5 algorithm.

The RSA Security MD5 algorithm creates a numeric representation of the contents of a hard drive and displays it as a 16 character hexadecimal value; ie. a 128 bit checksum.

Each file /disk has a unique MD5 value

Authentication of EvidenceOne of the objectives of Authentication is admissibility of

evidence in court.

Authentication occurs when evidence is rendered legally admissible in court, normally by testimony that is provided by

the finder of the evidence regarding the circumstances under which the evidence was recovered- Section 65B of Indian evidence Act.

Caselaw- Societe Des products Nestle SA v Essar Industries 2006(33) PTC 469

Sources of EvidenceSources of Evidence

Existing FilesExisting Files Deleted FilesDeleted Files LogsLogs Special system files (registry etc.)Special system files (registry etc.) Email archives, printer spoolsEmail archives, printer spools Administrative settingsAdministrative settings Internet HistoryInternet History Chat archivesChat archives Misnamed FilesMisnamed Files Encrypted Files / Password Protected files etc.Encrypted Files / Password Protected files etc.

Locard’s Exchange PrincipleLocard’s Exchange Principle

Anyone, or anything, entering a crime scene takes something of the scene with Anyone, or anything, entering a crime scene takes something of the scene with them, and leaves something behind when they departthem, and leaves something behind when they depart..

VICTIMVICTIM SUSPECTSUSPECT

EVIDENCEEVIDENCE

Cardinal Rules of Computer Cardinal Rules of Computer ForensicsForensics

• NEVER mishandle evidence.

•  NEVER trust the subject operating system

or machine

• NEVER work on the original evidence

• DOCUMENT   EVERYTHING!

(c) 2004 - 2008 Samir K. Datt

(c) 2004 - 2008 Samir K. Datt

Stages in the Digital Investigation of Media

Foundation Futuristic Technologies (P) Ltd.Foundation Futuristic Technologies (P) Ltd.

BB--7B, Devika Tower, 6 Nehru Place, New 7B, Devika Tower, 6 Nehru Place, New DelhiDelhi

Tel. 9811818000, 51617181Tel. 9811818000, 51617181

www.ForensicsGuru.comwww.ForensicsGuru.com

Preparation Search & Seizure

Acquisition & Authentication

Case Storage/ Archival

Analysis/ Reporting

Photograph Site and Layout

Follow Proper Search & Seizure Guidelines

Identify digital media present at the scene

Tag each item of evidence and ensure chain of custody.

Preview media using write blockers or Shadow devices.

Seize &/or Image and authenticate media required for forensic analysis

Digital Investigation Stages

ACTIVITIES & TOOLS

Generate necessary paperwork – warrants etc.

Arrange for necessary trained personnel with the required field equipment. – Tools, Anti-static straps, digital camera, date & time clock etc.

Anticipate and understand the kind of media likely to be encountered

Purchase and Prepare Blank Hard disks for the acquisition process

Arrange and keep necessary Bag & Tag Equipment – Faraday Bags, Labels, Hard Disk Boxes, Cartons, Markers, Chain of Custody Forms etc.

Establish system dates and times.

Use High Speed Acquisition Devices and create Forensic Images of the media.

Authenticate Source Media and Destination Image and ensure both have the same Hash value.

Maintain Chain of Custody

All case Image Files should be stored on Very Large Storage systems with built in redundancy for long term retrieval and storage

Do the analysis, recover deleted files, break passwords of password protected files, uncover Stegnography. Present a report.

Phase 1 Phase 2 Phase 3 Phase 4 Phase 5

DriveWiper Hardware

Forensic Write Blocker Hardware

Shadow Hardware – for in-situ examinations

Disk Imaging Hardware –speeds upto5.5 GB/min

Case Storage & Retrieval Hardware

Evidence Act,1872-Section 65A & 65B-Evidence Relating To Evidence Act,1872-Section 65A & 65B-Evidence Relating To Computer Generated Electronic Records-Computer Generated Electronic Records-

Section-65B:-Section-65B:- (i) The computer from which record is generated was regularly used to (i) The computer from which record is generated was regularly used to

process or store information in respect of activity regularly carried on process or store information in respect of activity regularly carried on by a person having lawful control over the period.by a person having lawful control over the period.

(ii) Information was fed in the computer in ordinary course of (ii) Information was fed in the computer in ordinary course of activities of person having lawful control over computer.activities of person having lawful control over computer.

(iii) Computer was operating properly and not such as to affect the (iii) Computer was operating properly and not such as to affect the electronic record or its accuracyelectronic record or its accuracy

(iv) Information reproduced is such as is fed into computer in (iv) Information reproduced is such as is fed into computer in ordinary course of activityordinary course of activity

Indian CaseIndian CaseState Vs Mohd. AfzalState Vs Mohd. Afzal

(i) The normal rule of leading documentary evidence is the production (i) The normal rule of leading documentary evidence is the production and proof of the original document itself.and proof of the original document itself.

(ii) Secondary evidence of the contents of a document can also be led (ii) Secondary evidence of the contents of a document can also be led under section 65 of the evidence Act. Under sub-clause “d” of section 65, under section 65 of the evidence Act. Under sub-clause “d” of section 65, secondary evidence of the contents of a document can be led when the secondary evidence of the contents of a document can be led when the original is of such a nature as not to be easily movable, computerised original is of such a nature as not to be easily movable, computerised operating systems and support systems in industry cannot be moved to operating systems and support systems in industry cannot be moved to the court.the court.

(iii) The information is stored in these computers on magnetic tapes (iii) The information is stored in these computers on magnetic tapes (hard disc). Electronic record produced therefrom has to be taken in the (hard disc). Electronic record produced therefrom has to be taken in the form of a print out. form of a print out.

Combating Cyber crime-Indian Combating Cyber crime-Indian legal frameworklegal framework

Information Technology Act, 2000-came into force on 17 October Information Technology Act, 2000-came into force on 17 October 20002000

Extends to whole of India and also applies to any offence or Extends to whole of India and also applies to any offence or contravention there under committed outside India by any person contravention there under committed outside India by any person {section 1 (2)} {section 1 (2)}

read with Section 75- Act applies to offence or contravention read with Section 75- Act applies to offence or contravention committed outside Indiacommitted outside India by any person by any person irrespective of his nationality,irrespective of his nationality, if such act involves a computer, computer system or if such act involves a computer, computer system or network network located in Indialocated in India

Section 2 (1) (a) –”Access” means gaining entry into ,instructing or Section 2 (1) (a) –”Access” means gaining entry into ,instructing or communicating with the logical, arithmetic or memory function communicating with the logical, arithmetic or memory function resources of a computer, computer resource or networkresources of a computer, computer resource or network

IT Act confers legal recognition to electronic records and digital IT Act confers legal recognition to electronic records and digital signatures (section 4,5 of the IT Act,2000) signatures (section 4,5 of the IT Act,2000)

Civil Wrongs under IT ActCivil Wrongs under IT Act

Chapter IX of IT Act, Section 43Chapter IX of IT Act, Section 43 Whoever Whoever without permissionwithout permission of owner of the computer of owner of the computer

Secures access (mere U/A access)Secures access (mere U/A access) Not necessarily through a networkNot necessarily through a network

Downloads, copies, extracts any dataDownloads, copies, extracts any data Introduces or causes to be introduced any viruses or Introduces or causes to be introduced any viruses or

contaminantcontaminant Damages or causes to be damaged any computer resourceDamages or causes to be damaged any computer resource

Destroy, alter, delete, add, modify or rearrangeDestroy, alter, delete, add, modify or rearrange Change the format of a fileChange the format of a file

Disrupts or causes disruption of any computer resourceDisrupts or causes disruption of any computer resource Preventing normal continuance ofPreventing normal continuance of

Denies or causes denial of access by any meansDenies or causes denial of access by any means Denial of service attacksDenial of service attacks

Assists any person to do any thing aboveAssists any person to do any thing above Rogue Websites, Search Engines, Insiders providing Rogue Websites, Search Engines, Insiders providing

vulnerabilitiesvulnerabilities Charges the services availed by a person to the Charges the services availed by a person to the

account of another person by tampering or account of another person by tampering or manipulating any computer resourcemanipulating any computer resource Credit card frauds, Internet time theftsCredit card frauds, Internet time thefts

Liable to pay damages not exceeding Rs. One Liable to pay damages not exceeding Rs. One crore to the affected partycrore to the affected party

Investigation byInvestigation by ADJUDICATING OFFICERADJUDICATING OFFICER Powers of a civil courtPowers of a civil court

Section 46 IT ActSection 46 IT Act Section 46Section 46 of the IT Act states that an adjudicating officer shall of the IT Act states that an adjudicating officer shall

be adjudging whether a person has committed a contravention of be adjudging whether a person has committed a contravention of any of the provisions of the said Act, by holding an inquiry. any of the provisions of the said Act, by holding an inquiry. Principles of audi alterum partum and natural justice are enshrined Principles of audi alterum partum and natural justice are enshrined in the said section which stipulates that a reasonable opportunity of in the said section which stipulates that a reasonable opportunity of making a representation shall be granted to the concerned making a representation shall be granted to the concerned person who is alleged to have violated the provisions of the IT person who is alleged to have violated the provisions of the IT Act. The said Act stipulates that the inquiry will be carried out in the Act. The said Act stipulates that the inquiry will be carried out in the manner as prescribed by the Central Governmentmanner as prescribed by the Central Government

All proceedings before him are deemed to be judicial proceedings, All proceedings before him are deemed to be judicial proceedings, every Adjudicating Officer has all powers conferred on civil courtsevery Adjudicating Officer has all powers conferred on civil courts

Appeal to cyber Appellate Tribunal- from decision of Controller, Appeal to cyber Appellate Tribunal- from decision of Controller, Adjudicating Officer {section 57 IT act} Adjudicating Officer {section 57 IT act}

Section 47, IT ActSection 47, IT Act

Section 47Section 47 of the Act lays down that while of the Act lays down that while adjudging the quantum of compensation under adjudging the quantum of compensation under this Act, the adjudicating officer shall have due this Act, the adjudicating officer shall have due regard to the following factors, namely-regard to the following factors, namely-

(a) the amount of gain of unfair advantage, (a) the amount of gain of unfair advantage, wherever quantifiable, made as a result of the wherever quantifiable, made as a result of the default; default;

(b) the amount of loss caused to any (b) the amount of loss caused to any person as a result of the default; person as a result of the default;

(c) the repetitive nature of the default(c) the repetitive nature of the default

Section 65: Source CodeSection 65: Source Code

Most important asset of software companiesMost important asset of software companies ““Computer Source Code" means the listing of Computer Source Code" means the listing of

programmes, computer commands, design and programmes, computer commands, design and layoutlayout

IngredientsIngredients Knowledge or intention Knowledge or intention Concealment, destruction, alterationConcealment, destruction, alteration computer source code required to be kept or computer source code required to be kept or

maintained by lawmaintained by law PunishmentPunishment

imprisonment up to three years and / orimprisonment up to three years and / or fine up to Rs. 2 lakhfine up to Rs. 2 lakh

Section 66: Hacking

• Ingredients– Intention or Knowledge to cause wrongful loss

or damage to the public or any person– Destruction, deletion, alteration, diminishing

value or utility or injuriously affecting information residing in a computer resource

• Punishment– imprisonment up to three years, and / or – fine up to Rs. 2 lakh

• Cognizable, Non Bailable,

25

Section 66 covers data theft aswell as data alterationSection 66 covers data theft aswell as data alteration

Sec. 67. PornographySec. 67. Pornography IngredientsIngredients

Publishing or transmitting or causing to be published Publishing or transmitting or causing to be published in the electronic form, in the electronic form, Obscene materialObscene material

PunishmentPunishment On first convictionOn first conviction

imprisonment of either description up to five years and imprisonment of either description up to five years and fine up to Rs. 1 lakhfine up to Rs. 1 lakh

On subsequent conviction On subsequent conviction imprisonment of either description up to ten years and imprisonment of either description up to ten years and fine up to Rs. 2 lakhfine up to Rs. 2 lakh

Section coversSection covers Internet Service Providers,Internet Service Providers, Search engines, Search engines, Pornographic websitesPornographic websites

Cognizable, Non-Bailable, JMIC/ Court of SessionsCognizable, Non-Bailable, JMIC/ Court of Sessions

Sec 69: Decryption of informationSec 69: Decryption of information IngredientsIngredients

Controller issues order to Government agency to Controller issues order to Government agency to intercept any information transmitted through any intercept any information transmitted through any computer resource. computer resource.

Order is issued in the interest of theOrder is issued in the interest of the sovereignty or integrity of India, sovereignty or integrity of India, the security of the State, the security of the State, friendly relations with foreign States, friendly relations with foreign States, public order or public order or preventing incitement for commission of a cognizable offencepreventing incitement for commission of a cognizable offence

Person in charge of the computer resource fails to Person in charge of the computer resource fails to extend all facilities and technical assistance to extend all facilities and technical assistance to decrypt the information-punishment upto 7 years.decrypt the information-punishment upto 7 years.

Sec 70 Protected SystemSec 70 Protected System IngredientsIngredients

Securing unauthorised access or attempting to secure Securing unauthorised access or attempting to secure unauthorised accessunauthorised access

to ‘protected system’to ‘protected system’ Acts covered by this section:Acts covered by this section:

Switching computer on / off Switching computer on / off Using installed software / hardwareUsing installed software / hardware Installing software / hardwareInstalling software / hardware Port scanningPort scanning

PunishmentPunishment Imprisonment up to 10 years and fineImprisonment up to 10 years and fine

Cognizable, Non-Bailable, Court of SessionsCognizable, Non-Bailable, Court of Sessions

Cyber crimes punishable under Cyber crimes punishable under various Indian lawsvarious Indian laws

Sending pornographic or obscene emails are punishable under Section 67 of the IT Act.

An offence under this section is punishable on first conviction with imprisonment for a term, which may extend to five years and with fine, which may extend to One lakh rupees.

In the event of a second or subsequent conviction the recommended punishment is

imprisonment for a term, which may extend to ten years and also with fine which may extend to Two lakh rupees.

Emails that are defamatory in nature are punishable under Section 500 of the Indian Penal Code (IPC), which prescribes an imprisonment of upto two years or a fine or both.

Threatening emails are punishable under the provisions of the IPC pertaining to criminal intimidation, insult and annoyance (Chapter XXII), extortion (Chapter XVII)

Email spoofingEmail spoofing is covered under provisions of the IPC relating tofraud, cheating by personation (Chapter XVII)- cheating by impersonation forgery (Chapter XVIII)

Arms ActOnline sale of Arms

Sec. 383 IPCWeb-Jacking

NDPS ActOnline sale of Drugs

Sec 416, 417, 463 IPCEmail spoofing

Sec 420 IPCBogus websites, cyber frauds

Sec 463, 470, 471 IPCForgery of electronic records

Sec 499, 500 IPCSending defamatory messages by email

Sec 503 IPC Sending threatening messages by email

Computer Related Crimes under IPC and Special Laws

30

Cognizability and Bailability

• Not mentioned in the Act

– Rely on Part II of Schedule I of CrPC• If punishable with death, imprisonment for life or

imprisonment for more than 7 years: Cognizable, Non-Bailable, Court of Session

• If punishable with imprisonment for 3 years and upwards but not more than 7 years: Cognizable, Non -Bailable, Magistrate of First Class

• If punishable with imprisonment of less than 3 years: Non-Cognizable, Bailable, Any Magistrate (or Controller of CAs)

31

Power of Police to InvestigatePower of Police to Investigate

Section 156 Cr.P.C. : Power to Section 156 Cr.P.C. : Power to investigate cognizable offences. investigate cognizable offences.

Section 155 Cr.P.C. : Power to Section 155 Cr.P.C. : Power to investigate non cognizable offences.investigate non cognizable offences.

Section 91 Cr.P.C. : Summon to Section 91 Cr.P.C. : Summon to produce documents.produce documents.

Section 160 Cr.P.C. : Summon to Section 160 Cr.P.C. : Summon to require attendance of witnesses.require attendance of witnesses.

Power of Police to investigate (contd.)Power of Police to investigate (contd.)

Section 165 Cr.P.C. : Search by police Section 165 Cr.P.C. : Search by police officer.officer.

Section 93 Cr.P.C : General provision as to Section 93 Cr.P.C : General provision as to search warrants.search warrants.

Section 47 Cr.P.C. : Search to arrest the Section 47 Cr.P.C. : Search to arrest the accused.accused.

Section 78 of IT Act, 2000 : Power to Section 78 of IT Act, 2000 : Power to investigate offences-not below rank of DSP.investigate offences-not below rank of DSP.

Section 80 of IT Act, 2000 : Power of police Section 80 of IT Act, 2000 : Power of police officer to enter any public place and search officer to enter any public place and search & arrest.& arrest.

International initiativesInternational initiatives Representatives from the 26 Council of Representatives from the 26 Council of

Europe members, the United States, Europe members, the United States, Canada, Japan and South Africa in Canada, Japan and South Africa in 2001 signed a convention on 2001 signed a convention on cybercrime in efforts to enhance cybercrime in efforts to enhance international cooperation in combating international cooperation in combating computer-based crimes. computer-based crimes.

The The Convention on CybercrimeConvention on Cybercrime, drawn , drawn up by experts of the Council of Europe, up by experts of the Council of Europe, is designed to coordinate these is designed to coordinate these countries' policies and laws on countries' policies and laws on penalties on crimes in cyberspace, penalties on crimes in cyberspace, define the formula guaranteeing the define the formula guaranteeing the efficient operation of the criminal and efficient operation of the criminal and judicial authorities, and establish an judicial authorities, and establish an efficient mechanism for international efficient mechanism for international cooperation. cooperation.

In 1997, The In 1997, The G-8 MinistersG-8 Ministers agreed to agreed to ten "Principles to Combat High-Tech ten "Principles to Combat High-Tech Crime" and an "Action Plan to Combat Crime" and an "Action Plan to Combat High-Tech CrimeHigh-Tech Crime." ."

Main objectives-Main objectives- Create effective cyber crime Create effective cyber crime

laws laws Handle jurisdiction issues Handle jurisdiction issues Cooperate in international Cooperate in international

investigations investigations Develop acceptable practices Develop acceptable practices

for search and seizure for search and seizure Establish effective Establish effective

public/private sector interaction public/private sector interaction

ASLU Survey published in March ASLU Survey published in March 2003-Incidence of Cyber crime in 2003-Incidence of Cyber crime in

IndiaIndia

UNAUTHORISED ACCESS 19%

E-MAIL ABUSE 21%

DATA THEFT 33%

Non Reporting-causesNon Reporting-causes 60% feared negative 60% feared negative

publicitypublicity 23% did not know police 23% did not know police

equipped to handle cyber equipped to handle cyber crimescrimes

9% feared further cyber 9% feared further cyber attacksattacks

8% had no awareness of 8% had no awareness of cyber lawscyber laws

False arrest concernsFalse arrest concerns

Recommended Law Enforcement Recommended Law Enforcement initiatives initiatives

Mumbai Cyber lab is a joint initiative of Mumbai police and Mumbai Cyber lab is a joint initiative of Mumbai police and NASSCOM –more exchange and coordination of this kindNASSCOM –more exchange and coordination of this kind

Suggested amendments to the IT Act,2000-new provisions for child Suggested amendments to the IT Act,2000-new provisions for child pornography, etcpornography, etc

More Public awareness campaignsMore Public awareness campaigns Training of police officers to effectively combat cyber crimesTraining of police officers to effectively combat cyber crimes More Cyber crime police cells set up across the countryMore Cyber crime police cells set up across the country Effective E-surveillance Effective E-surveillance Websites aid in creating awareness and encouraging reporting of Websites aid in creating awareness and encouraging reporting of

cyber crime cases.cyber crime cases. Specialised Training of forensic investigators and experts Specialised Training of forensic investigators and experts Active coordination between police and other law enforcement Active coordination between police and other law enforcement

agencies and authorities is required.agencies and authorities is required.

In case you have any queries …please feel free to write in at In case you have any queries …please feel free to write in at Karnika@sethassociates.comKarnika@sethassociates.com

SETH ASSOCIATESSETH ASSOCIATES ADVOCATES AND LEGAL CONSULTANTSADVOCATES AND LEGAL CONSULTANTS

New Delhi Law OfficeNew Delhi Law Office: C-1/16, Daryaganj, New Delhi-110002, India: C-1/16, Daryaganj, New Delhi-110002, IndiaTel:+91 (11) 55352272, +91 9868119137Tel:+91 (11) 55352272, +91 9868119137

Corporate Law OfficeCorporate Law Office: B-10, Sector 40, NOIDA-201301, N.C.R, India: B-10, Sector 40, NOIDA-201301, N.C.R, IndiaTel: +91 (120) 4352846, +91 9810155766Tel: +91 (120) 4352846, +91 9810155766

Fax: +91 (120) 4331304Fax: +91 (120) 4331304E-mail: mail@sethassociates.com www.sethassociates.comE-mail: mail@sethassociates.com www.sethassociates.com